Difference between revisions of "Claim"
From MgmtWiki
(→Context) |
|||
| Line 1: | Line 1: | ||
==Full Title or Meme== | ==Full Title or Meme== | ||
A statement by or about a user is a claim. If there is some corroboration of the claim, it is called a verified claim. | A statement by or about a user is a claim. If there is some corroboration of the claim, it is called a verified claim. | ||
| + | |||
| + | A collection of [[Attribute]]s and other information about a user that are used in [[Authorization]] of access to a [[Resource]]. | ||
| + | |||
| + | ==Context== | ||
| + | Claims typically go through a series of steps, for example: | ||
| + | # A [[User]] will go to a [[Web Site]] hosting a [[Resource]] that the user wants to access. | ||
| + | # The [[Web Site]] will send a scope to a [[User]] asking for [[Claims]] to authorize access. | ||
| + | # The [[User Agent]] should know, a priori, where to send the [[Claims]] for verification. | ||
| + | # The verified claims will be collected and forwarded to the [[Web Site]]. | ||
| + | # The [[Web Site]] will evaluate the verified claims and determine whether to authorize access to the resource. | ||
| + | # Optionally the [[Web Site]] will request additional claims to meet the needs to authorize access. | ||
| + | |||
==Context== | ==Context== | ||
Revision as of 19:51, 18 August 2018
Full Title or Meme
A statement by or about a user is a claim. If there is some corroboration of the claim, it is called a verified claim.
A collection of Attributes and other information about a user that are used in Authorization of access to a Resource.
Context
Claims typically go through a series of steps, for example:
- A User will go to a Web Site hosting a Resource that the user wants to access.
- The Web Site will send a scope to a User asking for Claims to authorize access.
- The User Agent should know, a priori, where to send the Claims for verification.
- The verified claims will be collected and forwarded to the Web Site.
- The Web Site will evaluate the verified claims and determine whether to authorize access to the resource.
- Optionally the Web Site will request additional claims to meet the needs to authorize access.
Context
- In computer networking a variety of statements can be made by a user to acquire authorized access to a resource.
- The distinction as to Authentication, who a user is, versus Authorization, or what that user is permitted to do, is no longer helpful.
- NIST has recognized that there are multiple metrics for the quality of statements about a user in their third update to SP 800-63
- Claimss can be highly detailed, do to data fields, or a collection of fields, like the User address, this can be overwhelming if presented for User Consent. Some protocols, like OpenID Connect provide for aggregated collections of claims that OpenID calls "scope".[1]
References
- ↑ Nat Sakimura Scopes and Claims in OpenID Connect https://nat.sakimura.org/2012/01/26/scopes-and-claims-in-openid-connect/
