Wiki

Clone wiki

ekyc-ida / Implementations

This page contains information about existing implementations of OpenID Connect 4 Identity Assurance and projects that are either considering or implementing the spec.

Software Implementations

Authlete

Authlete 2.2 onwards supports IDA (OpenID Connect for Identity Assurance 1.0).

The logic of input validation and output construction can be found in the open-source authlete-java-common library. The open-source java-oauth-server is a sample AS implementation that supports IDA by using the library indirectly via the open-source authlete-java-jaxrs library. The following blog posts explain IDA.

[English] Identity Assurance - OpenID Connect in the eKYC era https://medium.com/@darutk/identity-assurance-openid-connect-in-the-ekyc-era-3be78384a1d1

[Japanese] Identity Assurance - eKYC 時代の OpenID Connect https://qiita.com/TakahikoKawasaki/items/55b54d4b09826a9605e5

Connect2Id

IdA is available in Connect2id server: https://connect2id.com/products/server/docs/datasheet#domain-profiles

Those interested in Relying Party (RP) development can check out the examples from the open source OAuth 2.0 / OIDC SDK: - https://connect2id.com/products/nimbus-oauth-openid-connect-sdk/examples/openid-connect/identity-assurance#claims-process

Nimbus OAuth 2.0 SDK with OpenID Connect extensions (library for RP and OP development)

https://connect2id.com/products/nimbus-oauth-openid-connect-sdk/examples/openid-connect/identity-assurance

Identityfirst eKYC Framework - eKYC Hub

eKYC Hub is an open source framework that implements the eKYC OIDC specification OpenID Connect for Identity Assurance 1.0 and allows for the integration with eKYC data providers (verification services).

The framework has been released under the Apache 2.0 license and it is available at: https://github.com/identityfirst/eKYC-Hub

The eKYC Hub has been implemented with Passbase - one of the easy-to-use verification services which provides an SDK and RESTful API for verifying end user data. Other providers can be used depending on requirements.

Production services using OpenID Connect 4 Identity Assurance

yes® Open Banking Scheme

OpenId Connect 4 Identity Assurance is currently being implemented and rolled in the yes® schema out in three instances, a reference implementation, an implementation at the German Saving Banks (Sparkassen), and an implementation for the German Cooperative Banks (Volks- und Raiffeisenbanken). The protocol is used for strong identity attestation for OpenID Connect Relying Parties but also (via OAuth Token Introspection) to provide Service Providers (APIs) with verified claims for the creation of qualified certificates and remote qualified electronic signatures in accordance with the eIDAS regulation.

Do to the distributed nature of those banking groups (more than 1000 independent financial institutions), OpenID Connect will be offered by more than 1000 IDPs (different tenants on those platforms) with a total reach of more than 25 million users.

DENIC ID (empowering ID4me)

DENIC ID is the first, reference deployment of the ID4me standard. With the DENIC ID service, DENIC and its members offer secure, data privacy-compliant, universal logins. The solution is innovative: The login is domain-based and completely independent of social media.

DENIC-ID IdP implements the Identity Assurance draft in its -09 version and, furthermore, offers an open sandbox for other implementations (RPs, Claims Providers, Users) to check their integration. Contact us to participate.

Projects considering use of OpenID Connect 4 Identity Assurance

Open Banking UK

There is an active project in Open Banking UK that has voted to use OpenID Connect 4 Identity Assurance as the basis for a standard to deliver Extended Customer Attributes to relying parties

Japanese Ministry of Economy, Trade and Industry (METI)

METI has signed a liason agreement with the OIDF and is working with the OIDF-Japan and the eKYC & IDA Working group to look at Legal Entity related identity challenges

The Investment and Savings Alliance (TISA)

TISA is working on a trust framework and technology solution in colaboration with OIX and the OIDF that uses use the OpenID Connect 4 Identity Assurance specification to support various identity related use cases in the UK context

The Global Open Finance Center of Excellence (GOFCOE)

GOFCOE has asked that the eKYC & IDA Working group chairs participate in a group to establish a government and industry group that is looking at delivering a consistent standard for Identity data exchange

Increasing trust with eID for developing business (GRIDS)

Nowadays fewer than 3% of European consumers purchase banking products such as credit cards, current accounts and mortgages from another Member State, and when it comes to consumer credit, Europeans buy only 5% of their loans from abroad. Additionally, there is still limited support to attributes for Legal Persons by the eIDAS nodes in operation and unclear or not yet mature legal support at the national level to facilitate the integration with eIDAS infrastructure of private sector service providers.

In this context, GRIDS raises to facilitate the cross-border acceptance of e-identification and remote know-your-customer (KYC) processes where the aim is to enable banks to identify consumers digitally in compliance with anti-money laundering and data protection requirements, making full use of the electronic identification and authentication tools provided under eIDAS.

Updated