I love the pictures that Vittorio uses in this post. While I’ve always thought of issuers as “caring” for their users (in the case where the issuer is acting as an identity provider) or “caring” for their apps (in the case where the issuer is designed to issue tokens with claims specific to an app), Vittorio takes it a step further and shows the boundaries at which the user’s token can be “enriched” by authorities as these boundaries are crossed. I think this is an excellent way to think about things.
Now that there’s actually something to toy with, as opposed to hand-weave how beautiful a claims-flavoured world would be, I distinctly felt a change in the kind of questions I get: more pragmatic, aimed at understanding how to solve specific *practical* (as opposed to hypothetical) problems or how to integrate with existing assets. One thing that really surprised me is how difficult it could be for people to understand what to put in claims, or who is supposed to add what/where, and so on. There is surprisingly little in literature about this: or rather, this should not surprise at all since the tools that would enable the industry to even pose the question are emerging just now.
So, after so many practical/basic posts lately here there’s some scatter consideration about what should go into claims…
We’re still a ways from being able to prescribe detailed guidance for what to put into claims, where to put it, etc. but this is a step in the right direction. Thanks, Vittorio.
Posted
Oct 07 2009, 11:52 AM
by
keith-brown