[openid-specs-rande] today's meeting notes
Mischa Salle
msalle at nikhef.nl
Tue Mar 12 10:30:58 UTC 2019
On Mon, Mar 11, 2019 at 05:59:56PM +0100, Davide Vaghetti wrote:
> Hi,
>
> here are the meeting notes of today's call:
>
> https://github.com/daserzw/oidc-edu-wg/blob/master/meeting_notes.md
Hi all,
a few small remarks (apologies for yesterday, I was multitasking a bit
too much, trying to fix a very annoying bug):
- probably good to include links to each least the two AARC docs about
groups and capabilities G002 and G027, but probably also the new I047
which was one I was thinking about yesterday but couldn't remember the
number. The PDP probably doesn't have a place yet, the old google doc is
https://docs.google.com/document/d/18Me5b63R7GKb_1gDfYH02l2sXr3mCIg_suPRw86Ye7I/edit#
- The proper link for the whitepaper is probably (currently) the PDF
attached to
https://wiki.refeds.org/display/CON/Consultation%3A+SAML2+and+OIDC+Mappings
- I think we should keep open for now whether or not we want to register
claims. Let's first come up with the specification, then see if it's
close enough to an RFC (which is the stumbling block for getting them
in the register).
- related to the different scopes vs. claims discussions going on
currently:
- scitokens uses very much the scopes approach, see e.g.
https://scitokens.org/technical_docs/Claims
and uses a scope-per-claim to prevent the lack of support for the
optional 'claims request'
- Hans Zandbelt (I asked him at TIIME about support for the 'claims'
request) is of the opinion that it's better to have the OP decide
which claims to release for which protected endpoint/client
combinatios than to have the client request which claims it wants.
I don't think we can always do this, but it is an interesting
point, in particular in AARC BPA context, where we have an
omniscient proxy. We might be able to prevent a lot of tricky
situations...
- +1 indeed for the authority for claims discussion on A/B connect.
- The main reason people want to have 'self-contained' tokens instead of
using a userinfo or introspection endpoint is performance.
Cheers,
Mischa
--
Nikhef Room H155
Science Park 105 Tel. +31-20-592 5102
1098 XG Amsterdam Fax +31-20-592 5155
The Netherlands Email msalle at nikhef.nl
__ .. ... _._. .... ._ ... ._ ._.. ._.. .._..
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: not available
URL: <http://lists.openid.net/pipermail/openid-specs-rande/attachments/20190312/1fef9f66/attachment.asc>
More information about the openid-specs-rande
mailing list