Assurance: 6.3. Notified eID system (eIDAS) : Incorrect example

Issue #1132 resolved
Vladimir Dzhuvinov created an issue

The example seems to be missing the required evidence element:

https://openid.net/specs/openid-connect-4-identity-assurance-1_0.html#id-document-1

Comments (5)

  1. Torsten Lodderstedt

    evidence is not required. A notified eID system under eIDAS is one example of an IDP that does not need to provide RPs with evidence due to the legal framework (well-defined regulation, EU member state takes liability).

  2. Vladimir Dzhuvinov reporter

    I had missed that the requirements are actually there in the text. Perhaps they could stand out if mentioned next to each parameter: OPTIONAL unless required by the trust framework.

  3. Torsten Lodderstedt

    The spec is a bit sloppy right now re optionality. I suggest to make a pass through the spec and add REQUIRED/OPTIONAL to any element.

  4. Log in to comment