This page contains information about existing implementations of OpenID Connect 4 Identity Assurance and projects that are either considering or implementing the spec.
Authlete 2.2 onwards supports IDA (OpenID Connect for Identity Assurance 1.0).
The logic of input validation and output construction can be found in the open-source authlete-java-common library. The open-source java-oauth-server is a sample AS implementation that supports IDA by using the library indirectly via the open-source authlete-java-jaxrs library. The following blog posts explain IDA.
[English] Identity Assurance - OpenID Connect in the eKYC era https://medium.com/@darutk/identity-assurance-openid-connect-in-the-ekyc-era-3be78384a1d1
[Japanese] Identity Assurance - eKYC 時代の OpenID Connect https://qiita.com/TakahikoKawasaki/items/55b54d4b09826a9605e5
IdA is available in Connect2id server: https://connect2id.com/products/server/docs/datasheet#domain-profiles
Those interested in Relying Party (RP) development can check out the examples from the open source OAuth 2.0 / OIDC SDK: - https://connect2id.com/products/nimbus-oauth-openid-connect-sdk/examples/openid-connect/identity-assurance#claims-process
Nimbus OAuth 2.0 SDK with OpenID Connect extensions (library for RP and OP development)
Identityfirst eKYC Framework - eKYC Hub
eKYC Hub is an open source framework that implements the eKYC OIDC specification OpenID Connect for Identity Assurance 1.0 and allows for the integration with eKYC data providers (verification services).
The framework has been released under the Apache 2.0 license and it is available at: https://github.com/identityfirst/eKYC-Hub
The eKYC Hub has been implemented with Passbase - one of the easy-to-use verification services which provides an SDK and RESTful API for verifying end user data. Other providers can be used depending on requirements.
Production services using OpenID Connect 4 Identity Assurance
yes® Open Banking Scheme
OpenId Connect 4 Identity Assurance is currently being implemented and rolled in the yes® schema out in three instances, a reference implementation, an implementation at the German Saving Banks (Sparkassen), and an implementation for the German Cooperative Banks (Volks- und Raiffeisenbanken). The protocol is used for strong identity attestation for OpenID Connect Relying Parties but also (via OAuth Token Introspection) to provide Service Providers (APIs) with verified claims for the creation of qualified certificates and remote qualified electronic signatures in accordance with the eIDAS regulation.
Do to the distributed nature of those banking groups (more than 1000 independent financial institutions), OpenID Connect will be offered by more than 1000 IDPs (different tenants on those platforms) with a total reach of more than 25 million users.
DENIC ID (empowering ID4me)
DENIC ID is the first, reference deployment of the ID4me standard. With the DENIC ID service, DENIC and its members offer secure, data privacy-compliant, universal logins. The solution is innovative: The login is domain-based and completely independent of social media.
DENIC-ID IdP implements the Identity Assurance draft in its -09 version and, furthermore, offers an open sandbox for other implementations (RPs, Claims Providers, Users) to check their integration. Contact us to participate.
Projects considering use of OpenID Connect 4 Identity Assurance
ConnectID https://connectid.com.au/ (A project under Australian Payments Plus) is using OIDC4IDA as part of its solution that is going live soon
Japanese Ministry of Economy, Trade and Industry (METI)
METI has signed a liason agreement with the OIDF and is working with the OIDF-Japan and the eKYC & IDA Working group to look at Legal Entity related identity challenges
The Investment and Savings Alliance (TISA)
TISA is working on a trust framework and technology solution in colaboration with OIX and the OIDF that uses use the OpenID Connect 4 Identity Assurance specification to support various identity related use cases in the UK context
The Global Assured Identity Network (GAIN)
The GAIN forum and the associated OpenID Foundation POC is using a profile of the OpenID Connect for IDA as the inital data plane interface for interations between members of the network. There have been proof of concept implementations by 5 members of that community group.
Increasing trust with eID for developing business (GRIDS)
Nowadays fewer than 3% of European consumers purchase banking products such as credit cards, current accounts and mortgages from another Member State, and when it comes to consumer credit, Europeans buy only 5% of their loans from abroad. Additionally, there is still limited support to attributes for Legal Persons by the eIDAS nodes in operation and unclear or not yet mature legal support at the national level to facilitate the integration with eIDAS infrastructure of private sector service providers.
In this context, GRIDS raises to facilitate the cross-border acceptance of e-identification and remote know-your-customer (KYC) processes where the aim is to enable banks to identify consumers digitally in compliance with anti-money laundering and data protection requirements, making full use of the electronic identification and authentication tools provided under eIDAS.
OneID from Digital Identity Net
OneID is a UK Trust Scheme that operates under the Department of Digital, Culture, Media and Sport’s (DCMS) Digital Identity and Attributes Trust Framework. OneID has as its identity data source UK banks acting as Identity Service Providers (OIDC Providers), and is similar in concept to BankID schemes in other countries. OneID uses OIDC Core and Identity Assurance as an extension to provide identity evidence to build trust in the network and enable Relying Parties to make risk decisions based on the evidence data. Digital Identity Net is working with OIDF, DCMS and UK banks to help drive adoption of OIDC IDA as the base standard.