woutermont
commented
1 year ago Thanks to @laurensdeb for pointing this out, and @RubenVerborgh for providing the opportunity for interaction 🙏
Open woutermont opened 1 year ago
woutermont
commented
1 year ago Thanks to @laurensdeb for pointing this out, and @RubenVerborgh for providing the opportunity for interaction 🙏
Because of its decentralized nature, authentication in Solid relies on the trust between a Client and an Identity Provider (OP). This trust can partially be based on the trust between the End-User and the OP (via the
solid:oidcIssuertriple in the identity document), but also needs to be complemented with trust in the authentication mechanism(s) of that OP.It would be valuable if the Solid-OIDC specification requires the use, or at least describes the possibility, of the following optional fields in the OP metadata (
.well-known/oidc-configuration) and the retrieved ID Tokens, respectively.acr_values_supported: [a] JSON array containing a list of the Authentication Context Class References that [the] OP supportsacr: [a] string specifying an Authentication Context Class Reference value that identifies the Authentication Context Class that the authentication performed satisfiedInteresting Authentication Context Class References are OpenID PAPE levels or IANA LoA profiles. Any other absolute URI can also be used, assuming that there is a shared understanding of its meaning.