[Openid-specs-ab] user consent
Tom Jones
thomasclinganjones at gmail.com
Thu Apr 8 16:32:05 UTC 2021
Before we talk any more about opaque blobs being added to the id token, I
would like to talk about user consent. What little i have heard from the PE
group the RP gets to ask for whatever info he wants and consent magically
happens at some other level. Since the creds group of DIF is not discussing
the problem I guess it must come up here. If the request/response of the
VC/VP protocol is not known to the open id protocol, how can anybody know
if the user has given informed consent to the release of the claims? As far
as I can tell DIF is punting the issue altogether. (That comes from Daniel
@ MSFT)
First - in SIOP user explicit consent MUST be obtained.
Second - in SIOP the data request from the RP (claims) must be presented to
the user in a form they can understand before the id token (etc.) is
created.
When we understand that we can talk about vc-xyz.
Be the change you want to see in the world ..tom
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-ab/attachments/20210408/30592b24/attachment.html>
More information about the Openid-specs-ab
mailing list