Right. It is called the principle of PII collection minimization. It is one of the main principle of GDPR / ISO 29100.
-- PLEASE READ :This e-mail is confidential and intended for the named recipient only. If you are not an intended recipient, please notify the sender and delete this e-mail. From: specs [mailto:[email protected]] On Behalf Of John Bradley Sent: Wednesday, August 9, 2017 12:10 AM To: [email protected] Cc: [email protected] Ab <[email protected]> Subject: Re: Essential claims with the scope value openid One School of thought (GDPR) is that you can only ask for claims that are required. That is why it is essential as all are required. The openID scope should only return subject and issuer. You need to ask for the specific claims that you want if you don't want all the claims in a scope like profile. So it sounds like a bug in the test. John B. On Aug 8, 2017 7:49 AM, "Hasini Witharana" <[email protected] <mailto:[email protected]> > wrote: Hi, Currently I am working with OpenID Connect Certification basic profile. In the OP, I have configured some claims to be gained when the scope is openid. When I send a authorization request with an essential claim I will get all claims for openid and the essential claim. In the specifications there is no, rule as It should return only the essential claim. "OP-claims-essential" test is failing because unexpected claims are returned. Can you please clarify this issue? -- Hasini Witharana Undergraduate | Department of Computer Science and Engineering University of Moratuwa Linkedin <https://www.linkedin.com/in/hasini-witharana-185785109/> _______________________________________________ specs mailing list [email protected] <mailto:[email protected]> http://lists.openid.net/mailman/listinfo/openid-specs
_______________________________________________ specs mailing list [email protected] http://lists.openid.net/mailman/listinfo/openid-specs
