openid / ekyc-ida / issues / #1142 - Drop claims short cut — Bitbucket

Issue #1142 resolved

Torsten Lodderstedt created an issue 2019-12-17

the spec currently allows to use short cuts for defining the claims to be attested in the verified_claims structure

“Note: A claims sub-element with value null is interpreted as a request for all possible Claims. An example is shown in the following …”

Feedback indicates this leads to ambiguity and does not foster privacy preserving behaviour of RPs

I suggest to drop the short cut.

Comments (8)

Takahiko Kawasaki
Do you mean that the mechanism to request all possible claims should be removed?
- 2019-12-17T09:28:04+00:00
Torsten Lodderstedt reporter
yes. I think the RP should be explicit about the claims it wants to obtain.
- 2019-12-17T09:40:40+00:00
Takahiko Kawasaki
Then, still, behaviors for the cases of "claims":null and ”claims”:{} need to be described explicitly. Please keep my feedback made during the public review period ( Issue 1110 ) in mind this time. (I’ve already implemented special parsing for the current rules, though.)
- 2019-12-17T10:20:19+00:00
Torsten Lodderstedt reporter
if "claims":null is no longer valid, what do you expect the spec to define?
- 2019-12-17T12:28:09+00:00
Achim Schlosser
I would support the removal, stumbled across this while reading the spec (Privacy by Design). This is not possible in the core spec either, why should it be supported here.
- 2020-01-15T15:35:44+00:00
Torsten Lodderstedt reporter
- changed status to open
- 2020-01-25T11:56:12+00:00
Torsten Lodderstedt reporter
- changed status to new
- 2020-01-26T03:18:00+00:00
Torsten Lodderstedt reporter
- changed status to resolved
merged PR
- 2020-02-13T16:20:31+00:00
Log in to comment

Assignee: –

Type: bug

Priority: major

Status: resolved

Component: Assurance

Milestone: –

Votes: 0

Watchers: 1

Jira: the preferred issue tracker for Bitbucket. Join the team!