openid / ekyc-ida / issues / #1247 - value/values on verified_claims/claims? — Bitbucket

Issue #1247 resolved

Daniel Fett created an issue 2021-04-28

The current spec does not say whether value/values constraints are allowed on verified_claims/claims, but it also does not explicitly forbid it.

As a related topic, it is largely undefined in the OIDC world how to handle value/values when used on object claims. This may be a topic for our syntax extension for OIDC.

Comments (11)

Daniel Fett reporter
- edited description
- 2021-04-28T12:15:35+00:00
Daniel Fett reporter
- assigned issue to
  
  Daniel Fett
- 2021-05-19T15:39:16+00:00
Daniel Fett reporter
The second question will be addressed in ASC/TC.
- 2021-05-19T15:39:36+00:00
Takahiko Kawasaki
Section 7.7.2. Data not Matchin Requirements of Implementer’s Draft 3 (published in November 2021) says as follows:

When the available data does not fulfill the requirements of the RP expressed through value, values, or max_age, the following logic applies:

* If the respective requirement was expressed for a Claim within verified_claims/verification, the whole verified_claims element MUST be omitted.

* Otherwise, the respective Claim MUST be omitted from the response.

In both cases, the OP MUST NOT return an error to the RP.

This description implies that value, values and max_age can be used under both verified_claims/verification and verified_claims/claims. The ID2 (published in May, 2020) does not contain this explicit description.

In addition, discussions about value and values in the OIDC world were done at some places (e.g. comment in Issue 1276).

So, the concerns pointed out (before the ID3 was published) by this issue have been resolved so far, I think. This issue can be marked as “resolved”.

‌
- 2022-05-28T17:45:44+00:00
Torsten Lodderstedt
We should at least state that value/values can be used in verified_claims/claims (in the same way as in OIDC Core).
- 2022-05-30T15:02:04+00:00
Daniel Fett reporter
- changed status to resolved
Proposal to fix Issue ~~#1247~~

→ <<cset 9c3e821668aa>>
- 2022-06-01T07:00:59+00:00
Daniel Fett reporter
The section “Defining further constraints on Verification Data” is actually already really clear that you can use restrictions in verification claims:

The RP MAY limit the possible values of the elements `trust_framework`, `evidence/method`, `evidence/check_details`, and `evidence/document/type` by utilizing the `value` or `values` fields and the element `evidence/type` by utilizing the `value` field.

For verified claims, however, the current spec excludes value/values explicitly (probably by accident):

The `verified_claims` element includes a `claims` element, which in turn includes the desired Claims as keyswitha`null` value.

I created a PR to fix this: https://bitbucket.org/openid/ekyc-ida/pull-requests/115/proposal-to-fix-issue-1247
- 2022-06-01T07:06:34+00:00
Daniel Fett reporter
- changed status to open
Not resolved. Stupid Bitbucket.
- 2022-06-01T07:07:22+00:00
Daniel Fett reporter
The section “Defining further constraints on Verification Data“ was hidden in “Example Requests” for some reason. This PR fixes the structure:
https://bitbucket.org/openid/ekyc-ida/pull-requests/116/fix-structure-of-requesting-verified
- 2022-06-01T07:16:06+00:00
Mark Haine
- changed milestone to Implementer's Draft 4
- 2022-06-06T15:33:39+00:00
Mark Haine
- changed status to resolved
Merged in danielfett/value-values (pull request #115)

Proposal to fix Issue ~~#1247~~

Approved-by: Mark Haine Approved-by: Takahiko Kawasaki Approved-by: Joseph Heenan

→ <<cset 4de0fa8ad6f5>>
- 2022-06-08T15:07:06+00:00
Log in to comment

Assignee: Daniel Fett

Type: bug

Priority: major

Status: resolved

Component: Core eKYC&IDA

Milestone: Implementer's Draft 4

Votes: 0

Watchers: 3

Jira: the preferred issue tracker for Bitbucket. Join the team!