[OpenID-Specs-eKYC-IDA] json validation and PPID
Axel.Nennker at telekom.de
Axel.Nennker at telekom.de
Mon Feb 8 19:52:29 UTC 2021
HI Torsten,
thanks for the quick answer. I think I figured it out.
My understanding of the validator was wrong. My bad.
So, the json validates OK.
I looked for version differences first, as well. Then, I took an example from the working group and is appeared to be invalid as well. Which seems unlikely. So, I looked for an error in my validation code and found it.
Regarding the restrictedId, PPID, pcr, I think I will put it in the list of claims. Seems simplest and that way I don't have to change the schema.
Although I might fiddle with a variant of the schema. I think if the trust_framework is de_tkg111 then some values are not optional anymore.
Maybe I succeed to put that into the schema.
I would be happy to chat with you and the group regarding which values to use for txn etc and describe DT's use case. Would be happy if other MNO chime in, too. So, we can standardize more.
Thanks again
Axel
-----Original Message-----
From: Torsten Lodderstedt <torsten at lodderstedt.net>
Sent: Montag, 8. Februar 2021 18:53
To: Nennker, Axel <Axel.Nennker at telekom.de>
Cc: OpenID eKYC Identity Assurance Working Group <openid-specs-ekyc-ida at lists.openid.net>
Subject: Re: [OpenID-Specs-eKYC-IDA] json validation and PPID
Hi Axel,
I think this could be due to different interpretations of JSON schemas.
I will get in contact with you directly.
best regards,
Torsten.
> Am 08.02.2021 um 12:17 schrieb Axel.Nennker--- via Openid-specs-ekyc-ida <openid-specs-ekyc-ida at lists.openid.net>:
>
> Hi,
>
> we, Deutsche Telekom, have a server that allows us to read German eIDs (id_card) and eATs (de_erp).
>
> I want to forward the information read from the card to some sales backend using the ekyc_ida format.
>
> Here is a json generated by a unit test – hence the dummy values.
>
>
> {
> "verified_claims": {
> "verification": {
> "trust_framework": "de_tkg111",
> "time": "2021-02-07T10:53:18.557729Z",
> "verification_process": "verification_process_dummy",
> "evidence": [
> {
> "type": "id_document",
> "method": "onsite",
> "verifier": {
> "organization": "organization_dummy",
> "txn": "txn_dummy"
> },
> "time": "2021-02-07T10:53:18.558089Z",
> "document": {
> "type": "idcard",
> "restrictedId": "5a4a9f25a60a8f99064c4e0719a893198869fa06c10d22988c53575593db2a8f",
> "date_of_expiry": "2029-11-30"
> }
> }
> ]
> },
> "claims": {
> "given_name": "ERIKA",
> "family_name": "MUSTERMANN",
> "birthdate": "1964-08-12",
> "address": {
> "locality": "KÖLN",
> "postal_code": "51147",
> "street_address": "HEIDESTRASSE 17",
> "country": "DE"
> }
> }
> }
> }
>
> What I added to the ekyc_ida format is “restrictedId”, which is an identifier depending on the server’s authorization certificate and the card’s id.
> RestrictedID is something like a pseudonymous customer reference from Mobile Connect or Pairwise Pseudonymous Identifier from OpenID Connect Core Spec.
> So I was not sure where to put “restrictedId” – it could be under verifier AND document with equal justification.
>
> Could you please help me on this? Is the json valid according the ekyc_ida schema?
> https://bitbucket.org/openid/ekyc-ida/src/master/schema/verified_claims.json
>
> I checked using an online json schema validator which says it is valid. https://www.jsonschemavalidator.net/
> But using a java schema validator in my unit tests it comes out as invalid.
> <dependency>
> <groupId>com.networknt</groupId>
> <artifactId>json-schema-validator</artifactId>
> <version>1.0.48</version>
> <scope>test</scope>
> </dependency>
>
> To summarize:
> • Is the json valid?
> • Where to put the restrictedId?
> • Add restrictedId to schema?
>
>
> --
> Openid-specs-ekyc-ida mailing list
> Openid-specs-ekyc-ida at lists.openid.net
> https://www.google.com/url?q=http://lists.openid.net/mailman/listinfo/openid-specs-ekyc-ida&source=gmail-imap&ust=1613387847000000&usg=AOvVaw2NiPAlftR0mY30osU9AXOy
More information about the Openid-specs-ekyc-ida
mailing list