This page (revision-9) was last changed on 29-Nov-2024 16:16 by -jim

This page was created on 29-Nov-2024 16:16 by unknown

Only authorized users are allowed to rename pages.

Only authorized users are allowed to delete pages.

Page revision history

Version Date Modified Size Author Changes ... Change note
9 29-Nov-2024 16:16 4 KB -jim to previous
8 29-Nov-2024 16:16 4 KB -jim to previous | to last
7 29-Nov-2024 16:16 4 KB -jim to previous | to last
6 29-Nov-2024 16:16 4 KB -jim to previous | to last
5 29-Nov-2024 16:16 3 KB -jim to previous | to last
4 29-Nov-2024 16:16 2 KB -jim to previous | to last
3 29-Nov-2024 16:16 2 KB -jim to previous | to last
2 29-Nov-2024 16:16 2 KB -jim to previous | to last
1 29-Nov-2024 16:16 2 KB unknown to last

Page References

Incoming links Outgoing links
OpenID Connect for Identity Assurance
OpenID Connect for Identity Assurance

Version management

Difference between version and

At line 2 changed one line
[{$pagename}] ([OIDC4IDA])defines an extension to [OpenID Connect] [OpenID] to address the use case of strong identity verification of a natural person in accordance with certain laws.
[{$pagename}] ([OIDC4IDA]) defines an extension to [OpenID Connect] to address the use case of strong [Identity Verification] of the [Digital Identity] of a "[Natural Person]".
At line 5 added one line
[{$pagename}] was initiated from an [Intellectual Property Rights] donation from [yes.com|https://yes.com/|target='_blank'] of an extension to OpenID Connect that they had created.
At line 8 changed one line
The working group believes it’s a good fit for account opening, staff on-boarding, account recovery and access to restricted services where communication of how the underlying [Identity Proofing] was established is needed.
The working group believes it’s a good fit for account opening, staff on-boarding, account [Credential Recovery] and access to restricted services where communication of how the underlying [Identity Proofing] was established is needed.
At line 10 removed one line
At line 12 added one line
* Various [Know Your Customer]
At line 15 changed one line
* and regulations on trust services, such as eIDAS [eIDAS].
* and regulations on trust services, such as [eIDAS].
At line 25 changed one line
The [Identity Assurance] for user [Claims], i.e. the binding of a certain Claim value to the person controlling the respective user account, typically varies among the different user Claims. For example, the assurance an [OpenID Connect Provider] typically will be able to attest for an e-mail address will be "[Self-Asserted]", "verified by opt-in", or "verified by the respective e-mail provider via an attribute exchange protocol". The family name of a user, in contrast, might have been verified in accordance with the respective [Anti-Money Laundering] Law by showing an ID Card to a trained employee of the [OpenID Connect Provider] operator.
The [Identity Assurance] for user [Claims], i.e. the binding of a certain Claim value to the person controlling the respective user account, typically varies among the different user Claims. For example, the assurance an [OpenID Connect Provider] typically will be able to attest for an e-mail address will be "[Self-Asserted]", "verified by opt-in", or "verified by the respective e-mail provider via an attribute exchange protocol". The family name of a user, in contrast, might have been verified in accordance with the respective [Anti-Money Laundering] Law by showing an [Identity Card] to a trained employee of the [OpenID Connect Provider] operator.
At line 30 added 6 lines
!! How does [{$pagename}] Work?
[{$pagename}] is intended to be a lightweight extension to [OpenID Connect] and uses the [Authorization Code] flow of [OpenID Connect Core 1.0] including allowing for end user approval. [{$pagename}] encourages the use of the claims request parameter where the [Relying Party] expresses which parts of the identity data and metadata it needs, and it defines a schema for communication of “[Verified Claims]”. The “verified claims” specification has two child elements one with information about “verification” (and validation), and the other containing the verified end-user claims themselves.
Security concerns relating to exchange of [sensitive personal data|Sensitive Data] via OIDC4IDA should be addressed simply through use of the output of the [FAPI Working Group] which you can read about in this white paper.
At line 44 added 5 lines
* [#2] - [OpenID Connect for Identity Assurance, explained by an implementer
|https://darutk.medium.com/oidc4ida-93aedffa3058
|target='_blank'] - based on information obtained 2022-08-27
* [#3] - [OpenID Connect Identity Assurance / eKYC|https://www.c2id.com/products/nimbus-oauth-openid-connect-sdk/examples/openid-connect/identity-assurance|target='_blank'] - based on information obtained 2022-08-27
* [#4] - [eKYC & Identity Assurance WG|https://openid.net/wg/ekyc-ida/|target='_blank'] - based on information obtained 2022-08-27
At line 52 removed 2 lines
This page (revision-9) was last changed on 29-Nov-2024 16:16 by -jimTop