<meta charset="UTF-8">
<meta name="robots" content="noindex,nofollow" />
<link rel="shortcut icon" type="image/x-icon" href="/wiki/images/favicon.ico" />
<link rel="icon" type="image/x-icon" href="/wiki/images/favicon.ico" />

<pre>
!!! Overview [1]
[{$pagename}] is an [assertion] made by a [Entity] that the one or more values of one or more [Attributes] of a [Digital Identity] (or [Identity Document]) which may be disputed or in doubt.


Only by use of [Trust] can a [Claim] be assumed to be [True] as [Authentication] would be done by an [Identity Provider (IDP)] or a [Verifier] which involves [Trust].

Using the [JWT Claims Set] is one method where [{$pagename}]s also solve the concern of [data] being added in transit. Because the information [encoded|Encoding] and [Digitally Signed] by the [Issuing Authority|Issuer], nothing is added in transit unless the Issuing Authority is involved – in this way, the source of [data] can be directly controlled. 

[Verifiable Claims] and [Verified Claims] are another method.

We can for our purposes use [{$pagename}] the same as we would use [assertion] in regards to [Authentication]

[Verified Claims] are a fix because they don’t simply tell you something about the subject; they give you context and the ability to verify that information. [Verifiable Claims]
There are two core types of attributes that a claim can reference:
* [Contextual Attributes] tell us about the situation when a token is issued
* [Subject Attributes] tell us about the thing that received the token


! [Examples] 
Examples of the kinds of [Identity Attributes] that might be conveyed in a [{$pagename}]:
* A [{$pagename}] could just [convey an identifier|By-reference]—for example:
** that the digital subject's student number is 490-525 
** that the digital subject's Windows name is REDMOND \ kcameron. 
* A [{$pagename}] may make an [assertion] that a [Digital Subject] knows a given key __and__ should be able to demonstrate this fact.
* A [{$pagename}] might convey [Personally Identifiable Information]  for example:
** name
** address
** date of birth
** citizenship
* A [{$pagename}] might simply propose that a [Digital Subject] is part of a certain group — for example, that she has an age less than 16.
* A [{$pagename}] might state that a [Digital Subject] has a certain [Authorization] — for example, to place orders up to a certain limit, or modify a given file. 

Comment1: [{$pagename}]s may or may not be directed to specific Parties ([aud]). (KimC, DickH, PaulT)

Comment2: A [{$pagename}] is an association between a [Claimant|Identity Provider (IDP)], a [Digital Identity], and an [Identity Attribute] (PaulT)

Here is an [OAuth 2.0] [example]:
&quot;Curity states that the Resource Owner has this list of attributes.&quot;

||Asserting Party||Subject||Claims
|Curity|Resource Owner|Attributes

In [OAuth 2.0] [{$pagename}] might and often are mapped to a [OAuth Scopes] (scope of access).

!! [verified_claims]
[verified_claims] are an extension to [OpenID Connect] to ensure that [Relying Party]s cannot mix up verified and unverified [Claims] and incidentally process unverified [Claims] as verified Claims.

[verified_claims] are defined as [Claims] about an [End-User], typical a [Natural Person], where those [Claims] were [Bound|binding] to a particular [Digital Identity] in the course of an [Identity Verification] process.

!  [OpenID Connect Standard Claims]

The [OpenID Connect Standard Claims] specification only defines a single set of standard [OAuth Scopes] defines the [Access Request] for the [{$pagename}]:

||Scope||Claims
|email|[email], [email_verified]
|address|[address]
|profile|[name], [family_name], [given_name], [middle_name], [nickname], [preferred_username], [profile], [picture], [website], [gender], [birthdate|BirthDate], [zoneinfo], [locale], [updated_at]
|phone|[phone_number|Phone Number], [phone_number_verified]
|openid|[sub], auth_time, [acr] \\ 

!! [Verifiable Claim]
[Verifiable Claim] is an [assertion] made by a [Third-party] about a [subject] which is [tamper-proof|Integrity] and whose [authorship|Data Origin] can be [cryptographically|Cryptographic] [verified|Verification]. Multiple claims may be bundled together into a set of [claims].

!! More Information
There might be more information for this subject on one of the following:
[{ReferringPagesPlugin before='*' after='\n' }]
----
* [#1] - [Claim|http://www.identitygang.org/moin.cgi/Claim|target='_blank'] - based on information obtained 2003?
* [#2] - [Identity and APIs|https://nordicapis.com/ebooks/identity-and-apis/|target='_blank'] - based on information obtained 2020-11-03 
* [#3] - [Introduction to Claims
|https://curity.io/resources/learn/what-are-claims-and-how-they-are-used/|target='_blank'] - based on information obtained 2022-05-27 
* [#4] - [Claims Best Practices|https://curity.io/resources/learn/claims-best-practices/|target='_blank'] - based on information obtained 2022-05-27 
* [#5] - [OIDC Standard Claims|https://openid.net/specs/openid-connect-core-1_0.html#StandardClaims|target='_blank'] - based on information obtained 2020-05-27 

</pre>