Create explicit cross references between evidence and identity process
Issue #1259
resolved
Some RP’s are required (for compliance or regulatory reasons) to retain information about exactly how the identity checking was done. The current specification contains all the information about the evidence and in most cases you could probably reverse engineer that from the fields but it would be better if the OP could be explicit on how the evidence and processes were linked.
Regardless, there are some cases where its not really possible to reverse engineer the process from the data. Whilst the individual evidence objects contain information about what they are the schema doesn’t really represent how multiple evidences are combined to meet a part of the assurance_process when it is not obvious in their own right.
For example; sometimes the OP may use multiple electronic_records to complete one part of the assurance_process (like counter fraud, background checks or knowledge based verification) and that can’t be expressed that they relate to the same step in the current syntax.
Comments (8)
-
reporter
-
Could you please share an example? That might help to understand your proposal.
-
reporter
- edited description
-
reporter
Something like this:
{ "verified_claims": { "verification": { "trust_framework": "uk_tfida", "assurance_level": "medium", "assurance_process": { "policy": "gpg45", "procedure": { "approach": "m1b", "assurance_details": { "type": "evidence", "transaction": { "txn": "85762937582385820" } }, "assurance_details": { "type": "counter_fraud", "classification": "score_2", "transaction": { "txn": "927098238DF2958", "type": "mortality", }, "transaction": { "txn": "239847029873601", "type": "mortality", }, "transaction": { "txn": "663275837205749582", "type": "impostor", }, "transaction": { "txn": "9756672965723984576", "type": "pep", } }, "assurance_details": { "type": "activity", "transaction": { "txn": "75676239359725251" } }, "assurance_details": { "type": "verification", "classification": "score_2", "transaction": { "txn": "85659376592765", "type": "kbv", "classification": "medium_kbv" }, "transaction": { "txn": "44650216592659265", "type": "kbv", "classification": "high_kbv" } } } }, "time": "2021-05-11T14:29Z", "verification_process": "7675D80F-57E0-AB14-9543-26B41FC22", "evidence": [ { "type": "document", "validation_method": { "type": "data", "policy": "gpg45", "procedure": "score_2", "verifier": { "txn": "85762937582385820", "organization": "DVLA" } }, "time": "2021-04-09T14:12Z", "document_details": { "type": "driving_permit", "personal_number": "MORGA753116SM9IJ", "document_number": "MORGA753116SM9IJ35", "serial_number": "ZG21000001", "date_of_issuance": "2021-01-01", "date_of_expiry": "2030-12-31", "issuer": { "name": "DVLA", "country": "UK", "country_code": "GBR", "jurisdiction": "GB-GBN" } } }, { "type": "electronic_record", "validation_method": { "type": "data", "policy": "gpg45", "status": "no_trace", "verifier": { "txn": "927098238DF2958", "organization": "Transunion" } }, "time": "2021-04-09T14:12Z", "record": { "type": "death_register", "source": { "name": "General Register Office", "street_address": "PO BOX 2", "locality": "Southport", "postal_code": "PR8 2JD", "country": "UK", "country_code": "GBR", "jurisdiction": "GB-EAW" } } }, { "type": "electronic_record", "validation_method": { "type": "data", "policy": "gpg45", "status": "false_positive", "verifier": { "txn": "239847029873601", "organization": "Wilmington" } }, "time": "2021-04-09T14:14Z", "record": { "type": "death_record", "source": { "name": "Wilmington Millennium", "street_address": "The Chapel, The Sidings", "locality": "Shipley", "postal_code": "BD18 1BN", "country": "UK", "country_code": "GBR" } } }, { "type": "electronic_record", "validation_method": { "type": "data", "policy": "gpg45", "status": "no_trace", "verifier": { "txn": "663275837205749582", "organization": "Experian" } }, "time": "2021-04-09T14:15Z", "record": { "type": "id_fraud", "source": { "name": "Experian", "street_address": "Newenham House, Northern Cross, Malahide