openid / connect / issues / #1142 - Drop claims short cut — Bitbucket

Issue #1142 closed

Torsten Lodderstedt created an issue 2019-12-17

the spec currently allows to use short cuts for defining the claims to be attested in the verified_claims structure

“Note: A claims sub-element with value null is interpreted as a request for all possible Claims. An example is shown in the following …”

Feedback indicates this leads to ambiguity and does not foster privacy preserving behaviour of RPs

I suggest to drop the short cut.

Comments (5)

Takahiko Kawasaki
Do you mean that the mechanism to request all possible claims should be removed?
- 2019-12-17T09:28:04+00:00
Torsten Lodderstedt reporter
yes. I think the RP should be explicit about the claims it wants to obtain.
- 2019-12-17T09:40:40+00:00
Takahiko Kawasaki
Then, still, behaviors for the cases of "claims":null and ”claims”:{} need to be described explicitly. Please keep my feedback made during the public review period ( Issue 1110 ) in mind this time. (I’ve already implemented special parsing for the current rules, though.)
- 2019-12-17T10:20:19+00:00
Torsten Lodderstedt reporter
if "claims":null is no longer valid, what do you expect the spec to define?
- 2019-12-17T12:28:09+00:00
Torsten Lodderstedt reporter
- changed status to closed
transferred to https://bitbucket.org/openid/ekyc-ida/issues/1142/drop-claims-short-cut
- 2019-12-27T11:14:29+00:00
Log in to comment

Assignee: –

Type: bug

Priority: major

Status: closed

Component: Assurance

Milestone: –

Version: –

Votes: 0

Watchers: 0

Jira: the preferred issue tracker for Bitbucket. Join the team!