non-standard OIDC scopes

Liam Hoekenga liamr at umich.edu
Mon Jun 8 19:59:06 UTC 2020


Slightly off topic, but since I'm looking to define and release attributes
using the Shib IDP, so slightly on topic?

For those of you who have deployed OIDC extension, what have you done for
non-standard scopes and claims of useful data?

Realistically, I think my team needs to sit down and maybe draft a umich
scope (or scopes)?  But in the meantime, I'm looking at attributes that are
pretty common in SAML, but don't exist in one of the easily finable,
defined standard OIDC scopes.

I have been using a whitepaper from REFEDS to inform my actions.. White
Paper for implementation of 4 mappings between SAML 2.0 and OpenID 5
Connect in Research and Education
<https://wiki.refeds.org/download/attachments/38895621/20181011-OIDC-WP.pdf>

..specifically the stuff under section 8, "Advance profile":

*Therefore, going from SAML to OIDC: *
*● an underscore is used to separate words that would normally have a
space in natural language;*
*● the schema prefix of the attribute is retained, presented in lower
case and separated by an underscore, and *
*● camel case is converted into lower case, and again using underscores to
separate words. *

which leads to scope names like eduperson org inetorgperson, and claims
named eduperson_principal_name or inetorgperson_employee_number

I'm curious what other institutions are doing.

thanks!
Liam
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://shibboleth.net/pipermail/users/attachments/20200608/ced095ec/attachment.htm>


More information about the users mailing list