If you want to consume these claims you will need to ask for:
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/verified/emailaddress
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/verified/iname
The 'verifiedness' (verificity?, verificabiltiy? verificatiousness?) is built right into the claim identifier.
To my mind, the level of assurance that can be ascribed to a claim is orthogonal to the claim itself. An IDP makes a claim, and then provides supporting information to help an RP decide how to treat it.
Do we need a 'Verification Context'?
And maybe I want only a 50% verified claim .... :-)
No comments:
Post a Comment