[openid-specs-rande] SAML to OIDC mapping specification
Alan Buxey
alan.buxey at myunidays.com
Tue Mar 9 09:17:27 UTC 2021
hi,
> This kind of complexity can confuse deployers. Moreover, it was based on
> a misunderstanding of the OIDC specification.
>
> Let's face it: no reason will be good enough to make people change if
> they don't want to. ;P
there is prior art here - eg
https://github.com/IdentityServer/IdentityServer3/blob/master/source/Core/Constants.cs#L438
attribute names come through as snake_case from the JWT token in json.
dont forget, OpenID
is OpenID,
also, as a case example: in the UK, the National Health Service (NHS)
when migrating to SAML moved their CamelCase
attributes to the lower case (often underscore separated) values
https://developer.nhs.uk/apis/spine-core/legacy_authorisation.html
https://digital.nhs.uk/services/nhs-identity/guidance-for-developers/detailed-guidance/scopes-and-claims
we shouldn't just go barging into OpenID with 'our way' - there are
probably considered reasons why
certain things have been undertaken - e.g. JSON is case sensitive
> Davide, I propose that the working group votes on camelCase versus
> snake_case claim names format to settle the question. Then we can move on.
I agree - with the obvious proviso that we may all agree on something
incorrect ;-)
regards,
alan
More information about the openid-specs-rande
mailing list