Claim Type URLs

Question

This question has been asked before... here -> what are the URLs for in claim-types.

But the accepted answer doesn't actually answer the question. Why are claim types in ASP.NET Core Authentication formatted as HTTP Urls? What is the purpose of the "http://schemas.microsoft.com/...." portion of the claim type? It's not an actual hyper text transfer protocol URL to a web site or a web service of some kind. There is no schema document sitting at that address. So what is the purpose of formatting them as HTTP URLs? I know WHAT they are. I just don't know WHY they are formatted as they are.

score 4 · Accepted Answer · answered Sep 25 '20 at 04:17

I believe Microsoft use URIs because they suit the purpose - they need a unique identifier to identify each claim type, that is preferably human-readable, and guaranteed not to accidentally clash with names created by other third-party components or developers themselves.

The fact that Microsoft chose URLs (which is just a type of URI) is probably conventional. Over the years various standards for claim types were developed by different organizations, many of which were based on XML namespaces that were URLs (for example, see this standard document by OASIS). Many of these well-known claim types are still in use today, so it would make sense to format any newly-defined claim types in the same fashion as the existing well-known ones.

Historical precedent then. Got it. Thanks! – Nick Sep 25 '20 at 23:56 — Nick, Sep 25 '20 at 23:56

Claim Type URLs

1 Answers1