- edited description
value/values on verified_claims/claims?
The current spec does not say whether value/values constraints are allowed on verified_claims/claims, but it also does not explicitly forbid it.
As a related topic, it is largely undefined in the OIDC world how to handle value/values when used on object claims. This may be a topic for our syntax extension for OIDC.
Comments (11)
-
reporter -
reporter -
assigned issue to
-
assigned issue to
-
reporter The second question will be addressed in ASC/TC.
-
Section 7.7.2. Data not Matchin Requirements of Implementer’s Draft 3 (published in November 2021) says as follows:
When the available data does not fulfill the requirements of the RP expressed through
value
,values
, ormax_age
, the following logic applies:* If the respective requirement was expressed for a Claim within
verified_claims/verification
, the wholeverified_claims
element MUST be omitted.* Otherwise, the respective Claim MUST be omitted from the response.
In both cases, the OP MUST NOT return an error to the RP.
This description implies that
value
,values
andmax_age
can be used under bothverified_claims/verification
andverified_claims/claims
. The ID2 (published in May, 2020) does not contain this explicit description.In addition, discussions about
value
andvalues
in the OIDC world were done at some places (e.g. comment in Issue 1276).So, the concerns pointed out (before the ID3 was published) by this issue have been resolved so far, I think. This issue can be marked as “resolved”.
-
We should at least state that value/values can be used in verified_claims/claims (in the same way as in OIDC Core).
-
reporter - changed status to resolved
Proposal to fix Issue
#1247→ <<cset 9c3e821668aa>>
-
reporter The section “Defining further constraints on Verification Data” is actually already really clear that you can use restrictions in verification claims:
The RP MAY limit the possible values of the elements `trust_framework`, `evidence/method`, `evidence/check_details`, and `evidence/document/type` by utilizing the `value` or `values` fields and the element `evidence/type` by utilizing the `value` field.
For verified claims, however, the current spec excludes value/values explicitly (probably by accident):
The `verified_claims` element includes a `claims` element, which in turn includes the desired Claims as keys
witha
`null` value.
I created a PR to fix this: https://bitbucket.org/openid/ekyc-ida/pull-requests/115/proposal-to-fix-issue-1247
-
reporter - changed status to open
Not resolved. Stupid Bitbucket.
-
reporter The section “Defining further constraints on Verification Data“ was hidden in “Example Requests” for some reason. This PR fixes the structure:
https://bitbucket.org/openid/ekyc-ida/pull-requests/116/fix-structure-of-requesting-verified -
- changed milestone to Implementer's Draft 4
-
- changed status to resolved
Merged in danielfett/value-values (pull request #115)
Proposal to fix Issue
#1247Approved-by: Mark Haine Approved-by: Takahiko Kawasaki Approved-by: Joseph Heenan
→ <<cset 4de0fa8ad6f5>>
- Log in to comment