1. OpenID Foundation Avatar OpenID Foundation
  2. WGs
  3. ekyc-ida
  4. Issues

Claims under evidence

Issue #1359 resolved
Mark Haine created an issue

In two designs I have been involved in to date there has been a need to show which claims are supported by each piece of evidence.

The solution may be to have a claims element (or similar) present within members of the evidence array.

Comments (7)

  1. Mark Haine reporter

    Here is an example where the given name is different in the two pieces of evidence. This also allows the receiver to be clear that the birthdatye originated with the driving_permit only.

    {
    "iss": "https://exampleidp.co.uk",
    "sub": "ppid1234",
    "aud": "https://example-rp.co.uk/client1",
    "exp": 1666630801,
    "iat": 1666541419,
    "acr": "http://id-connect.co.uk/policies/pilot/acr/1.0/mediumprotection",
    "transaction_id": "0c49e507-6a88-4fbf-a88d-ebb80b852991",
    "verified_claims": {
      "claims": {
        "given_name": "Samantha",
        "family_name": "Meredyth",
        "birthdate": "1974-03-01"
      },
      "verification": {
        "trust_framework": "uk_tfida",
        "scheme": "idconnect",
        "assurance_level": "idconnect_kyc_partial",
        "time": "2021-05-11T14:28-01:00",
        "verification_process": "7675D81F-57E0-AB14-9543-26B41FC12",
        "evidence": [ {
            "type": "document",
            "document_details": {
              "type": "driving_permit",
              "document_number": "MORGA753996SM9IJ35"
            },
            "claims": {
              "given_name": "Samantha",
              "family_name": "Meredyth",
              "birthdate": "1974-03-01"
            } },
          {
            "type": "electronic_record",
            "record": {
              "type": "cra_account"
            },
            "claims": {
              "given_name": "Sam",
              "family_name": "Meredyth"
          } } 
        ] 
} } }

  4. Mark Haine reporter

    Having done an initial review there is a slight problem with this proposal as it splits out the claims derived about the end-user from the document metadata when we already have a claim that could be argued to be about the end-user called personal_number included in the spec under three of the of the evidence types…

    • type = document: document_details,
    • type = electronic_record: record,
    • type = vouch: attestation

    I would much prefer to put the personal_number under claims but technically that would be a breaking change I think… if anyone is using that feature?

    personal_number has been in the spec since 30/06/2921

  5. Mark Haine reporter

    options would be to…

    1. do nothing - not add claims as suggested here
    2. add claims as suggested here and retain the personal_number
    3. add claims as suggested here and deprectae personal_number

    are there any others?

    Next step wopuld be to talk through pros and cons of each option.

  6. Mark Haine reporter

    Having spoken to known implementers including yes.com and Authlete I seems likely that personal_number is not used widely and may not be uysed at all. I suggest that means the best of the options above is option 3.

  8. Log in to comment
Assignee
Type
enhancement
Priority
major
Status
resolved
Component
Assurance
Milestone
IDA Final
Votes
0
Watchers
1
Jira: the preferred issue tracker for Bitbucket. Join the team!