On 30/12/2012 00:28, Anthony Nadalin wrote:
By definition a claim is always in doubt thus it would not call it a credential
until it is verified
No this is not correct, since you can have valid and invalid
credentials. You present your credentials to the RP, and the RP verifies
them based on the proof they contain.
If you present a claim without any proof then it is not a credential and
it cannot be verified (since it contains no proof) without the RP
obtaining some proof information from elsewhere (such as showing it to
the issuer and asking them if it is genuine or not).
So I would say that in Oauth you can present a claim or a credential.
regards
David
-----Original Message-----
From: [email protected] [mailto:[email protected]] On Behalf Of David
Chadwick
Sent: Saturday, December 29, 2012 1:42 AM
To: Mike Jones
Cc: IETF oauth WG
Subject: Re: [OAUTH-WG] review: draft-ietf-oauth-json-web-token-05
If a claim provides proof then I would call it a credential not a claim
David
On 29/12/2012 01:11, Mike Jones wrote:
I found the X.1252 definition. It is:
*6.18 claim *[b-OED]: To state as being the case, without being able
to give proof.
That seems both a bit vague, and actually incorrect, as the JWT may
include proof of the veracity of the claim. Please see the updated
JWT draft for a hopefully more useful “Claim” definition.
Best
wishes,
-- Mike
*From:*Mike Jones
*Sent:* Sunday, December 23, 2012 1:03 PM
*To:* Jeff Hodges; Nat Sakimura
*Cc:* IETF oauth WG
*Subject:* RE: [OAUTH-WG] review: draft-ietf-oauth-json-web-token-05
What is the X.1252 definition?
-- Mike
*From:* Nat Sakimura
*Sent:* December 23, 2012 10:09 AM
*To:* =JeffH
*CC:* Mike Jones, IETF oauth WG
*Subject:* Re: [OAUTH-WG] review: draft-ietf-oauth-json-web-token-05
Re definition of 'claim', as JWT is supposed to be generic, it may be
better to go with the definition of X.1252 rather than OIDC.
=nat via iPhone
Dec 24, 2012 2:42、=JeffH <[email protected]
<mailto:[email protected]>> のメッセージ:
Thanks for the replies, Jeff. They make sense. Particularly,
thanks for the "JSON Text Object" suggestion.
welcome, glad they made some sense.
similarly, if one employs JSON arrays, I'd define a "JSON text array".
For the "claims" definition, I'm actually prone to go with
definitions based on those in
http://openid.net/specs/openid-connect-messages-1_0-13.html#terminol
ogy-
specifically:
Claim
A piece of information about an Entity that a Claims Provider
asserts about that Entity.
Claims Provider
A system or service that can return Claims about an Entity.
End-User
A human user of a system or service.
Entity
Something that has a separate and distinct existence and that can
be identified in context. An End-User is one example of an Entity.
well, it seems to me, given the manner in which the JWT spec is
written, one can make the case that JWT claims in general aren't
necessarily about an Entity (as the latter term is used in the
context of the OpenID Connect specs), rather they're in general
simply assertions about something(s). this is because all pre-defined
JWT claim types are optional and all JWT semantics are left up to
specs that profile (aka re-use) the JWT spec.
HTH,
=JeffH
_______________________________________________
OAuth mailing list
[email protected] <mailto:[email protected]>
https://www.ietf.org/mailman/listinfo/oauth
_______________________________________________
OAuth mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/oauth
_______________________________________________
OAuth mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/oauth
_______________________________________________
OAuth mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/oauth
