[Openid-specs-risc] openid/sharedsignals: New Issue opened
github at oidf.org
github at oidf.org
Wed Dec 10 07:35:50 UTC 2025
openid/sharedsignals event
Issue opened
Issue Title: Clarification for subject matching criteria
https://github.com/openid/sharedsignals/issues/312
The Subject Matching criteria states that for Complex Subjects, two subjects match if, for all fields in the Complex Subject (i.e. user, group, device, etc.), at least one of the following statements is true: 1. Subject 1's field is not defined 2. Subject 2's field is not defined 3. Subject 1's field is identical to Subject 2's field Given this example: ``` Subject 1: { "format": "complex", "user": { "format": "email", "email": "bar at example.com" }, "tenant": { "format": "iss_sub", "iss": "https://example.com/idp1", "sub": "1234" } } Subject 2: { "format": "complex", "group": { "format": "did", "url": "did:example:123456" } } ``` 1. The "user" field statement 2 is true 2. The "tenant" field statement 2 is true 3. The "group" field statement 1 is true This would lead to a match. We should consider requiring at least 1 field to be identical in subject 1 and 2 (i.e. statement 3 must be true for at least 1 field).
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-risc/attachments/20251210/4e647001/attachment.htm>
More information about the Openid-specs-risc
mailing list