SL1 - Draft Feedback

[2MarkMaguire]

Two thoughts -

• We are requiring the Provider to include certain claims on the ID Token, but we are not requiring the Relying Party to validate those claims - would we want to add that?
• I see DNSSEC is required - how widely supported is DNSSEC? Could that hurt adoption?

[dhs-BI]

In Slack I shared some data on DNSSEC deployment: https://usgv6-deploymon.nist.gov/snap-all.html. As written in the draft the requirement is a SHOULD not a MUST. Unless there is strong reason to make this a MUST, I think the requirement can stand.

On the ID token claims, can you provide a bit more context on what you're thinking about?

[aaronpk]

Discussed on the Apr 22 call: https://github.com/openid/ipsie/wiki/2025%E2%80%9004%E2%80%9022

• DNSSEC can stay as is
• Will add ID token claim validation requirements for RPs