Definitions and Terminology in Section 9 - IdP

I have some comments and questions about terminology and naming in the Identity Provider APIs, Section 9.

I can’t figure out what is the different between an “identity assertion” (in the Section definition of ‘assertion’) and a “payload of the identity assertion” (in the Section definition of ‘contents’).  Are these the same thing?  I can’t seem to find a definition of either.

Section 5.7 of draft-ietf-rtcweb-security-arch-11 gives an example of ‘contents’ as:

     "contents": "{\"fingerprint\":[ ... ]}"

which seems to imply that it is the fingerprint from the SDP.

Section 5.6.6 of the I-D also gives this example of ‘assertion’:

     "assertion": "{\"identity\":\"\",

which seems to imply that ‘contents’ is a subset of ‘assertion’.  Is it required that the ‘contents’ object in the ‘assertion’ passed in validateAssertion be returned unchanged in the ‘contents’ object of the promise?

Where is normative definition of the structure of the “identity assertion” and the “payload of the identity assertion” and the 'contents' and 'assertion' objects defined?

Also, in Section 9, ‘payload’ means something very different from ‘payload’ in the rest of the document, where is usually refers to an RTP payload.  Choosing a different word here might reduce confusion.

Examples 4 and 5 at the end of Section 9 aren’t very helpful, either.

Am I just not finding the relevant text?


Received on Wednesday, 6 January 2016 23:12:39 UTC