non-standard OIDC scopes

[Jim Fox]

We do that as well.  In particular edumember_is_member_of and eduperson_scoped_affiliation

Jim


On Jun 8, 2020, at 12:59 PM, Liam Hoekenga <liamr at umich.edu<mailto:liamr at umich.edu>> wrote:

Slightly off topic, but since I'm looking to define and release attributes using the Shib IDP, so slightly on topic?

For those of you who have deployed OIDC extension, what have you done for non-standard scopes and claims of useful data?

Realistically, I think my team needs to sit down and maybe draft a umich scope (or scopes)?  But in the meantime, I'm looking at attributes that are pretty common in SAML, but don't exist in one of the easily finable, defined standard OIDC scopes.

I have been using a whitepaper from REFEDS to inform my actions.. White Paper for implementation of 4 mappings between SAML 2.0 and OpenID 5 Connect in Research and Education<https://wiki.refeds.org/download/attachments/38895621/20181011-OIDC-WP.pdf>

..specifically the stuff under section 8, "Advance profile":

Therefore, going from SAML to OIDC:
● an underscore is used to separate words that would normally have a  space in natural language;
● the schema prefix of the attribute is retained, presented in lower case and separated by an underscore, and
● camel case is converted into lower case, and again using underscores to separate words.

which leads to scope names like eduperson org inetorgperson, and claims named eduperson_principal_name or inetorgperson_employee_number

I'm curious what other institutions are doing.

thanks!
Liam
--
For Consortium Member technical support, see https://wiki.shibboleth.net/confluence/x/coFAAg
To unsubscribe from this list send an email to users-unsubscribe at shibboleth.net<mailto:users-unsubscribe at shibboleth.net>

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://shibboleth.net/pipermail/users/attachments/20200608/caaa2fd0/attachment.htm>