definition/implementation of essential claims
Issue #1308
resolved
The eKYC IDA spec seems to redefine ‘essential’ in the context of a requested claim:
RPs MAY indicate that a certain Claim is essential to the successful completion of the request for Verified Claims by utilizing the
essentialfield as defined in Section 5.5.1 of the OpenID Connect specification [OpenID]. T
The definition in OpenID Connect core is subtly different though:
By requesting Claims as Essential Claims, the RP indicates to the End-User that releasing these Claims will ensure a smooth authorization for the specific task requested by the End-User.
If the eKYC spec is deliberately defining different behaviour to connect here (which it does seem to be), I think an extra sentence defining how the OP is meant to handle essential: true would be beneficial.
‘Handling Unfulfillable Requests and Unavailable Data’ could also be more explicit - it seems to refer only to the definition of essential from core, and not mention the definition in section 6.1.
Comments (7)
-
reporter
-
I don’t think that the difference is intentional. If it was, the functionality would be available with ASC/SAO. I propose to change the wording to the one in OIDC or to refer to it.
-
- changed milestone to Implementer's Draft 4
-
-
assigned issue to
Daniel Fett
-
assigned issue to
-
- changed status to open
-
-
- changed status to resolved
Resolved by PR#123
- Log in to comment
- Assignee
- Type
- Priority
- Status
- resolved
- Component
- Core eKYC&IDA
- Milestone
- Implementer's Draft 4
- Votes
- 0
- Watchers
- 1
The difference is that ekyc seems to say “you shouldn’t complete the authorization successfully if an essential claim is unavailable or sharing of it is not consented to” whereas core says “essential is just a bit of guidance and the authorization should complete successfully even if not available/the user refuses permission to share” [with the exception of acr, which is special cased].
The question is whether this is a deliberate difference.