Drop claims short cut
the spec currently allows to use short cuts for defining the claims to be attested in the verified_claims structure
“Note: A claims sub-element with value null is interpreted as a request for all possible Claims. An example is shown in the following …”
Feedback indicates this leads to ambiguity and does not foster privacy preserving behaviour of RPs
I suggest to drop the short cut.
Comments (8)
-
-
reporter yes. I think the RP should be explicit about the claims it wants to obtain.
-
Then, still, behaviors for the cases of
"claims":null
and”claims”:{}
need to be described explicitly. Please keep my feedback made during the public review period ( Issue 1110 ) in mind this time. (I’ve already implemented special parsing for the current rules, though.) -
reporter if
"claims":null
is no longer valid, what do you expect the spec to define? -
I would support the removal, stumbled across this while reading the spec (Privacy by Design). This is not possible in the core spec either, why should it be supported here.
-
reporter - changed status to open
-
reporter - changed status to new
-
reporter - changed status to resolved
merged PR
- Log in to comment
Do you mean that the mechanism to request all possible claims should be removed?