The other day I went to my bank to have my electronic signature updated and realised that the concept of verification can actually apply to other claims such as name and date of birth (not just email and phone numbers). Specifying an additional "x_verified" for each claim that can be potentially verified however seems too much.
How about defining a single common claim, represented by a JSON array of strings, to list all claim names, of those returned with the UserInfo, that the IdP wishes to mark as verified? This claim could be called "verified_claims".
For instance, if the email and phone number returned with the UserInfo have been verified:
"verified_claims" : [ "email", "phone_number" ]
Or names and address:
"verified_claims" : [ "name", "given_name", "middle_name", "family_name", "address"]
If none of the returned claims are verified, the array could be empty or entirely omitted:
"verified_claims" : [ ]
This mechanism for indicating verified claims could potentially be used for custom (outside the std. schema) claims as well:
"verified_claims" : ["x-custom", "y-custom", "z-custom"]