[openid-specs-rande] SAML to OIDC mapping specification
Etienne Dysli Metref
etienne.dysli-metref at switch.ch
Thu Mar 11 12:28:42 UTC 2021
On 11.03.21 11:17, Paul Millar wrote:
>> I fully agree with Niels. We should absolutely not allow both in one
>> spec. It will be confusing, expensive to maintain and expensive on a
>> performance level.
>
> Another aspect (hinted at by Niels) is that this would allow a token to
> have inconsistent information. If the same assertion appears twice (as
> camelCase and as snake_case), the values could be different. The
> behaviour, under such circumstances, could be undefined and therefore
> implementation-specific.
Good point! A specification that leaves the door open to such undefined
behaviour would be bad.
I agree with Niels and Mischa that having an unclear specification is
undesirable. However, the performance argument is bogus until someone
provides actual data.
Etienne
-------------- next part --------------
A non-text attachment was scrubbed...
Name: OpenPGP_signature
Type: application/pgp-signature
Size: 840 bytes
Desc: OpenPGP digital signature
URL: <http://lists.openid.net/pipermail/openid-specs-rande/attachments/20210311/65f0dbcd/attachment.asc>
More information about the openid-specs-rande
mailing list