Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

Version 1 Next »

Abstract

This document defines a lightweight, generic, and powerful JSON-based format for expressing claims and requests for claims. The primary driver for Claims 2.0 is the process of negotiation for access authorization defined by the User-Managed Access (UMA) core protocol, but this document is defined as a modular building block that can be used by other protocols as well.

Status

This document is a product of the User-Managed Access Work Group. It is currently under active development. Its latest version can always be found here. See the Change History at the end of this document for its revision number.

Editors
  • Eve Maler
  • Paul Bryan
Intellectual Property Notice

The User-Managed Access Work Group operates under Kantara IPR Policy - Option Patent & Copyright: Reciprocal Royalty Free with Opt-Out to Reasonable And Non discriminatory (RAND) and the publication of this document is governed by the policies outlined in this option.

Table of Contents

Introduction

This document defines a lightweight, generic, and powerful JSON-based format ([JSON]) for expressing claims and requests for claims, that is, statements in the sense of [IDCclaim]. The primary driver for Claims 2.0 is the process of negotiation for access authorization defined by Step 2 of the User-Managed Access (UMA) core protocol, in which an authorization manager can demand that a requester convey claims on behalf of a requesting party in order to satisfy the polices of an authorizing user. However, this document is defined as a modular building block that can be used by other protocols as well.

Following are design goals of this specification:

  • Allows for efficient and consistent processing, marshalling, and unmarshalling
  • Lightweight way to express both self-asserted claims and third-party-signed claims
  • Allows for variability in the characteristics of claims being requested

Following are non-goals of this specification:

  • Complete replacement or equivalent for other claims and signature formats, such as SAML, IMI, or XML Signature
  • Protocol for carrying or securing claims and requests for claims for any particular purpose

Conventions

  • @@Do we need a proper BNF?
  • Members of objects are shown in the required order.
  • Italic text stands for a value with the indicated type.
  • "(x|y)" represents a literal string with a series of two or more exclusive alternatives of the shown types: as shown here, x or y. When a literal parenthesis mark or vertical bar must appear in such a string, use @@what? instead.
  • "*" or {{"string*string"}}represents a literal string that can have any value at the point indicated by the asterisk. When a literal asterisk must appear in such a string, use @@what? instead.

Claims-Related Documents

A higher-level protocol using this specification MUST define where claims-requested and claims documents appear, which of its entities request and provide claims, and to what purpose.

When these documents are exchanged by means of HTTP, their content type MUST be application/json.

claims-requested Document

The top-level object for requesting claims is known as a claims-requested document.

{

Name

Value

Description

"claims-requested"

Array of one or more Requested Claim objects

A set of requested claims.

}

claims Document

The top-level object for supplying claims is known as a claims document.

{

Name

Value

Description

"claims"

Array of one or more Claim objects

A set of claims.

}

Requested Claim Object

{

Name

Value

Description

"type"

"typeURL"

The type of claim being requested. The type URL MUST match that documented by the definer of the claim format.

"issuer"
(optional)

"URL"
or
"(URL1|URL2)"
or
"*"

Constraint on the value of the issuer of a supplied claim.

"typeURL"
(optional)

An object conforming to the claims-requested form of the named claim type

The claims-requested form of the claim value MUST match that documented by the definer of the claim format.

}

Claim Object

{

Name

Value

Description

"type"

"typeURL"

The type of claim being supplied, typically in response to a claims-requested document mentioning this identical claim type. The type URL MUST match that documented by the definer of the claim format.

"issuer"
(optional)

"URL"

The issuer of the claim.

"typeURL"

An object conforming to the claims form of the named claim type

The claims form of the claim value MUST match that documented by the definer of the claim format.

}

Conformance

@@Say something about claims definition and syntactic validity.

References

Normative References

[JSON]
http://www.ietf.org/rfc/rfc4627.txt

Non-Normative References

[IDCclaim]
http://wiki.idcommons.net/Claim

Change History

Version Date Comment
Current Version (v. 1) Apr 26, 2010 20:47 Former user
v. 7 Apr 28, 2010 16:37 Former user
Migrated to Confluence 4.0
v. 6 Apr 28, 2010 16:37 Former user
v. 5 Apr 28, 2010 15:11 Former user
v. 4 Apr 28, 2010 14:48 Former user
v. 3 Apr 28, 2010 14:43 Former user
v. 2 Apr 28, 2010 14:11 Former user
v. 1 Apr 26, 2010 20:47 Former user
  • No labels