<html><head><meta http-equiv="Content-Type" content="text/html; charset=utf-8"></head><body style="word-wrap: break-word; -webkit-nbsp-mode: space; line-break: after-white-space;" class=""><div class="">Hi Mischa,</div><div class=""><br class=""></div><div class="">I think that why the discuss started on not relying on using the claims parameter was that some</div><div class="">implementations (most notably PingFederate) didn’t support it.</div><div class=""><br class=""></div><div class="">Now, it turns out that we are not the only community that are looking at claims to solve a problem.</div><div class="">Which will hopefully make implementers take note and actually support it.<br class=""><div><br class=""></div><div>Using scope to solve the dataminimalization problem has always been a kludge.</div><div><br class=""><blockquote type="cite" class=""><div class="">On 20 May 2019, at 20:39, Mischa Salle <<a href="mailto:msalle@nikhef.nl" class="">msalle@nikhef.nl</a>> wrote:</div><br class="Apple-interchange-newline"><div class=""><div class="">Hi all,<br class=""><br class="">after reading Torsten's very nice blogpost [1], and Nat Sakimura's<br class="">answer [2], (thanks to Jim Basney for pointing it out on the<br class=""><a href="mailto:discuss@scitokens.org" class="">discuss@scitokens.org</a> mailing list [3]) I started wondering why we<br class="">actually are not using the claims request [4].<br class="">The reason we started using 'scopes per claim' is because of a lack of<br class="">support for the 'claims parameter', which is optional in the spec,<br class="">unlike the 'scope' parameter which is always supported. But now we've<br class="">gotten to the point where we need to put structure in the scopes, things<br class="">like "read:/foo" and the like, but using that would *also* require<br class="">support for non-standard things in client- and server software...?<br class="">So, am I missing something or have we just made a nice circle?<br class=""><br class=""> Best wishes,<br class=""> Mischa<br class=""><br class=""><br class="">[1] <a href="https://medium.com/oauth-2/transaction-authorization-or-why-we-need-to-re-think-oauth-scopes-2326e2038948" class="">https://medium.com/oauth-2/transaction-authorization-or-why-we-need-to-re-think-oauth-scopes-2326e2038948</a><br class="">[2] <a href="https://nat.sakimura.org/2019/05/12/comments-back-to-transaction-authorization-or-why-we-need-to-re-think-oauth-scopes-by-torsten/" class="">https://nat.sakimura.org/2019/05/12/comments-back-to-transaction-authorization-or-why-we-need-to-re-think-oauth-scopes-by-torsten/</a><br class="">[3] <a href="https://groups.google.com/a/scitokens.org/forum/#!topic/discuss/bpshiUuqRtg" class="">https://groups.google.com/a/scitokens.org/forum/#!topic/discuss/bpshiUuqRtg</a><br class="">[4] <a href="https://openid.net/specs/openid-connect-core-1_0.html#ClaimsParameter" class="">https://openid.net/specs/openid-connect-core-1_0.html#ClaimsParameter</a><br class=""><br class="">-- <br class="">Nikhef Room H155<br class="">Science Park 105 Tel. +31-20-592 5102<br class="">1098 XG Amsterdam Fax +31-20-592 5155<br class="">The Netherlands <a href="mailto:msalle@nikhef.nl" class="">Email msalle@nikhef.nl</a><br class=""> __ .. ... _._. .... ._ ... ._ ._.. ._.. .._..<br class="">-- <br class="">openid-specs-rande mailing list<br class=""><a href="mailto:openid-specs-rande@lists.openid.net" class="">openid-specs-rande@lists.openid.net</a><br class="">http://lists.openid.net/mailman/listinfo/openid-specs-rande<br class=""></div></div></blockquote></div><br class=""><div class="">
<div style="caret-color: rgb(0, 0, 0); color: rgb(0, 0, 0); font-family: Helvetica; font-size: 12px; font-style: normal; font-variant-caps: normal; font-weight: normal; letter-spacing: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px; -webkit-text-size-adjust: auto; -webkit-text-stroke-width: 0px; text-decoration: none;">— Roland</div><div style="caret-color: rgb(0, 0, 0); color: rgb(0, 0, 0); font-family: Helvetica; font-size: 12px; font-style: normal; font-variant-caps: normal; font-weight: normal; letter-spacing: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px; -webkit-text-size-adjust: auto; -webkit-text-stroke-width: 0px; text-decoration: none;">Scratch a pessimist and you find often a defender of privilege. -William Beveridge, economist and reformer (5 Mar 1879-1963) </div>
</div>
<br class=""></div></body></html>