Create explicit cross references between evidence and identity process
Some RP’s are required (for compliance or regulatory reasons) to retain information about exactly how the identity checking was done. The current specification contains all the information about the evidence and in most cases you could probably reverse engineer that from the fields but it would be better if the OP could be explicit on how the evidence and processes were linked.
Regardless, there are some cases where its not really possible to reverse engineer the process from the data. Whilst the individual evidence objects contain information about what they are the schema doesn’t really represent how multiple evidences are combined to meet a part of the assurance_process when it is not obvious in their own right.
For example; sometimes the OP may use multiple electronic_records to complete one part of the assurance_process (like counter fraud, background checks or knowledge based verification) and that can’t be expressed that they relate to the same step in the current syntax.
Comments (8)
-
reporter -
Could you please share an example? That might help to understand your proposal.
-
reporter - edited description
-
reporter Something like this:
{ "verified_claims": { "verification": { "trust_framework": "uk_tfida", "assurance_level": "medium", "assurance_process": { "policy": "gpg45", "procedure": { "approach": "m1b", "assurance_details": { "type": "evidence", "transaction": { "txn": "85762937582385820" } }, "assurance_details": { "type": "counter_fraud", "classification": "score_2", "transaction": { "txn": "927098238DF2958", "type": "mortality", }, "transaction": { "txn": "239847029873601", "type": "mortality", }, "transaction": { "txn": "663275837205749582", "type": "impostor", }, "transaction": { "txn": "9756672965723984576", "type": "pep", } }, "assurance_details": { "type": "activity", "transaction": { "txn": "75676239359725251" } }, "assurance_details": { "type": "verification", "classification": "score_2", "transaction": { "txn": "85659376592765", "type": "kbv", "classification": "medium_kbv" }, "transaction": { "txn": "44650216592659265", "type": "kbv", "classification": "high_kbv" } } } }, "time": "2021-05-11T14:29Z", "verification_process": "7675D80F-57E0-AB14-9543-26B41FC22", "evidence": [ { "type": "document", "validation_method": { "type": "data", "policy": "gpg45", "procedure": "score_2", "verifier": { "txn": "85762937582385820", "organization": "DVLA" } }, "time": "2021-04-09T14:12Z", "document_details": { "type": "driving_permit", "personal_number": "MORGA753116SM9IJ", "document_number": "MORGA753116SM9IJ35", "serial_number": "ZG21000001", "date_of_issuance": "2021-01-01", "date_of_expiry": "2030-12-31", "issuer": { "name": "DVLA", "country": "UK", "country_code": "GBR", "jurisdiction": "GB-GBN" } } }, { "type": "electronic_record", "validation_method": { "type": "data", "policy": "gpg45", "status": "no_trace", "verifier": { "txn": "927098238DF2958", "organization": "Transunion" } }, "time": "2021-04-09T14:12Z", "record": { "type": "death_register", "source": { "name": "General Register Office", "street_address": "PO BOX 2", "locality": "Southport", "postal_code": "PR8 2JD", "country": "UK", "country_code": "GBR", "jurisdiction": "GB-EAW" } } }, { "type": "electronic_record", "validation_method": { "type": "data", "policy": "gpg45", "status": "false_positive", "verifier": { "txn": "239847029873601", "organization": "Wilmington" } }, "time": "2021-04-09T14:14Z", "record": { "type": "death_record", "source": { "name": "Wilmington Millennium", "street_address": "The Chapel, The Sidings", "locality": "Shipley", "postal_code": "BD18 1BN", "country": "UK", "country_code": "GBR" } } }, { "type": "electronic_record", "validation_method": { "type": "data", "policy": "gpg45", "status": "no_trace", "verifier": { "txn": "663275837205749582", "organization": "Experian" } }, "time": "2021-04-09T14:15Z", "record": { "type": "id_fraud", "source": { "name": "Experian", "street_address": "Newenham House, Northern Cross, Malahide Road", "locality": "Dublin", "postal_code": "D17 