Common UserInfo "verified_claims" claim?
Issue #809
wontfix
Hi guys,
The other day I went to my bank to have my electronic signature updated and realised that the concept of verification can actually apply to other claims such as name and date of birth (not just email and phone numbers). Specifying an additional "x_verified" for each claim that can be potentially verified however seems too much.
How about defining a single common claim, represented by a JSON array of strings, to list all claim names, of those returned with the UserInfo, that the IdP wishes to mark as verified? This claim could be called "verified_claims".
For instance, if the email and phone number returned with the UserInfo have been verified:
"verified_claims" : [ "email", "phone_number" ]
Or names and address:
"verified_claims" : [ "name", "given_name", "middle_name", "family_name", "address"]
If none of the returned claims are verified, the array could be empty or entirely omitted:
"verified_claims" : [ ]
This mechanism for indicating verified claims could potentially be used for custom (outside the std. schema) claims as well:
"verified_claims" : ["x-custom", "y-custom", "z-custom"]
Comments (3)
-
-
s/decided/agreed/.
We need input from other people on this issue. If people agrees, we can close this issue.
-
- changed status to wontfix
Closed, per conversation with Vladimir.
- Log in to comment
Those on the 14-Mar-13 call decided that this is more general than we want to define in the base claim set. Whereas, a trust framework extension could do something like this, if appropriate.