[OpenID-Specs-eKYC-IDA] Feedback needed
Torsten Lodderstedt
torsten at lodderstedt.net
Fri Jan 17 17:43:02 UTC 2020
I think the “trust_framework” identifiers should go into https://www.iana.org/assignments/loa-profiles/loa-profiles.xhtml. I also think we need other registries for evidence types, verification methods and document types.
> On 17. Jan 2020, at 18:35, Leif Johansson <leifj at sunet.se> wrote:
>
> Probably not but IANA/IESG is gona review and will also notice and push back on overlap.
>
> Skickat från min iPhone
>
>> 17 jan. 2020 kl. 18:30 skrev Torsten Lodderstedt <torsten at lodderstedt.net>:
>>
>> I know. My point is, we have several different elements in our data model where we seek extensibility for. Can we put all of those into this single registry?
>>
>>> On 17. Jan 2020, at 18:29, Leif Johansson <leifj at sunet.se> wrote:
>>>
>>> Påls point (and mine) is that there is one already.
>>>
>>> Skickat från min iPhone
>>>
>>>>> 17 jan. 2020 kl. 18:16 skrev Torsten Lodderstedt <torsten at lodderstedt.net>:
>>>>
>>>> Hi,
>>>>
>>>> thanks for your feedback. We know the current state is not the perfect solution.
>>>>
>>>> Finding a sustainable solution is a key topic for the next revision of OpenId Connect for Identity Assurance.
>>>>
>>>> Please see https://bitbucket.org/openid/ekyc-ida/issues/1093/extensibility-how-do-we-support
>>>>
>>>> As you can see ased on the discussion in the latest call, we are aiming at using IANA registries for the different element types.
>>>>
>>>> best regards,
>>>> Torsten.
>>>>
>>>>> On 17. Jan 2020, at 17:26, Leif Johansson via Openid-specs-ekyc-ida <openid-specs-ekyc-ida at lists.openid.net> wrote:
>>>>>
>>>>>> On 2020-01-16 17:46, Pål Axelsson via Openid-specs-ekyc-ida wrote:
>>>>>> Hi all,
>>>>>>
>>>>>> I subscribed to this list today due to that we're owrking with assurance
>>>>>> framework within our academic federation in Sweden. Today we uses SAML
>>>>>> and signal assurance certifications. When we start to use OpenID Connect
>>>>>> we want to be able to do that there to.
>>>>>>
>>>>>> When I read the proposed standard earlier today I saw a large
>>>>>> enumeration in the working materials. I think this is a bad practice to
>>>>>> enumerate in the standard documentation due to these things tend to
>>>>>> change and then there will be a need to update the standard. The
>>>>>> enumeration should instead be in an external registry, for example IANA
>>>>>> registry over Level of Assurance (LoA) Profiles
>>>>>> (https://www.iana.org/assignments/loa-profiles/loa-profiles.xhtml).
>>>>>>
>>>>>> Please correct me if I'm wrong in my assumption.
>>>>>>
>>>>>> Pål Axelsson
>>>>>
>>>>> As the author of RFC6711 I can tell you that you're not wrong. The
>>>>> way we setup the LOA registry was to be able to handle multiple
>>>>> protocol - something I'm sure john bradley could attest to aswell
>>>>> since he was also involved.
>>>>>
>>>>> In fact I think I might mentioned the registry to Torsten @ IIW
>>>>> last fall :-)
>>>>>
>>>>> Cheers Leif
>>>>>
>>>>>>
>>>>>>
>>>>>> ------ Originalmeddelande ------
>>>>>> Från: "Torsten Lodderstedt via Openid-specs-ekyc-ida"
>>>>>> <openid-specs-ekyc-ida at lists.openid.net
>>>>>> <mailto:openid-specs-ekyc-ida at lists.openid.net>>
>>>>>> Till: "OpenID eKYC Identity Assurance Working Group"
>>>>>> <openid-specs-ekyc-ida at lists.openid.net
>>>>>> <mailto:openid-specs-ekyc-ida at lists.openid.net>>
>>>>>> Kopia: "Torsten Lodderstedt" <torsten at lodderstedt.net
>>>>>> <mailto:torsten at lodderstedt.net>>
>>>>>> Skickat: 2020-01-16 17:34:19
>>>>>> Ämne: Re: [OpenID-Specs-eKYC-IDA] Feedback needed
>>>>>>
>>>>>>> Hi Naohiro,
>>>>>>>
>>>>>>> good question.
