Assurance: 6.3. Notified eID system (eIDAS) : Incorrect example

Comments (5)

1. 

   Torsten Lodderstedt

   evidence is not required. A notified eID system under eIDAS is one example of an IDP that does not need to provide RPs with evidence due to the legal framework (well-defined regulation, EU member state takes liability).

   • 2020-01-07T16:41:45+00:00
2. 

   Vladimir Dzhuvinov reporter

   Thanks! If that’s so it would make sense to mark evidence as OPTIONAL in https://openid.net/specs/openid-connect-4-identity-assurance-1_0.html#rfc.section.4.1

   (and the other elements which haven’t got the requirement set in that section - time, verification_process)

   • 2020-01-08T15:18:04+00:00
3. 

   Vladimir Dzhuvinov reporter

   I had missed that the requirements are actually there in the text. Perhaps they could stand out if mentioned next to each parameter: OPTIONAL unless required by the trust framework.

   • 2020-01-18T11:59:55+00:00
4. 

   Torsten Lodderstedt

   The spec is a bit sloppy right now re optionality. I suggest to make a pass through the spec and add REQUIRED/OPTIONAL to any element.

   • 2020-01-18T12:08:51+00:00
5. 

   Torsten Lodderstedt

   • changed status to resolved

   fixed by PR #8 - everything but trust_framework, verification, claims & type is optional now

   • 2020-02-05T17:33:55+00:00
6. Log in to comment