[openid-specs-rande] SAML to OIDC mapping specification

Mischa Salle msalle at nikhef.nl
Wed Mar 10 13:10:24 UTC 2021 

Hi all,

On Wed, Mar 10, 2021 at 01:50:32PM +0100, Niels van Dijk wrote:
> Hi,
> 
> On 10-03-2021 13:29, Etienne Dysli Metref wrote:
> > On 09.03.21 13:07, Ivan Kanakarakis wrote:
> > > I can understand how it is nicer to have a single set of claims, but ..
> > > if there is no reason to define one form and not the other,
> > > and the choice is purely aesthetics or convention,
> > > then why don't we define both forms as equivalent (aliases)
> > > and thus support the current behaviour of all systems?
> > Absolutely! :D This gives every side their favourite naming convention.
> > The specification may become a bit bloated, but I think this would be a
> > cheap price to pay for this.
> 
> I totally dissagree: we will pay dearly for having an ambiguous
> specification and will pay the price in support cost, additional complexity,
> implementors making errors, etc.  Also we will have double work each time we
> want to make a change to the spec. Are we next going to overload all our
> scopes as well?
> A specification should be clear, unambiguous and concise. In this case there
> is no technical need for duplication of claim names, as they serve the exact
> same use case. whatever 1 format we pick it will do the job. This is
> unneeded complexity, which once introduced will take a decade to get rid of
> again, see our may mistakes in SAML.

I fully agree with Niels. We should absolutely not allow both in one
spec. It will be confusing, expensive to maintain and expensive on a
performance level.

Cheers,
Mischa

-- 
Nikhef                      Room  H155
Science Park 105            Tel.  +31-20-592 5102
1098 XG Amsterdam           Fax   +31-20-592 5155
The Netherlands             Email msalle at nikhef.nl
  __ .. ... _._. .... ._  ... ._ ._.. ._.. .._..
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 3402 bytes
Desc: not available
URL: <http://lists.openid.net/pipermail/openid-specs-rande/attachments/20210310/36820abd/attachment-0001.bin>

More information about the openid-specs-rande mailing list