Multiplicity of voPersonID values #8
Labels
AARC-G026
Guidelines for expressing community user identifiers
AARC-G056
Community profile attributes
PROFILE-AARC
AARC Attribute Profile
Comments
NicolasLiampotis
added
AARC-G056
|
I've opened an issue at voperson's github |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
voPersonID is defined as a multi-valued attribute in the voPerson 2.0 specification.
Returning the
voperson_idclaim in an array would align with the specification, however the following points needs to be clarified:voperson_idvalues. Should they identify users by matching any Community User Identifier value in the array?subclaim is a single-valued string, we need to clarify thatsubshould be treated as a technical identifier that may or may not convey the Community User Identifier (CUID).Additionally, it's important to consider that the support for multiple values in the voPersonID definition may be to allow expressing non-current identifiers using the
prioroption in LDAP. We could explore adapting theprioroption in OIDC with a complex object denoting (the single?) current identifier and any prior identifiers. Alternatively, we could introduce a new multi-valued claim specifically for prior identifiers. This approach would also work for legacy SAML SPs by avoiding the need to define complex SAML attribute value types but on the other hand it would require standardising a new attribute/claim name.The text was updated successfully, but these errors were encountered: