The Information Card Foundation is using a 'by reference' model for the last.
For an STS to indicate that a particular claim value has been verified, it includes that claim identifier in the (separate) 'verified' claim. If there are other attributes that are also veified, they get added in the same way (space separated).
To indicate that claim as to age of majority was verified (and not self-asserted), the STS would assert
age-18-or-over = true
Verified = age-18-or-over
This model does not allow for 'shades of verification', all the verified claims are treated equally - you are either verified or not, with no middle ground. Discussed in Bob's IIW session was the possibility of 'verification context', the additional information about how verification was achieved, akin to OpenID PAPE or SAML Authentication Context for authentication. As always, some RPs might want this extra context, others not.
Separately
1) Isn't the verified claim a meta-claim, ie a claim aboot a claim(s)?
And as such, would not standardization fall under the purview of the group tasked with all things meta?
2) How does a RP indicate it desires a verified claim? The same mechanism?
3) Does the following combination make sense?
age-18-or-over = unknownCan the STS hedge its bets, i.e. "I've verified the age, but I'm not telling"? Where else would the STS indicate this policy?
Verified = age-18-or-over
No comments:
Post a Comment