Difference between revisions of "Claim"

Revision as of 12:54, 10 August 2018

A statement by or about a user is a claim. If there is some corroboration of the claim, it is called a verified claim.

In computer networking a variety of statements can be made by a user to acquire authorized access to a resource.
The distinction as to Authentication, who a user is, versus Authorization, or what that user is permitted to do, is no longer helpful.
NIST has recognized that there are multiple metrics for the quality of statements about a user in their third update to SP 800-63
Claimss can be highly detailed, do to data fields, or a collection of fields, like the User address, this can be overwhelming if presented for User Consent. Some protocols, like OpenID Connect provide for aggregated collections of claims that OpenID calls "scope".^[1]

@@ Line 5: / Line 5: @@
 * In computer networking a variety of statements can be made by a user to acquire authorized access to a resource.
 * The distinction as to [[Authentication]], who a user is, versus [[Authorization]], or what that user is permitted to do, is no longer helpful.
-* NIST has recognized that there are multiple metrics for the quality of statements about a user in their third update to
+* NIST has recognized that there are multiple metrics for the quality of statements about a user in their third update to SP 800-63
+* [[Claims]]s can be highly detailed, do to data fields, or a collection of fields, like the [[User]] address, this can be overwhelming if presented for [[User Consent]]. Some protocols, like [[OpenID Connect]] provide for aggregated collections of claims that OpenID calls "scope".<ref>Nat Sakimura ''Scopes and Claims in OpenID Connect'' https://nat.sakimura.org/2012/01/26/scopes-and-claims-in-openid-connect/</ref>
 [[Category:Glossary]]