On Fri, May 31, 2019 at 7:58 AM Johann Nallathamby <joh...@wso2.com> wrote:
> *Problem* > > When we federate to other OpenID Connect Providers, we can send scope > values. However, currently the scope values are fixed per OP we define in > IS. This works fine if the service provider is not a OpenID Connect RP or > an RP not requesting scopes. If we are to support different scope > combinations that can be requested by different RPs, it is not scalable to > define individual OP configurations for each scope combination. > > *Solution* > > We must support scope mappings, so that we can map a set of scopes > requested by the RP to another set of scopes supported by the OP. This way > we don't need to create multiple OP configurations to support different > scope combinations requested by different RPs. > > What are your thoughts on this? > I am just wondering why does RP need to send different scopes to federated IDP ? Is it just to retrieve different attributes from id_token or userinfo attributes based on RP ? If it is not, is there any other use cases ? Thanks, Asela. > > Thanks & Regards, > Johann. > > -- > *Johann Dilantha Nallathamby* | Associate Director/Solutions Architect | > WSO2 Inc. > (m) +94 (77) 7776950 | (w) +94 (11) 2145345 | (e) joh...@wso2.com > [image: Signature.jpg] > -- Thanks & Regards, Asela Mobile : +94 777 625 933 http://soasecurity.org/ http://xacmlinfo.org/
_______________________________________________ Architecture mailing list Architecture@wso2.org https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture
