NIEF TPAT | TD: OpenID Connect OP Requirements

OpenID Connect OP Requirements - Attributes, v1.0

The attribute requirements when asserting attributes/claims with an OpenId Provider.

Assessment Steps (2)

1 Valid Attribute Names (ValidAttributeNames) Does the system use appropriate claim names for all attributes that it asserts in its tokens? As a guideline, the system should use standard OIDC defined claim names where appropriate for basic user information and well-defined, community endorsed claim/attribute names otherwise. Artifact Sample Claims Statement Provide a sample JSON claims statement.
2 Valid Attribute Values (ValidAttributeValues) Does the system encode all attribute/claim values as JSON arrays, and are all values other than Boolean attribute values encoded as escaped strings? Artifact Sample Claims Statement Provide a sample JSON claims statement.

Conformance Criteria (2)

Valid Attribute Names If the attribute definition for a transmitted claim comes from a published attribute registry that is recognized by NIEF, then the "name" of the JSON name/value pair (member) MUST be the full, formal name of the intended attribute or one of the published aliases of the attribute. If the published definition of the attribute includes an alias that is an Open ID Connect defined "standard claim" , the standard claim name SHOULD be used as the attribute name. Citation NIEF Discussion/Review
Valid Attribute Values The value of the member MUST be a JSON array containing zero or more attribute values. If the published definition of the attribute indicates that the data type of the attribute is "Boolean", then the value(s) of the attribute MUST be Boolean values in the array. Otherwise, the value(s) of the attribute MUST be encoded as string values in the array. Citation NIEF Discussion/Review

Show Metadata, Sources & Terms

Hide Metadata, Sources & Terms

Metadata

Identifier

https://trustmark.nief.org/tpat/tds/icam-oidc-op-attributes/1.0/

Publication Date

2021-06-25

Issuing Organization

NIEF (https://nief.org/) View Contact

NIEF Support

help@nief.org

No telephone

No Mailing Address

Keywords

NIEF, Federated ICAM, OpenID Connect, OIDC, OpenID Provider, OP, Attribute, Claim

Issuance Criteria

yes(all)

Legal Notice

This artifact is published by the National Identity Exchange Federation (NIEF). This artifact and the information contained herein is provided on an "AS IS" basis, and NIEF disclaims all warranties, express or implied, including but not limited to any warranty that the use of the information herein will not infringe any rights or any implied warranties or merchantability or fitness for a particular purpose. In addition, NIEF disclaims legal liability for any loss incurred as a result of the use or reliance on the document or the information contained herein.

Sources (1)

NIEF	NIEF Technical Guidance

Terms (6)

Term Name	Abbreviations	Definition
Attribute		A well defined piece of information about a user that is transmitted to enable attribute based access control.
Claim		Alternate term for attribute. In some contexts, the term "claim" suggests or explicitly denotes a privacy-preserving "attribute about an attribute". For example, whereas an attribute may indicate "Age = 25", a privacy-preserving claim may indicate "Age > 21".
Federated Identity, Credential, and Access Management	Federated ICAM	Refers to a comprehensive approach for dealing with digital identities (and associated attributes), credentials, and access control within a federated environment (across jurisdictional boundaries).
National Identity Exchange Federation	NIEF	National law enforcement and public safety information sharing trust framework.
OpenID Connect	OIDC	A set of JavaScript Object Notation (JSON) data structures and messaging protocols designed to enable single sign-on between system entities.
OpenID Provider	OP	An identity provider system that implements OpenID Connect protocols.

Also available as XML or JSON