Section 8: Example responses: Issues and comments
After updating the OAuth / OIDC SDK to the latest draft 12 the new examples were made part of the automated tests. This revealed several issues when parsing the example responses JSON in section 8. Some of the encountered issues may need to be addressed in the spec itself. I will create separate tickets for those.
There appear to be two ways to get the response to parse successfully:
- Change the evidence type to the deprecated
id_document
evidence (now it’sdocument
). -
Or change it so that it parses as the new
document
evidence (see spec):- The ID card details go into a
document_details
elements (now it’sdetails
). - The document
number
becomesdocument_number
,serial_number
orperson_number
.
- The ID card details go into a
- Change the
document
element todocument_details
.
- The
created_at
in the example1979-01-22
doesn’t fit the expected timestamp format.
created_at
: OPTIONAL. The time the record was created as ISO 8601:2004 [ISO8601-2004]YYYY-MM-DDThh:mm[:ss]TZD
format.
- The
assurance_level
set toal_2
is not in the registry, it looks likeal2
was intended here. - The
place_of_birth.country
claim uses a three letter code. According to the spec the code must be 2 or 4 letters. - There are decimal HTML entities in the
place_of_birth.locality
. See the JSON RFC for the standard string encoding.
- The
voucher
element contains thegiven_name
andfamily_name
parameters. According to the spec those should be communicated in thename
parameter. - The
place_of_birth.country
claim uses a three letter code. According to the spec the code must be 2 or 4 letters.
- According to the spec the issuer country code
ITA
should be communicated in thecountry_code
parameter. - The
place_of_birth.country
claim uses a three letter code. According to the spec the code must be 2 or 4 letters.
https://openid.bitbucket.io/eKYC-IDA/openid-connect-4-identity-assurance-1_0-master.html#section-8.3
https://openid.bitbucket.io/eKYC-IDA/openid-connect-4-identity-assurance-1_0-master.html#section-8.4
https://openid.bitbucket.io/eKYC-IDA/openid-connect-4-identity-assurance-1_0-master.html#section-8.6
https://openid.bitbucket.io/eKYC-IDA/openid-connect-4-identity-assurance-1_0-master.html#section-8.7
https://openid.bitbucket.io/eKYC-IDA/openid-connect-4-identity-assurance-1_0-master.html#section-8.8
"address": {
"locality": "Maxstadt",
"postal_code": "12344",
"country": "DE",
"street_address": "An der Weide 22"
}
"address": {
"locality": "Karlstad",
"postal_code": "65344",
"country": "SWE",
"street_address": "Gatunamn 221b"
}
"address": {
"locality": "Imola BO",
"postal_code": "40026",
"country": "ITA",
"street_address": "Viale Dante Alighieri, 26"
}
There are 9 example responses where a country code appears to be communicated in the address.country
claim, defined in OIDC Core as “country name”. At the same time there are two examples where address.country
is set to Monaco
and UK
. The address.country_code
claim introduced by the eKYC spec appears the most appropriate here, with its purpose to identify a country in a way that is unambiguous and interoperable.
https://openid.bitbucket.io/eKYC-IDA/openid-connect-4-identity-assurance-1_0-master.html#section-8.2
https://openid.bitbucket.io/eKYC-IDA/openid-connect-4-identity-assurance-1_0-master.html#section-8.5
The place_of_birth.country
claim where a country code is expected is set to UK
(which is not a valid two-letter country ISO code).
Comments (6)
-
-
reporter Hi Mark,
This appears in the definition of the claim:
https://openid.net/specs/openid-connect-4-identity-assurance-1_0.html#section-4.1
country
: String representing country in [ISO3166-1] Alpha-2 (e.g., DE) or [ISO3166-3] syntax.Since Alpha-3 isn't explicitly mentioned, our reading was that the possible values are Alpha-2 codes and the 4-letter codes for former countries (e.g. CZHH).
-
reporter A note that should the
check_method
PR gets merged virtually all of the examples will get affected. -
PR #87 has been merged
-
@Vladimir Dzhuvinov Has PR #87 solved this issue?
-
reporter - changed status to resolved
I'm closing this issue. We'll plug the new examples into the OIDC SDK and if something comes up I'll file a fresh ticket. Thanks!
- Log in to comment
specifically on the
place_of_birth.country
claim - where does it say the code must be 2 or 4 letters - I don’t believe that was the intent and the three letter examples are correct.