[mitreid-connect] Structured Scopes?

[Justin Richer]

Structured scopes aren't used in OIDC, but are a feature that was added 
to support the BlueButton+ REST specification:

http://bluebuttontoolkit.healthit.gov/blue-button-plus-pull/#scopes

The idea was that you could provide an additional parameter, like a 
record identifier, in addition to the core scope. In theory this would 
allow clients to specify more exactly what they wanted access to. In 
practice, it never caught on and it's a bit of a vestigial feature in 
MITREid Connect that we're probably going to remove in a future release 
(or at least turn into an add-on).

For your use case, having two separate scopes makes more sense. Your 
resources can decide if the "write" scope also allows "read" without 
doing anything special.

  -- Justin

On 8/26/2015 9:30 PM, Tony Fendall [DATACOM] wrote:
>
> Hi all
>
> Can anyone point me towards documentation of structured scopes and how 
> they work?  I couldn’t find any references to structured scopes in the 
> OIDC docs.
>
> In my app I want to provide two scopes. One allows read-only access to 
> some data, the other should provide write access.  I could create 
> these as independent scopes, but I had a hunch that structured scopes 
> might work here as hierarchical scopes (and automatically give anyone 
> with write access read access also).  Am I on the right track, or do 
> structured scopes mean something different?
>
> Thanks
>
> *Tony Fendall*
>
> Solution Architect
> Datacom New Zealand |  210 Federal Street, Auckland 1010, New Zealand
> Email: tonyf at datacom.co.nz <mailto:tonyf at datacom.co.nz>| Ph: 
> +64-9-303-1489 | Mob: +64-21-130-8992
>
>
>
> _______________________________________________
> mitreid-connect mailing list
> mitreid-connect at mit.edu
> http://mailman.mit.edu/mailman/listinfo/mitreid-connect

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.mit.edu/pipermail/mitreid-connect/attachments/20150827/a17d2c9e/attachment.html