[Openid-specs-ab] Issue #1069: Identity Assurance Section 5.1 on reason for request (openid/connect)
issues-reply at bitbucket.org
Thu Mar 14 17:09:53 UTC 2019
New issue 1069: Identity Assurance Section 5.1 on reason for request
All requests for verified claims MUST include a reason code with a value from list:
1. Consent - user must consent
2. Agree - there is an existing agreement between the OP and the Client on basis for request
3. Update - there is an existing user consent that allows updates. (typically because of expiry)
4. Legal - there is a legal requirement to get the data (do we need more of a reason?)
5. Private - There MUST be no notification to the user for legal reasons.
The default case is that the user MUST be give opt-in consent on every transfer of the credential information and will received a receipt of every transfer of information. This field MUST be honored by the OP or the request MUST be denied.
This is in response to a comment that Nat made at the meeting. There may be a better set of terms that these
More information about the Openid-specs-ab