[Openid-specs-fastfed] Multi subject discuss?
Phil Hunt
phil.hunt at oracle.com
Tue Dec 12 17:17:06 UTC 2017
Apologies this was sent to the wrong group
Phil
> On Dec 12, 2017, at 9:04 AM, Phil Hunt <phil.hunt at oracle.com> wrote:
>
> It has been raised by marius on the secevents list that multi subjects in risc sets is a requirement which has not been discussed here.
>
> As we have not discussed this, I propose we do so.
>
> I have grave concerns about possible privacy implications particular if third party security providers are involved.
>
> I believe for any stream, transmitters and receivers must negotiate a single subject identifier to use. This can become a requirement for config eg as an extension to stream config
>
> Ps i also support single profile option in stream config per discussion with annabelle.
>
> I also support a standard subject claim but because of issues like multi subject, i do not support it being part of the main set draft.
>
> I think standard subject is also useful for access tokens/id tokens and may pave the way for single subject sets in risc.
>
> Best,
>
> Phil
More information about the Openid-specs-fastfed
mailing list