[openid-specs-rande] today's meeting notes
Roland Hedberg
roland at catalogix.se
Sat Mar 30 07:53:01 UTC 2019
Hi Paul,
> On 29 Mar 2019, at 10:09, Paul Millar <paul.millar at desy.de> wrote:
>
>
> <sub> is an opaque token, while (IIRC) <iss> is always going to be a URI. Therefore one scheme would be:
>
> <iss> <URI-unsafe-character> <sub>.
>
> since it is guaranteed that a valid URI will not contain any URI-unsafe-characters:
>
> " < > # % { } | \ ^ ~ [ ] `
>
> Of these, the pipe symbol '|' is perhaps the most aesthetically appropriate, since it is symmetric:
>
> <iss> '|' <sub>
This is good thinking. I like it !
> An alternative would be to use one of the brackets (<>, {} and []). As a comparison, XML namespaces are written in square brackets by some java libraries.
>
> For example:
>
> <d:dCache xmlns:d="http://dcache.org/2018/01/>
>
> would be written as:
>
> "[http://dcache.org/2018/01]dCache"
>
> In the OIDC case, this would be written as:
>
> [<iss>]<sub>
Also a possibility.
>
>> yesterday during our AARC meeting I wondered whether we can't just use a
>> JSON (either as JSONObject with the claim names, or as JSONArray). It's
>> not that much longer and clearly defined: by definition it must be
>> expressible as such.
>
> While certainly an option, it seems an inelegant solution to me:
>
> 1. it does make the identifier longer than necessary,
>
> 2. certain characters would need to be escaped -- reading
> the identifier becomes (in some cases) non-trivial
>
> 3. it risks "feature creep" where more metadata is injected
> into what is meant to be a simple identifier.
>
> Anyway, just my 2c worth!
>
> Cheers,
> Paul.
> --
> openid-specs-rande mailing list
> openid-specs-rande at lists.openid.net
> http://lists.openid.net/mailman/listinfo/openid-specs-rande
— Roland
It is curious that physical courage should be so common in the world, and moral courage so rare. -Mark Twain, author and humorist (30 Nov 1835-1910)
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-rande/attachments/20190330/8c9bcd91/attachment.html>
More information about the openid-specs-rande
mailing list