[openid-specs-rande] SAML to OIDC mapping specification
Mischa Salle
msalle at nikhef.nl
Wed Mar 10 13:15:50 UTC 2021
On Wed, Mar 10, 2021 at 01:29:28PM +0100, Etienne Dysli Metref wrote:
> On 09.03.21 13:07, Ivan Kanakarakis wrote:
> > I can understand how it is nicer to have a single set of claims, but ..
> > if there is no reason to define one form and not the other,
> > and the choice is purely aesthetics or convention,
> > then why don't we define both forms as equivalent (aliases)
> > and thus support the current behaviour of all systems?
>
> Absolutely! :D This gives every side their favourite naming convention.
> The specification may become a bit bloated, but I think this would be a
> cheap price to pay for this.
in addition to my response to Niels, this puts a needless load on the
clients to be able to consume both type of claims and translate them.
> > Some systems will release snake_case, some CamelCase, and some a mix.
> > Internally the systems should change to map the form they already
> > process (which should be trivial).
>
> I confirm it's trivial to release both with a Shibboleth IdP and its
> OIDC extension.
but what is the point if every IdP in the world produces all information
doubly?! That's just a waste of bandwidth and compute power. And if not
all IdPs do that, then every SP will need to be able to consume both and
be able to translate them.
Cheers,
Mischa
--
Nikhef Room H155
Science Park 105 Tel. +31-20-592 5102
1098 XG Amsterdam Fax +31-20-592 5155
The Netherlands Email msalle at nikhef.nl
__ .. ... _._. .... ._ ... ._ ._.. ._.. .._..
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: Digital signature
URL: <http://lists.openid.net/pipermail/openid-specs-rande/attachments/20210310/05bb3318/attachment.asc>
More information about the openid-specs-rande
mailing list