>>>>>>>
>>>>>>> I would go with Wikipedia‘s
>>>>>>> definition: https://en.m.wikipedia.org/wiki/Jurisdiction
>>>>>>>
>>>>>>> And for every jurisdiction list the respective law(s) + further use cases.
>>>>>>>
>>>>>>> Ronald just raised the question about a use case repository. I think
>>>>>>> this nicely fits together.
>>>>>>>
>>>>>>> We could setup a sub page listing the laws/use cases that were
>>>>>>> implemented using OIDC4IDA and how.
>>>>>>>
>>>>>>> Thoughts?
>>>>>>>
>>>>>>> best regards,
>>>>>>> Torsten.
>>>>>>>
>>>>>>>> Am 16.01.2020 um 10:35 schrieb Naohiro Fujie via
>>>>>>>> Openid-specs-ekyc-ida <openid-specs-ekyc-ida at lists.openid.net
>>>>>>>> <mailto:openid-specs-ekyc-ida at lists.openid.net>>:
>>>>>>>>
>>>>>>>> Hello Torsten,
>>>>>>>>
>>>>>>>> Any criteria to list up jurisdictions? OpenID Foundation Japan have
>>>>>>>> listed up financial and telco related laws earlier, but there are more
>>>>>>>> laws require identity assurance.
>>>>>>>>
>>>>>>>> Naohiro
>>>>>>>>
>>>>>>>> 2020年1月16日(木) 1:29 Torsten Lodderstedt via Openid-specs-ekyc-ida
>>>>>>>> <openid-specs-ekyc-ida at lists.openid.net
>>>>>>>> <mailto:openid-specs-ekyc-ida at lists.openid.net>>:
>>>>>>>>>
>>>>>>>>> Hi all,
>>>>>>>>>
>>>>>>>>> we have so far checked OpenID Connect 4 Identity Assurance in detail
>>>>>>>>> against the requirements and use cases of certain jurisdictions (JP
>>>>>>>>> & DE) or are expecting such feedback from other jurisdictions (UK,
>>>>>>>>> Scandinavia, Australia).
>>>>>>>>>
>>>>>>>>> We are seeking for detailed review feedback regarding applicability
>>>>>>>>> of OpenID Connect 4 Identity Assurance from other jurisdictions
>>>>>>>>> since we want to make sure we develop a truly International standard.
>>>>>>>>>
>>>>>>>>> We would highly appreciate any feedback!
>>>>>>>>>
>>>>>>>>> Thanks in advance,
>>>>>>>>> Torsten.
>>>>>>>>>
>>>>>>>>> --
>>>>>>>>> Openid-specs-ekyc-ida mailing list
>>>>>>>>> Openid-specs-ekyc-ida at lists.openid.net
>>>>>>>>> <mailto:Openid-specs-ekyc-ida at lists.openid.net>
>>>>>>>>> http://lists.openid.net/mailman/listinfo/openid-specs-ekyc-ida
>>>>>>>>>
>>>>>>>> --
>>>>>>>> Openid-specs-ekyc-ida mailing list
>>>>>>>> Openid-specs-ekyc-ida at lists.openid.net
>>>>>>>> <mailto:Openid-specs-ekyc-ida at lists.openid.net>
>>>>>>>> http://lists.openid.net/mailman/listinfo/openid-specs-ekyc-ida
>>>>>>
>>>>>
>>>>> --
>>>>> Openid-specs-ekyc-ida mailing list
>>>>> Openid-specs-ekyc-ida at lists.openid.net
>>>>> http://lists.openid.net/mailman/listinfo/openid-specs-ekyc-ida
>>>>
>>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 3923 bytes
Desc: not available
URL: <http://lists.openid.net/pipermail/openid-specs-ekyc-ida/attachments/20200117/61bb1925/attachment.p7s>
More information about the Openid-specs-ekyc-ida
mailing list