<html><head><meta http-equiv="content-type" content="text/html; charset=utf-8"></head><body dir="auto"><div dir="ltr">Hi Achim,</div><div dir="ltr"><br></div><div dir="ltr">the basic assumption is that a verified_claims object as a whole comes from a single source simply because the verification data belong to a certain verification done at a certain claim source for a certain claim set.</div><div dir="ltr"><br></div><div dir="ltr">Note: the OP can provide multiple verified_claims objects from different sources as shown by this example <a href="https://openid.net/specs/openid-connect-4-identity-assurance-1_0.html#name-op-attested-ad-external-cla">https://openid.net/specs/openid-connect-4-identity-assurance-1_0.html#name-op-attested-ad-external-cla</a></div><div dir="ltr"><br></div><div dir="ltr">best regards,</div><div dir="ltr">Torsten.</div><div dir="ltr"><br><blockquote type="cite">Am 12.03.2020 um 19:57 schrieb Achim Schlosser via Openid-specs-ekyc-ida <openid-specs-ekyc-ida@lists.openid.net>:<br><br></blockquote></div><blockquote type="cite"><div dir="ltr"><span>Hi,</span><br><span></span><br><span></span><br><span>I’ve been reading through v09 and came across the aggregated claims examples (which I'm specifically interested in also in terms of implementation) and wanted to align on this. The example is he following: </span><br><span></span><br><span>{</span><br><span>  "iss": "https://server.example.com",</span><br><span>  "sub": "248289761001",</span><br><span>  "email": "mailto:janedoe@example.com",</span><br><span>  "email_verified": true,</span><br><span>  "_claim_names": {</span><br><span>    "verified_claims": "src1"</span><br><span>  },</span><br><span>  "_claim_sources": {</span><br><span>    "src1": {</span><br><span>      "JWT": "......"</span><br><span>    }</span><br><span>  }</span><br><span>}</span><br><span></span><br><span>This notation means that all verified_claims that are available / the user is willing to share are available in SRC1s JWT.</span><br><span></span><br><span>I would assume that the following is also possible, which basically uses the verified_claims object in details here:</span><br><span></span><br><span>{</span><br><span>  "iss": "https://server.example.com",</span><br><span>  "sub": "248289761001",</span><br><span>  "email": "mailto:janedoe@example.com",</span><br><span>  "email_verified": true,</span><br><span>  "_claim_names": {</span><br><span>    "verified_claims": {</span><br><span>      "claims": {</span><br><span>        "given_name": "src1",</span><br><span>        "family_name": "src1",</span><br><span>        "birthdate": "src1"</span><br><span>      }</span><br><span>    }</span><br><span>  },</span><br><span>  "_claim_sources": {</span><br><span>    "src1": {</span><br><span>      "JWT": "......"</span><br><span>    }</span><br><span>  }</span><br><span>}</span><br><span></span><br><span>This would allow for explicitly listing the claims present as it is done for classical claims in line with the core specification. This would also support multiple aggregated claim sources with verified claims. </span><br><span></span><br><span>Best</span><br><span></span><br><span>Achim</span><br><span></span><br><span></span><br><span>-- </span><br><span>Openid-specs-ekyc-ida mailing list</span><br><span>Openid-specs-ekyc-ida@lists.openid.net</span><br><span>http://lists.openid.net/mailman/listinfo/openid-specs-ekyc-ida</span><br></div></blockquote></body></html>