Create an IANA registry for parameters at the Client-Initiated Backchannel Authentication endpoint?
Issue #209
new
There isn’t currently an IANA registry for CIBA endpoint parameters like binding_message etc.
As we have people registering new parameters into that namespace there perhaps should be?
e.g. https://www.ietf.org/archive/id/draft-ietf-oauth-rar-12.html#name-authorization-request
and probably in the future: https://bitbucket.org/openid/ekyc-ida/issues/1321/use-of-ekyc-ida-spec-with-ciba-fapi-ciba
Comments (7)
-
-
Only an RFC can create an IANA registry. There’s precedent for creating an RFC for creating registries for non-IETF working groups, such as https://www.rfc-editor.org/rfc/rfc8809.html. That said, there’s also plenty of extensible fields defined by OpenID specs, such as
subject_types_supported, for which there is no registry. New values would simply be defined by new specifications. And that can be OK too.I’d be glad to discuss this further.
-
-
assigned issue to
Bjorn Hjelm
-
assigned issue to
-
I’ll work on an RFC draft together with @Joseph Heenan using RFC 8809 as a template. If there’re additional RFC examples, that would be appreciated.
-
What is the concrete example of the extension parameters?
-
reporter
Hi Nat
From memory, we have RAR which defines the
authorization_detailsparameter for the CIBA endpoint, and there is a proposal somewhere to create a new spec that essentially imports theclaimsparameter from OIDC into CIBAHaving a central list of the CIBA parameters hence seemed sensible, but if you have other suggestions please do share them.
-
reporter
We also have the ekyc-ida spec that may/should/will define the
verified_claimsparameter for the CIBA endpoint. - Log in to comment
AFAIK an IANA registry isn’t something OIDF can do. So this might not be exactly simple to accomplish. Mike has some experience with this around the OP/AS metadata registry.