Overview [1]#

Claim is an assertion made by a Entity that the one or more values of one or more Attributes of a Digital Identity (or Identity Document) which is disputed or in doubt.

Only by use of Trust can a Claim be assumed to be True as Authentication would be done by an Identity Provider (IDP) or a Verifier which involves Trust.

Using the JWT Claims Set is one method where Claims also solve the concern of data being added in transit. Because the information encoded and Digitally Signed by the Issuing Authority, nothing is added in transit unless the Issuing Authority is involved – in this way, the source of data can be directly controlled. Verifiable Claims and Verified Claims are another method.

We can for our purposes use Claim the same as we would use assertion in regards to Authentication

Claims are the fix because they don’t simply tell you something about the subject; they give you context and the ability to verify that information. There are two core types of attributes that a claim can reference:

Examples #

Examples of the kinds of Identity Attributes that might be conveyed in a Claim:
  • A Claim could just convey an identifier—for example, that the digital subject's student number is 490-525, or that the digital subject's Windows name is REDMOND \ kcameron. This is the way many existing identity systems work.
  • A Claim may make an assertion that a Digital Subject knows a given key and should be able to demonstrate this fact.
  • A Claim might convey Personally Identifiable Information — name, address, date of birth and citizenship, for example.
  • A Claim might simply propose that a Digital Subject is part of a certain group — for example, that she has an age less than 16.
  • A Claim might state that a Digital Subject has a certain Authorization — for example, to place orders up to a certain limit, or modify a given file.

Comment1: Claims may or may not be directed to specific Parties. (KimC, DickH, PaulT)

Comment2: A Claim is an association between a Claimant, a Digital Identity, and an Identity Attribute (PaulT)


verified_claims are an extension to OpenID Connect to ensure that Relying Partys cannot mix up verified and unverified Claims and incidentally process unverified Claims as verified Claims.

verified_claims are defined as Claims about an End-User, typical a Natural Person, where those Claims were Bound to a particular Digital Identity in the course of an Identity Verification process.

Verifiable Claim#

Verifiable Claim is an assertion made by a Third-party about a subject which is tamper-proof and whose authorship can be cryptographically verified. Multiple claims may be bundled together into a set of claims.

More Information#

There might be more information for this subject on one of the following: