[OpenID-Specs-eKYC-IDA] Identity Assurance deployment in DENIC's testbed

Thu Apr 23 09:15:20 UTC 2020

Hi Torsten,

El 23/4/20 a las 10:17, Torsten Lodderstedt escribió:
> Hi Marcos,
> 
> do I get it right that anyone can test OpenID Connect 4 Identity Assurance using your Test IDP?

yes, that's right. If any issues pop up while playing with it, you can 
contact me personally.

Best,
Marcos

> 
> That’s great! Thanks for your support!
> 
> best regards,
> Torsten.
> 
>> On 23. Apr 2020, at 07:45, Marcos Sanz via Openid-specs-ekyc-ida <openid-specs-ekyc-ida at lists.openid.net> wrote:
>>
>> Sorry for duplicates, I thought this might be of interest for the group.
>>
>> (And if you are aware of any other implementations, don't forget to add them to https://bitbucket.org/openid/ekyc-ida/wiki/Implementations)
>>
>> Best regards,
>> Marcos
>>
>> -------- Mensaje reenviado --------
>> Asunto: Identity Assurance deployment in DENIC's testbed
>> Fecha: Wed, 22 Apr 2020 22:11:16 +0200
>> De: Marcos Sanz <sanz at denic.de>
>> Organización: DENIC eG
>> Para: technical_wg at lists.ID4me.org <technical_wg at lists.ID4me.org>
>>
>> Hi all,
>>
>> I am happy of making publicly available the results of DENIC's last two months of work in this area: our test environment supports the newest OIDF specification, OpenID Connect for Identity Assurance (IA) 1.0, fruit of the efforts of OpenID Foundation eKYC&IA working group.
>>
>> The IA specification is about to finish the second public review period
>>
>> https://openid.net/2020/03/24/second-public-review-period-for-openid-connect-for-identity-assurance-specification-started/
>>
>> and will probably reach afterwards the status of Second Implementer's Draft. That being said, it is already today that we believe it has reached a level of maturity allowing for immediate deployment. DENIC has been supporting and contributing to this specification since its inception. We now think that the additional offer of a sandbox IdP service with open client registration will allow for interoperability tests, which will further foster the standard.
>>
>> DENIC's test environment (iss = https://id.test.denic.de) allows for free self-registration of identifiers at https://id.test.denic.de/signup
>> After registration, you'll be prompted to store claims about that identity for test purposes. And then, any RP is ready to go and query them by means of the new IA standard! You can later change claim values (among other things) at the user dashboard: https://id.test.denic.de/dashboard
>>
>> Please bear in mind: the IA specification deals explicitly with verified claims. However, and due to the nature of the testbed (which makes use of self-attestation, s. further up) delivered data actually undergoes no verification at all. Thus, these data are NOT VERIFIED and output of this IdP cannot be used for any production purposes whatsoever.
>>
>> And finally one small technical detail: The Trust Framework parameter in the auth requests is currently being ignored by our test IdP. We are having internal discussions as to how to deal with it. We most probably will define a proprietary framework identifier to move on until we align our processes and data to a normative trust framework.
>>
>> Definition of a trust framework is anyway ongoing work at the ID4me association and you'll soon also hear from it.
>>
>> Best regards,
>> Marcos
>> -- 
>> Openid-specs-ekyc-ida mailing list
>> Openid-specs-ekyc-ida at lists.openid.net
>> http://lists.openid.net/mailman/listinfo/openid-specs-ekyc-ida
> 

-- 
Dipl.-Ing. Marcos Sanz Grossón
Leiter Software Engineering

DENIC eG, Kaiserstraße 75 – 77, 60329 Frankfurt am Main, GERMANY
E-Mail: sanz at denic.de, Fon: +49 69 27235-0, Fax: -235
https://www.denic.de

Angaben nach §25a Absatz 1 GenG: DENIC eG (Sitz: Frankfurt am Main)
Vorstand: Martin Küchenthal, Andreas Musielak, Sebastian Röthler, Dr. 
Jörg Schweiger
Vorsitzender des Aufsichtsrats: Thomas Keller
Eingetragen unter Nr. 770 im Genossenschaftsregister, Amtsgericht 
Frankfurt am Main