1. OpenID Foundation Avatar OpenID Foundation
  2. WGs
  3. ekyc-ida
  4. Issues

Act as a staff, but assert director's verified claims

Issue #1236 new
Naohiro Fujie created an issue

Feedback from METI to the authority claims/regal entity.

Comment:

  • It will be needed to provide verified claims of director or president as well as the delegated staff’s claims

Current use-case of METI:

  • In case of a corporate staff act as the president during application process he/she will be needed to provide the president’s attribute as well as his/her attributes.
  • for example, Bob login to a application system using his account which acts as a corporate director. During the process, Bob will be required to provide both his attributes and the director’s attributes, e.g, register the director’s attributes as owner of the business and register his own attribute as contact information of the application.
  • Current implementation on METI, they define 2 types of claims for both corporate profile includes director/president’s attributes and user’s attributes.

Current id_token from METI’s IdP:

{
 "sub": "BSmith",
 "rep_last_nm": "Johnson",
 "rep_first_nm": "Alice",
 "user_last_nm": "Smith",
 "user_first_nm": "Bob",
 "user_post_code": "0000000",
 "user_prefecture_name": "Tokyo",
 "user_address1": "Minato-ku",
 "user_address2": "1-2-3",
 "user_department": "XX dept.",
 "user_tel_no_contact": "11111111111",
 "user_email": "bob.smith@example.co.jp"
}

Proposal:

  • add claims of director/president under authority element.

example)

{
  "sub": "BSmith",
  "email": "bobsmith@example.com",
  "verified_claims":{
    "verification":{
      "trust_framework": "entity_claims_example_framework",
      ...omit...
    },
    "claims":{
      "givenName": "Bob",
      ...omit...
      "
    },
    "authority": [ {
      "applies_to": {
        "company_name": "Example Company Limited",
        "company_number": "12351235",
        "jurisdiction": "england-wales",
        "rep_givenName": "Alice",   <-- Add claims for representative
        "rep_familyName": "Johnson"
      },
      "permission": [ {
      ...omit...
}

Comments (6)

  1. Mark Haine

    So in the example provided above the End-User is actually Bob and Alice is the president - correct?

    My following comments are assuming that is correct…

    The applies to is supposed to represent the entity that Bob has authority over. Bob does not have authority over Alice.

    It feels better to me to reflect this in the “permission” element. One of Bob’s permissions is to represent Alice in relation to “Example Company Limited”. There will probably be other elements expressing positive permissions or restrictions.

    I would even suggest that we should possibly define a special structured object to generically describe “on behalf of” another end user.

  4. Mark Haine

    I have looked at this again and I think that this case is best delivered by including the details in the role object already mentioned under the permission element. The topic of what goes in the role object should probably be expanded and the discussion at WG this week of ISO 5009 is pertinent to this

  5. Julian White

    For my understanding they want to get the identity of the user, the identity of the legal entity they are acting on behalf of, and the identity of one or more of the directors/president? Does it matter which director is it if there is more than one?

  7. Log in to comment
Assignee
Type
enhancement
Priority
minor
Status
new
Component
Authority claims/legal entity
Milestone
Authority ID1
Votes
0
Watchers
1
Jira Software: the preferred issue tracker for Bitbucket. Join the team!