1. OpenID Foundation Avatar OpenID Foundation
  2. WGs
  3. ekyc-ida

Wiki

Clone wiki

ekyc-ida / Minutes / eKYC-IDA_Meeting_Notes_2020-03-11

View History

Attendees

  • Torsten Lodderstedt
  • Daniel Fett
  • Mark Haine
  • Naohiro Fujie
  • Nat Sakimura
  • Bjorn Hjelm
  • Alberto Pulido
  • Dima Postnikov
  • Jan Kelin
  • Joseph Heenan
  • Kosuke Koiwai
  • Wesley Dunnington
  • Achim Schlosser
  • Anthony Nadelin
  • Marcus Almgren
  • Stéphane Mouy

Agenda

  • External organisations
  • Implementers draft update
  • Post v09 activities

External orgs/events

  • Nick Mothershaw of TISA (and OIX) shared some documentation on how they will envisage use of eKYC #1181
    • There is some useful information about how age verification use case may work
    • There is some concern that there may be some liability associated with age verification
    • Derived claim seems to be a good approach rather than an LOA
    • Mark asked to speak at OIX event
  • IETF meeting Vancouver
    • Cancelled
  • European eKYC effort - no progress as yet
    • Call tomorrow with Stéphane to move it forward
    • Mark will attend as he has a connection to another party involved
  • IIF - Event Cancelled
    • A virtual meeting is being organised
    • Rod is talking to Don Thibeau about involvement in whatever replaces it
  • Santander Hackathon - Event Cancelled
    • Mark will be available to attend when it is re-scheduled
  • FDX Meeting
    • Wesley will have a 10mins talk about this WG and specification
    • Bjorn talked about situation of eKYC together with NIST trust framework, and introduced ZenKey corporation who are providing identity services compliant to NIST SP800-63B, authentication part, but does not aware that they are compliant to 63A. identity proofing part.

implementers draft update

  • New version is up and running
  • Generic URL that points to most up to date version of OpenID Connect for Identity Assurance 1.0
  • A direct link to v09 page of OpenID Connect for Identity Assurance 1.0 which has been dramatically improved over the last few months
  • Torsten thanked everybody for their contributions
  • Issues with publishing v09 on Wordpress may lead to minor tweaks and a v10. This is because the team haven't been able to publish the JSON schema files

  • Once it is published Can all please do a detailed review of the document due to small errors possibly being introduced

  • What timeline is desired for the implementers draft process?

    • For implementers draft - notification is 45 days and voting period is 2 weeks (voting period can run concurrently to the last 2 weeks of notification period)
    • once JSON files are published we should start the notification period by -achieving consensus of WG -notifying the secretariat at the OIDF -provide an implementers draft announcement for OIDF website -any normative changes would need to go back to start of process -editorial changes can be made during review period

Post revision v09

  • Under #1151 Set up a page to show how eKYC could satisfy many use cases - what do WG members think?

    • Various parties have agreed to prepare examples
    • A potential sub page could be around TISA - Mark will work with Nick Mothershaw on that

  • Jan spoke about BankID project report from Czech republic

    • preparing specifications for this project and received support from EU and will be using eKYC spec from this working group
    • Private activity JV between 20 banks but there is some legal and government support
    • Examples in spec are being directly used in the project.
    • Jan will arrange to write example page

  • Assertion language

    • Originating from issue #1172
    • Tony observed that this may be applicable to broader group but may not be able to do it as effectively
    • Mark asked about priority of this -vs- legal entity
    • Alberto (Santander) is interested to contribute on assertion environment
    • Nat is convinced that the Assertion piece is best done in this working group given the level of activity and people participating
    • Achim observed that starting a separate document would be better as it might be that this piece of work might be ultimately part of OIDC core or another part of the OIDF specs

  • Legal entity

    • Torsten stated that it's a really ambitious topic but really important
    • Tony observed that it is jurisdictionally specific and there may be some baseline that can be shared but there will be specialised instances and it will be hard from a legal perspective
    • One way would be to describe a simple use case and try to work out where the difficulties are
    • Nat suggested collecting use cases
    • Torsten's view is that the main use case is the questoin of whether "this person represents this legal entity"
    • Tony has been looking at confidence levels
    • Summary from Torsten - There is some reluctance but we should work on this and start by working on use cases

Other topics deferred due to time running out

  • data minimisation for claims request to restrict returned datas
  • #1159 - how we determine names of claims

Updated