[Openid-specs-fapi] Issue #249: certification clarification request: acr_values_supported in discovery (openid/fapi)

josephheenan issues-reply at bitbucket.org
Thu Jul 18 09:51:51 UTC 2019


New issue 249: certification clarification request: acr_values_supported in discovery
https://bitbucket.org/openid/fapi/issues/249/certification-clarification-request

Joseph Heenan:

Can the FAPI WG  provide clarity on their understanding of the discovery spec please, in particular from [https://openid.net/specs/openid-connect-discovery-1\_0.html#ProviderMetadata](https://openid.net/specs/openid-connect-discovery-1_0.html#ProviderMetadata) acr\_values\_supported is defined as:

> OPTIONAL. JSON array containing a list of the Authentication Context Class References that this OP supports.

  
  
Is the correct interpretation of this:

1. It is entirely at the whim of the OP what they do/don’t enter here, regardless of what they do/don’t support
2. The value is completely optional, but if present must contain all the acr values that can be requested/returned by the server
3. The value is completely optional, and if present may or may not contain all the relevant acr values
4. The value is mandatory if the server supports acr claims and must contain all the acr values that can be requested/returned by the server
5. The value is mandatory if the server supports acr claims, but may or may not contain all the relevant acr values

‌

\(If the answer is one of the less stringent options, I guess the WG may wish to consider tightening this up in the FAPI spec.\)




More information about the Openid-specs-fapi mailing list