non-standard OIDC scopes

Wessel, Keith kwessel at
Mon Jun 8 21:27:50 UTC 2020

Well, yes, it’s technically possible. I thought I had read at one point in the OIDC spec that inventing additional scopes was a violation of the profile, but I’m not seeing that now. So… carry on.


From: users <users-bounces at> On Behalf Of Liam Hoekenga
Sent: Monday, June 8, 2020 3:30 PM
To: Shib Users <users at>
Subject: Re: non-standard OIDC scopes

On Mon, Jun 8, 2020 at 3:02 PM Wessel, Keith <kwessel at<mailto:kwessel at>> wrote:
Adding custom scopes, as I understand it, is not allowed.

In what sense?  Philosophically? Because it is technically possible..

    <AttributeFilterPolicy id="oidc_edumember">
        <PolicyRequirementRule xsi:type="oidcext:OIDCScope" value="edumember" />
        <AttributeRule attributeID="isMemberOf">
            <PermitValueRule xsi:type="ANY" />

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <>

More information about the users mailing list