[openid-specs-rande] RAF expression in OIDC
Marcus Hardt
hardt at kit.edu
Tue Aug 27 12:09:48 UTC 2019
Hi There,
we have a use case for using the Information of the REFEDS Assurance
Framework (RAF)[1] via OIDC.
I.e. my home IdP issues me
- https://refeds.org/assurance/ATP/ePA-1d
- https://refeds.org/assurance/ATP/ePA-1m
- https://refeds.org/assurance/IAP/local-enterprise
- https://refeds.org/assurance/IAP/low
- https://refeds.org/assurance/IAP/medium
- https://refeds.org/assurance/ID/eppn-unique-no-reassign
- https://refeds.org/assurance/ID/unique
- https://refeds.org/profile/cappuccino
Question is how to get these into "OIDC"?
Now, there is already some work done in the OIDCRE[2] group, that
resulted in this[3] google doc.
[1]https://wiki.refeds.org/display/ASS/REFEDS+Assurance+Framework+ver+1.0
[2]https://wiki.refeds.org/display/GROUPS/OIDCre
[3]https://docs.google.com/document/d/1b-Mlet3Lq7qKLEf1BnHJ4nL1fq-vMe7fzpXyrq2wp08/edit
Two probelms kept us from putting this information (as a list) into
eduperson_assurance:
1: Singlevaluedness (I'm not sure about this being so, but I was told)
2: ID Token: Assurance might rather belong into the ID Token (while from
the research background we tend to put all into the userinfo endpoint.
Basically, I'm writing to find updated information, or to find a way to
close this item.
Cheers,
--
Marcus.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4805 bytes
Desc: not available
URL: <http://lists.openid.net/pipermail/openid-specs-rande/attachments/20190827/b53730b8/attachment.p7s>
More information about the openid-specs-rande
mailing list