[Openid-specs-risc] Summary of changes to RISC Profile

[Atul Tulshibagwale]

Hi all,
Just summarizing the changes I'm making to the RISC specs:

*Open ID RISC Profile*:

   1. ID Token subject identifiers to include references to specific tokens
   (section 2.1.4)
   2. Subject identifiers to include SAML assertion id as a subject
   identifier type (new section after 2.1.4)
   3. Receiver configuration to be added to the spec: Needed for implicit
   subject identification (new section after 3.)
      1. Receiver's "audience" specification
         1. Receiver's OIDC ID Token audience or
         2. Receiver's audience URI for SAML assertion conditions.
      2. Receiver's "locus of interest": Subjects that the receiver is
      implicitly interested in receiving updates about, specified with
reference
      to the audience.
      3. Blacklist URL of users who have opted out of updates.
   4. Recommended Actions (section 4.1.2) as described in Jordan's proposal

*RISC Event Types*:

   1. Additional Event Types (section 2.) to be sourced from here
   <https://docs.google.com/spreadsheets/d/1GUrWQOyp3hz6KJ7rRDnuB0PrsgAqkKNeX85wQSkrzPA/edit?usp=sharing>
   .

We can discuss this in tomorrow's call.

Thanks,
Atul
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-risc/attachments/20200511/99bfb401/attachment.html>