Requesting different trust frameworks for different claims

Issue #1187 closed
Alberto Pulido created an issue

So that as RP I could request different verification and evidences types for different claims. The current schema does not allows that, therefore the suggestion is to make changes to accommodate that use case. As an example, an RP requires high level of assurance based on eIDAS trust framework for your name and birthdate, however it’s ok having substantial for your address.

{
  "userinfo": {
    "verified_claims": [
     {
      "verification": {
        "trust_framework": {
          "value" : "eidas_ial_high"
        }
      },
      "claims": {
        "given_name": null,
        "family_name": null,
        "birthdate": null
      }
    },
    {
     "verification": {
        "trust_framework": {
          "values" :  [ "eidas_ial_substancial", "eidas_ial_high"]
        }
        "time": null
      },
      "claims": {
        "address": null
      }
    }
  ]
 }
}

I believe that the currently defined structure for the response, can accommodate this without further changes, since it supports multiple verified_claims as an array.

Comments (11)

  1. Kosuke Koiwai

    We might want to make “trust_framework” an array as some RP can be satisfied with either de_aml or eidas_ial_substantial.

  2. Alberto Pulido reporter

    Hi Kosuke, It could be an interesting feature, however I believe that should be considered as another independent issue to this one.

  3. Alberto Pulido reporter

    Actually, you are absolutely right Kosuke, according to the current definition for trust_frameworks under verification request, it should be possible to pass on or more trust frameworks just by using value/values elements. I have modified the above example to reflect that possibility, which I believe is already available with current specs.

  4. Log in to comment