AY61", "country": "Ireland", "country_code": "IE", "jurisdiction": "GBR" } } }, { "type": "electronic_record", "validation_method": { "type": "data", "policy": "gpg45", "status": "no_trace", "verifier": { "txn": "9756672965723984576", "organization": "Experian" } }, "time": "2021-04-09T14:15Z", "record": { "type": "pep_register", "source": { "name": "Experian", "street_address": "Newenham House, Northern Cross, Malahide Road", "locality": "Dublin", "postal_code": "D17 AY61", "country": "Ireland", "country_code": "IE", "jurisdiction": "GBR" } } }, { "type": "electronic_record", "validation_method": { "type": "data", "policy": "gpg45", "procedure": "score_1", "verifier": { "txn": "75676239359725251", "organization": "Experian" } }, "time": "2021-04-09T14:15Z", "record": { "type": "cra_record", "source": { "name": "Experian", "street_address": "Newenham House, Northern Cross, Malahide Road", "locality": "Dublin", "postal_code": "D17 AY61", "country": "Ireland", "country_code": "IE", "jurisdiction": "GBR" } } }, { "type": "electronic_record", "verification_method": { "type": "kbv", "policy": "gpg45", "status": "passed", "verifier": { "txn": "85659376592765", "organization": "Equifax" } }, "time": "2021-04-09T14:18Z", "record": { "type": "mortgage_account", "source": { "name": "Equifax", "street_address": "1 Angel Court", "locality": "London", "postal_code": "EC2R 7HJ", "country": "UK", "country_code": "GBR", } } }, { "type": "electronic_record", "verification_method": { "type": "kbv", "policy": "gpg45", "status": "passed", "verifier": { "txn": "44650216592659265", "organization": "Phronesis" } }, "time": "2021-04-09T14:18Z", "record": { "type": "utility_account", "source": { "name": "Vodafone" } } } ] }, "claims": { "given_name": "Sarah", "family_name": "Meredyth", "birthdate": "1976-03-11", "place_of_birth": { "country": "UK" }, "address": { "locality": "Edinburgh", "postal_code": "EH1 9GP", "country": "UK", "street_address": "122 Burns Crescent" } } } }
-
Here is the latest version discussed between @Nick Mothershaw, @Julian White and myself.
There are a cople of refinements, specifically:
- addition of “evidence_link” using the evidence “txn” value
- addition of “evidence_claims” to evidence element
{ "verified_claims": { "verification": { "trust_framework": "uk_tfida", "assurance_level": "medium", "time": "2021-05-11T14:29Z", "assurance_process": { "policy": "gpg45", "procedure": "m1b", "assurance_details": [ { "assurance_type": "evidence_validation", "classification": "score_3_2", "evidence_link": [ { "txn": "85762937582385820" } ] }, { "assurance_type": "evidence_validation", "classification": "score_2_2", "evidence_link": [ { "txn": "85762937582385345" } ] }, { "assurance_type": "Identity fraud", "classification": "score_2", "evidence_link": [ { "txn": "pep###############" } ] }, { "assurance_type": "activity", "classification": "score_2", "evidence_link": [ { "txn": "75676239359725251" } ] }, { "assurance_type": "verification", "classification": "score_2", "evidence_link": [ { "txn": "high_kbv4############" } ] } ] }, "evidence": [ { "type": "document", "validation_method": { "type": "data" }, "verifier": { "txn": "85762937582385820", "organization": "OnFelix" }, "time": "2021-04-09T14:12Z", "document_details": { "type": "driving_permit", "personal_number": "MORGA753116SM9IJ", "document_number": "MORGA753116SM9IJ35", "serial_number": "ZG21000001", "date_of_issuance": "2021-01-01", "date_of_expiry": "2030-12-31", "issuer": { "name": "DVLA", "country": "UK", "country_code": "GBR", "jurisdiction": "GB-GBN" }, "evidence_claims": { "given_name": "Sarah", "family_name": "Meredyth" } } }, { "type": "electronic_record", "validation_method": { "type": "data" }, "verifier": { "txn": "high_kbv4############", "organization": "KBV Provider X" }, "time": "2021-04-09T14:12Z", "record": { "type": "high_kbv" } }, { "type": "electronic_record", "validation_method": { "type": "data" }, "verifier": { "txn": "high_kbv4############", "organization": "OnFelix" }, "time": "2021-04-09T14:12Z", "record": { "type": "high_kbv" }, "attachments": [ { "desc": "OnFelix embedded validation", "content_type": "jwt", "content": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IlNhcmFoIE1lcmVkeXRoIiwiaWF0IjoxNjE2MjM5MDIyLCJkb2NUeXBlIjoxLCJNYXRjaGluZ1Jlc3VsdCI6eyJNYXRjaGluZ0NvdW50IjozLCJEb2NGcm9udE1hdGNoIjp0cnVlLCJEb2NUaWx0TWF0Y2giOnRydWUsIkRvY1JlYXJNYXRjaCI6dHJ1ZSwiTGl2ZW5lc3NTY29yZSI6ODQsIkRvY0Zyb250U2NvcmUiOjkxLCJEb2NUaWx0U2NvcmUiOjc2LCJEb2NSZWFyU2NvcmUiOjg4fSwiT25GZWxpeF90eG4iOiIxMjM0NTQ2NzgifQ.FqMBfIcf5x6TQu1GQlWpPzuQqhUjE9_kniZDaCA2htI", "txn": "123454678" } ] } ] } }, "claims": { "given_name": "Sarah", "family_name": "Meredyth", "birthdate": "1976-03-11", "place_of_birth": { "country": "UK" }, "address": { "locality": "Edinburgh", "postal_code": "EH1 9GP", "country": "UK", "street_address": "122 Burns Crescent" } } } }
-
- changed status to open
-
reporter Resolved by PR #87
-
reporter - changed status to resolved
Resolved by PR #87
- Log in to comment
My first thoughts on how to resolve this is we could make the
procedure
element ofassurance_process
an object and include some sort of identifiers to cross reference between it and the evidence's. Handily we already haveverifier
with atxn
in the schema. Its currently defined as a “JSON object denoting the legal entity that performed the identity verification on behalf of the OP. This object SHOULD only be included if the OP did not perform the identity verification itself. This object consists of the following properties”, however if we simply redefined it to allow the OP to use it as well as 3rd parties we can use thetxn
as the cross reference. Currently organization is mandatory, but we could make it optional as the OP doesn't need to restate that it is itself.For example:
verifier
: OPTIONAL. JSON object denoting the procedure performed for identity verification. This object consists of the following properties:organization
: OPTIONAL. String denoting the organization which performed the verification, this object SHOULD be included if the OP did not perform the identity verification itself.txn
: OPTIONAL. Identifier referring to the identity verification transaction. The OP MUST ensure that the transaction identifier can be resolved into transaction details during an audit.
The
txn
can then be referenced in theprocedure
if that is made in object along with useful metadata, for example:procedure
: OPTIONAL. JSON object representing the details of the procedure from thepolicy
that was followed. The OP SHOULD include this where the RP is required to demonstrate full traceability to thepolicy
for regulatory or compliance purposes. This object consists of the following properties:approach
: OPTIONAL. String representing the specific approach to assuring the user’s identity from thepolicy
that was followed.assurance_details
: OPTIONAL. JSON object representing the traceability of how the evidence was used in order to meet the requirements of theapproach
orpolicy
.type
: OPTIONAL. String denoting how theseassurance_details
meet the requirements in theapproach
orpolicy
. The OP SHOULD include this when the transaction isn’t self explanatory, e.g. this can not be determined by thevalidation_method
orverification_method
.classification
: OPTIONAL. String containing any classification or metadata about thetype
that is needed in order to demonstrate compliance to theapproach
orpolicy
transaction
: MANDATORY. JSON object consisting of the evidence transactions that were used to comply with the requirements of theapproach
orpolicy
.txn
: MANDATORY. String referring to the verification transaction identifier. The OP MUST ensure that the transaction identifier matches atxn
in theverifier
object of the evidence.type
: OPTIONAL. String denoting how thesetransaction
is used to demonstrate compliance with requirements in theassurance_details
classification
,approach
orpolicy
.classification
: OPTIONAL. String containing the classification or metadata about thetransaction
that is needed in order to demonstrate compliance.For any given
procedure
there may be 1 or moreassurance_details
, and for anyassurance_details
there may be 1 or moretransactions
.