- edited description
create section saying how to verify distributed/aggregated claims
Vaguely related to https://bitbucket.org/openid/ekyc-ida/pull-requests/149 - we should probably create a new section saying how to verify distributed/aggregated claims.
It would be following the kind of precedent set in https://openid.net/specs/openid-connect-core-1_0.html#IDTokenValidation
And would say things like ‘must check typ header is xxx, must check signature (if that’s necessary, it’s sometimes not if the token is received over TLS…),must check <…>’.
Comments (9)
-
reporter -
- changed milestone to IDA Final
-
Do we expect embedded attachements to be structured objects themselves in some cases? If so then we may need to state that an embedded structured object should/must be validated in the following way…
-
Should we require that external attachments are only locations accessible via the “https” scheme?
-
when is
expires_in
counting from? -
addressed by PR #153
-
Not addressesd by PR #153 after all
-
now addressed by https://bitbucket.org/openid/ekyc-ida/pull-requests/156
-
- changed status to resolved
- Log in to comment