Road", "locality": "Dublin", "postal_code": "D17 AY61", "country": "Ireland", "country_code": "IE", "jurisdiction": "GBR" } } }, { "type": "electronic_record", "validation_method": { "type": "data", "policy": "gpg45", "status": "no_trace", "verifier": { "txn": "9756672965723984576", "organization": "Experian" } }, "time": "2021-04-09T14:15Z", "record": { "type": "pep_register", "source": { "name": "Experian", "street_address": "Newenham House, Northern Cross, Malahide Road", "locality": "Dublin", "postal_code": "D17 AY61", "country": "Ireland", "country_code": "IE", "jurisdiction": "GBR" } } }, { "type": "electronic_record", "validation_method": { "type": "data", "policy": "gpg45", "procedure": "score_1", "verifier": { "txn": "75676239359725251", "organization": "Experian" } }, "time": "2021-04-09T14:15Z", "record": { "type": "cra_record", "source": { "name": "Experian", "street_address": "Newenham House, Northern Cross, Malahide Road", "locality": "Dublin", "postal_code": "D17 AY61", "country": "Ireland", "country_code": "IE", "jurisdiction": "GBR" } } }, { "type": "electronic_record", "verification_method": { "type": "kbv", "policy": "gpg45", "status": "passed", "verifier": { "txn": "85659376592765", "organization": "Equifax" } }, "time": "2021-04-09T14:18Z", "record": { "type": "mortgage_account", "source": { "name": "Equifax", "street_address": "1 Angel Court", "locality": "London", "postal_code": "EC2R 7HJ", "country": "UK", "country_code": "GBR", } } }, { "type": "electronic_record", "verification_method": { "type": "kbv", "policy": "gpg45", "status": "passed", "verifier": { "txn": "44650216592659265", "organization": "Phronesis" } }, "time": "2021-04-09T14:18Z", "record": { "type": "utility_account", "source": { "name": "Vodafone" } } } ] }, "claims": { "given_name": "Sarah", "family_name": "Meredyth", "birthdate": "1976-03-11", "place_of_birth": { "country": "UK" }, "address": { "locality": "Edinburgh", "postal_code": "EH1 9GP", "country": "UK", "street_address": "122 Burns Crescent" } } } }
-
Here is the latest version discussed between @Nick Mothershaw, @Julian White and myself.
There are a cople of refinements, specifically:
- addition of “evidence_link” using the evidence “txn” value
- addition of “evidence_claims” to evidence element
{ "verified_claims": { "verification": { "trust_framework": "uk_tfida", "assurance_level": "medium", "time": "2021-05-11T14:29Z", "assurance_process": { "policy": "gpg45", "procedure": "m1b", "assurance_details": [ { "assurance_type": "evidence_validation", "classification": "score_3_2", "evidence_link": [ { "txn": "85762937582385820" } ] }, { "assurance_type": "evidence_validation", "classification": "score_2_2", "evidence_link": [ { "txn": "85762937582385345" } ] }, { "assurance_type": "Identity fraud", "classification": "score_2", "evidence_link": [ { "txn": "pep###############" } ] }, { "assurance_type": "activity", "classification": "score_2", "evidence_link": [ { "txn": "75676239359725251" } ] }, { "assurance_type": "verification", "classification": "score_2", "evidence_link": [ { "txn": "high_kbv4############" } ] } ] }, "evidence": [ { "type": "document", "validation_method": { "type": "data" }, "verifier": { "txn": "85762937582385820", "organization": "OnFelix" }, "time": "2021-04-09T14:12Z", "document_details": { "type": "driving_permit", "personal_number": "MORGA753116SM9IJ", "document_number": "MORGA753116SM9IJ35", "serial_number": "ZG21000001", "date_of_issuance": "2021-01-01", "date_of_expiry": "2030-12-31", "issuer": { "name": "DVLA", "country": "UK", "country_code": "GBR", "jurisdiction": "GB-GBN" }, "evidence_claims": { "given_name": "Sarah", "family_name": "Meredyth" } } }, { "type": "electronic_record", "validation_method": { "type": "data" }, "verifier": { "txn": "high_kbv4############", "organization": "KBV Provider X" }, "time": "2021-04-09T14:12Z", "record": { "type": "high_kbv" } }, { "type": "electronic_record", "validation_method": { "type": "data" }, "verifier": { "txn": "high_kbv4############", "organization": "OnFelix" }, "time": "2021-04-09T14:12Z", "record": { "type": "high_kbv" }, "attachments": [ { "desc": "OnFelix embedded validation", "content_type": "jwt", "content": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IlNhcmFoIE1lcmVkeXRoIiwiaWF0IjoxNjE2MjM5MDIyLCJkb2NUeXBlIjoxLCJNYXRjaGluZ1Jlc3VsdCI6eyJNYXRjaGluZ0NvdW50IjozLCJEb2NGcm9udE1hdGNoIjp0cnVlLCJEb2NUaWx0TWF0Y2giOnRydWUsIkRvY1JlYXJNYXRjaCI6dHJ1ZSwiTGl2ZW5lc3NTY29yZSI6ODQsIkRvY0Zyb250U2NvcmUiOjkxLCJEb2NUaWx0U2NvcmUiOjc2LCJEb2NSZWFyU2NvcmUiOjg4fSwiT25GZWxpeF90eG4iOiIxMjM0NTQ2NzgifQ.FqMBfIcf5x6TQu1GQlWpPzuQqhUjE9_kniZDaCA2htI", "txn": "123454678" } ] } ] } }, "claims": { "given_name": "Sarah", "family_name": "Meredyth", "birthdate": "1976-03-11", "place_of_birth": { "country": "UK" }, "address": { "locality": "Edinburgh", "postal_code": "EH1 9GP", "country": "UK", "street_address": "122 Burns Crescent" } } } }
-
- changed status to open
-
reporter
Resolved by PR #87
-
reporter
- changed status to resolved
Resolved by PR #87
- Log in to comment
My first thoughts on how to resolve this is we could make the
procedureelement ofassurance_processan object and include some sort of identifiers to cross reference between it and the evidence's. Handily we already haveverifierwith atxnin the schema. Its currently defined as a “JSON object denoting the legal entity that performed the identity verification on behalf of the OP. This object SHOULD only be included if the OP did not perform the identity verification itself. This object consists of the following properties”, however if we simply redefined it to allow the OP to use it as well as 3rd parties we can use thetxnas the cross reference. Currently organization is mandatory, but we could make it optional as the OP doesn't need to restate that it is itself.For example:
verifier: OPTIONAL. JSON object denoting the procedure performed for identity verification. This object consists of the following properties:organization: OPTIONAL. String denoting the organization which performed the verification, this object SHOULD be included if the OP did not perform the identity verification itself.txn: OPTIONAL. Identifier referring to the identity verification transaction. The OP MUST ensure that the transaction identifier can be resolved into transaction details during an audit.
The
txncan then be referenced in theprocedureif that is made in object along with useful metadata, for example:procedure: OPTIONAL. JSON object representing the details of the procedure from thepolicythat was followed. The OP SHOULD include this where the RP is required to demonstrate full traceability to thepolicyfor regulatory or compliance purposes. This object consists of the following properties:approach: OPTIONAL. String representing the specific approach to assuring the user’s identity from thepolicythat was followed.assurance_details: OPTIONAL. JSON object representing the traceability of how the evidence was used in order to meet the requirements of theapproachorpolicy.type: OPTIONAL. String denoting how theseassurance_detailsmeet the requirements in theapproachorpolicy. The OP SHOULD include this when the transaction isn’t self explanatory, e.g. this can not be determined by thevalidation_methodorverification_method.classification: OPTIONAL. String containing any classification or metadata about thetypethat is needed in order to demonstrate compliance to theapproachorpolicytransaction: MANDATORY. JSON object consisting of the evidence transactions that were used to comply with the requirements of theapproachorpolicy.txn: MANDATORY. String referring to the verification transaction identifier. The OP MUST ensure that the transaction identifier matches atxnin theverifierobject of the evidence.type: OPTIONAL. String denoting how thesetransactionis used to demonstrate compliance with requirements in theassurance_detailsclassification,approachorpolicy.classification: OPTIONAL. String containing the classification or metadata about thetransactionthat is needed in order to demonstrate compliance.For any given
procedurethere may be 1 or moreassurance_details, and for anyassurance_detailsthere may be 1 or moretransactions.