Kantara Initiative

OpenID Vocabulary Extension for OTTO

Editor:Michael Schwartz, Gluu
Authors:Janusz Ulanowski,, HEAnet
Judith Bush, OCLC


This specification defines terms to enable OTTO federations to facilitate the collaboration of Participants deploying OpenID Connect services.

Status of This Document

This document is a draft technical specification produced by the OTTO Work Group. See the Kantara Initiative Operating Procedures for more information.

Copyright Notice

Copyright © 2017 Kantara Initiative and the persons identified as the document authors. All rights reserved.

This document is subject to the Kantara IPR Policy - Option Patent & Copyright: Reciprocal Royalty Free with Opt-Out to Reasonable And Non discriminatory (RAND) (HTML version).

Table of Contents

1. Introduction

The Open Trust Taxonomy for Federation Operators ("OTTO") defines an extension mechanism to allow the community to add functionality in a community compatible way. This specification was developed to enable OTTO federations to support OpenID Connect based identity services, and defines all the terms defined in the JSON-LD context file which the extension covers.

1.1 Notational Conventions

The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in [RFC2119].

Unless otherwise noted, all protocol properties and values are case sensitive.

2. Vocabulary

2.1 OpenID Provider

Table 1: OpenID Provider
PropertyExpected TypeDescription
configuration_endpointURIURL for .well-known/openid-configuration
metadataStatementMetadataStatement or array of MetadataStatementClaims about this OP signed by the federation
signingKeyTextPublic part of the OP's signing key
signed_jwks_uriURLURL for the OP configuration data

2.2 OpenID Relying Party

Table 2: OpenID Relying Party
PropertyExpected TypeDescription
metadataStatementMetadataStatement or array of MetadataStatementSigned JWT issued by Federation

2.3 User Claim

Table 3: User Claim
PropertyExpected TypeDescription
additionalTypeURLMore specific type for the claim
oidTextIANA object identifier for the attribute
associatedScopeScope or array of ScopeThis release of this claim is authorized by allowing the respective scope(s)

2.4 Scope

Table 4: Scope
PropertyExpected TypeDescription
userClaimUserClaim or array of UserClaimClaims released by authorizing this scope

2.5 Metadata Statement

Table 5: Metadata Statement
PropertyExpected TypeDescription
federationFederationThe federation that issued the MetadataStatement
metadataStatementTextThe JWT metadata statement

2.6 Categories

Table 6: Categories
UserClaimSchemaCategoryPiece of information about a person
ScopeSchemaCategoryAuthorization to access information about a person
AcrSchemaCategoryA workflow for authentication
OpenIDMetadataCategoryFacilitates search of metadata for a federation
OPEntityCategoryIdentifies entity as an OpenID Provider
RPEntityCategoryIdentifies entity as an OpenID Relying Party

3. Acknowledgments

The following people made significant text contributions to the specification:

Additional contributors to this specification include the Kantara OTTO Work Group participants, a list of whom can be found at [OttoWgParticipants].

4. References

4.1 Normative References

[RFC2119]Bradner, S., “Key words for use in RFCs to Indicate Requirement Levels”, BCP 14, RFC 2119, DOI 10.17487/RFC2119, March 1997, <https://www.rfc-editor.org/info/rfc2119>.

4.2 Informative References

[OttoWgParticipants]Schwartz, M., “OTTO Participant Roster”, 2016, <http://kantarainitiative.org/confluence/display/OTTO/Participant+roster>.

Authors' Addresses

Michael Schwartz (editor)
EMail: mike@gluu.org

Janusz Ulanowski,
EMail: janusz.ulanowski@heanet.ie

Judith Bush
EMail: bushj@oclc.org