[OpenID-Specs-eKYC-IDA] Issue #1242: Look ahead for provided claims in distributed/aggregated claims (openid/ekyc-ida)

[tlodderstedt]

New issue 1242: Look ahead for provided claims in distributed/aggregated claims
https://bitbucket.org/openid/ekyc-ida/issues/1242/look-ahead-for-provided-claims-in

Torsten Lodderstedt:

Litte Armitt Ross from GRIDS project \([https://grids-cef.eu/](https://grids-cef.eu/)\) approached Daniel and me with an inquiry regarding aggregated/distributed claims. The aim is to put more information in the ID Token/UseInfo response to allow the RP to determine what verified End-User claims are available in what aggregated/distributed claims source. 

So far, we only make transparent that “verified\_claims” is available. Here is an example:

```
{
  "iss": "https://server.example.com",
  "sub": "248289761001",
  "email": "janedoe at example.com",
  "email_verified": true,
  "_claim_names": {
    "verified_claims": [
      "src1",
      "src2"
    ]
  },
  "_claim_sources": {
    "src1": {
      "JWT": "eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJodHRwcz
      ovL3NlcnZlci5vdGhlcm9wLmNvbSIsInN1YiI6ImU4MTQ4NjAzLTg5MzQtNDI0N
      S04MjViLWMxMDhiOGI2Yjk0NSIsInZlcmlmaWVkX2NsYWltcyI6eyJ2ZXJpZmlj
      YXRpb24iOnsidHJ1c3RfZnJhbWV3b3JrIjoiaWFsX2V4YW1wbGVfZ29sZCJ9LCJ
      jbGFpbXMiOnsiZ2l2ZW5fbmFtZSI6Ik1heCIsImZhbWlseV9uYW1lIjoiTWVpZX
      IiLCJiaXJ0aGRhdGUiOiIxOTU2LTAxLTI4In19fQ.FArlPUtUVn95HCExePlWJQ
      6ctVfVpQyeSbe3xkH9MH1QJjnk5GVbBW0qe1b7R3lE-8iVv__0mhRTUI5lcFhLj
      oGjDS8zgWSarVsEEjwBK7WD3r9cEw6ZAhfEkhHL9eqAaED2rhhDbHD5dZWXkJCu
      XIcn65g6rryiBanxlXK0ZmcK4fD9HV9MFduk0LRG_p4yocMaFvVkqawat5NV9QQ
      3ij7UBr3G7A4FojcKEkoJKScdGoozir8m5XD83Sn45_79nCcgWSnCX2QTukL8Ny
      wIItu_K48cjHiAGXXSzydDm_ccGCe0sY-Ai2-iFFuQo2PtfuK2SqPPmAZJxEFrF
      oLY4g"
    },
    "src2": {
      "endpoint": "https://server.yetanotherop.com/claim_source",
      "access_token": "ksj3n283dkeafb76cdef"
    }
  }
}
```

The RP now needs to query the distributed claims source in order to determine what is available there. That might cause additional cost without providing the required claims, so the question is whether some more details can be provided to support the RP’s decision. 

Ross proposed an extension to the “\_claim\_names” structure like this:

```
{
    "iss": "https://self-issued.me",
    "sub": "248289761001",
    "preferred_username": "superman445",
    "_claim_names": {
        "verified_claims": {
            "given_name": [
                "src1",
                "src2"
            ],
            "family": [
                "src1",
                "src2"
            ],
            "legal_name": "src1",
            "legal_person_identifier": "src1",
            "lei": "src1"
        }
    }, 
    …
}
```

‌

‌

Responsible: Torsten Lodderstedt