[Openid-specs-ab] New openid-connect-4-identity-assurance-1_0 draft -06

Marcos Sanz sanz at denic.de
Wed Jul 31 10:22:40 UTC 2019


Hi Torsten,

> a new revision of 
https://openid.net/specs/openid-connect-4-identity-assurance-1_0.html is 
available. 

it's really getting closer :-)

Typos:
- There's still one instance of "verified_person_data" in section 5.1
- Section 4.1.1.3: s/eletronic signatue/electronic signature/

Besides that, here at ID4me we were wondering how should we syntactically 
express aggregated/distributed verified_claims answers when they stem 
from/point at two or more different claims providers on the light of the 
examples of sections 6.6 and 6.7. Should it be something like 

{ 
   "iss":"https://server.example.com", 
   "sub":"248289761001",
   "_claim_names":{ 
       "verified_claims":{ 
         "claims":{ 
            "given_name":"src1",
            "family_name":"src1",
            "address":"src2"
         }
      }
   },
   "_claim_sources":{ 
      "src1":{ 
      "JWT":"..."
      },
     "src2":{ 
      "JWT":"..."
      }
   }
}

respectively

{ 
   "iss":"https://server.example.com", 
   "sub":"248289761001",
   "_claim_names":{ 
       "verified_claims":{ 
         "claims":{ 
            "given_name":"src1",
            "family_name":"src1",
            "address":"src2"
         }
      }
   },
   "_claim_sources":{ 
      "src1":{ 
       "endpoint":"https://oneserver.oneop.com/claim_source",
      },
     "src2":{ 
      "endpoint":"https://anotherserver.yetanotherop.com/",
         "access_token":"ksj3n283dkeafb76cdef"
      }
   }
}

I'd need some standards guidance on that.

Thanks and regards,
Marcos


More information about the Openid-specs-ab mailing list