[openid-specs-rande] SAML to OIDC mapping specification
Niels van Dijk
niels.vandijk at surf.nl
Wed Mar 10 12:50:32 UTC 2021
Hi,
On 10-03-2021 13:29, Etienne Dysli Metref wrote:
> On 09.03.21 13:07, Ivan Kanakarakis wrote:
>> I can understand how it is nicer to have a single set of claims, but ..
>> if there is no reason to define one form and not the other,
>> and the choice is purely aesthetics or convention,
>> then why don't we define both forms as equivalent (aliases)
>> and thus support the current behaviour of all systems?
> Absolutely! :D This gives every side their favourite naming convention.
> The specification may become a bit bloated, but I think this would be a
> cheap price to pay for this.
I totally dissagree: we will pay dearly for having an ambiguous
specification and will pay the price in support cost, additional
complexity, implementors making errors, etc. Also we will have double
work each time we want to make a change to the spec. Are we next going
to overload all our scopes as well?
A specification should be clear, unambiguous and concise. In this case
there is no technical need for duplication of claim names, as they serve
the exact same use case. whatever 1 format we pick it will do the job.
This is unneeded complexity, which once introduced will take a decade to
get rid of again, see our may mistakes in SAML.
Niels
More information about the openid-specs-rande
mailing list