<html xmlns:v="urn:schemas-microsoft-com:vml" xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns="http://www.w3.org/TR/REC-html40">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
<meta name="Generator" content="Microsoft Word 15 (filtered medium)">
<style><!--
/* Font Definitions */
@font-face
{font-family:"Cambria Math";
panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0cm;
font-size:11.0pt;
font-family:"Calibri",sans-serif;
mso-fareast-language:EN-US;}
p.MsoPlainText, li.MsoPlainText, div.MsoPlainText
{mso-style-priority:99;
mso-style-link:"Plain Text Char";
margin:0cm;
font-size:11.0pt;
font-family:"Calibri",sans-serif;
mso-fareast-language:EN-US;}
span.PlainTextChar
{mso-style-name:"Plain Text Char";
mso-style-priority:99;
mso-style-link:"Plain Text";
font-family:"Calibri",sans-serif;}
.MsoChpDefault
{mso-style-type:export-only;
font-family:"Calibri",sans-serif;
mso-fareast-language:EN-US;}
@page WordSection1
{size:612.0pt 792.0pt;
margin:70.85pt 70.85pt 2.0cm 70.85pt;}
div.WordSection1
{page:WordSection1;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]-->
</head>
<body lang="DE" link="#0563C1" vlink="#954F72">
<div class="WordSection1">
<p class="MsoPlainText">Hi Kai,<o:p></o:p></p>
<p class="MsoPlainText"><o:p> </o:p></p>
<p class="MsoPlainText"><span lang="EN-US">my code is now producing this json.<o:p></o:p></span></p>
<p class="MsoPlainText"><span lang="EN-US"><o:p> </o:p></span></p>
<p class="MsoPlainText"><span lang="EN-US" style="font-family:"Courier New"">{<o:p></o:p></span></p>
<p class="MsoPlainText"><span lang="EN-US" style="font-family:"Courier New""> "verified_claims": {<o:p></o:p></span></p>
<p class="MsoPlainText"><span lang="EN-US" style="font-family:"Courier New""> "verification": {<o:p></o:p></span></p>
<p class="MsoPlainText"><span lang="EN-US" style="font-family:"Courier New""> "trust_framework": "de_tkg111",<o:p></o:p></span></p>
<p class="MsoPlainText"><span lang="EN-US" style="font-family:"Courier New""> "time": "2021-02-10T15:56:20.323Z",<o:p></o:p></span></p>
<p class="MsoPlainText"><span lang="EN-US" style="font-family:"Courier New""> "verification_process": "<jwt-redacted>",<o:p></o:p></span></p>
<p class="MsoPlainText"><span lang="EN-US" style="font-family:"Courier New""> "evidence": [<o:p></o:p></span></p>
<p class="MsoPlainText"><span lang="EN-US" style="font-family:"Courier New""> {<o:p></o:p></span></p>
<p class="MsoPlainText"><span lang="EN-US" style="font-family:"Courier New""> "type": "id_document",<o:p></o:p></span></p>
<p class="MsoPlainText"><span lang="EN-US" style="font-family:"Courier New""> "method": "onsite",<o:p></o:p></span></p>
<p class="MsoPlainText"><span lang="EN-US" style="font-family:"Courier New"">
</span><span style="font-family:"Courier New"">"verifier": {<o:p></o:p></span></p>
<p class="MsoPlainText"><span style="font-family:"Courier New""> "organization": "Telekom Deutschland GmbH",<o:p></o:p></span></p>
<p class="MsoPlainText"><span style="font-family:"Courier New""> </span><span lang="EN-US" style="font-family:"Courier New"">"txn": "_71fdb2dd-5ff7-4585-a7d4-d034f9383de2"<o:p></o:p></span></p>
<p class="MsoPlainText"><span lang="EN-US" style="font-family:"Courier New""> },<o:p></o:p></span></p>
<p class="MsoPlainText"><span lang="EN-US" style="font-family:"Courier New""> "time": "2021-02-10T15:56:20.323Z",<o:p></o:p></span></p>
<p class="MsoPlainText"><span lang="EN-US" style="font-family:"Courier New""> "document": {<o:p></o:p></span></p>
<p class="MsoPlainText"><span lang="EN-US" style="font-family:"Courier New""> "type": "idcard",<o:p></o:p></span></p>
<p class="MsoPlainText"><span lang="EN-US" style="font-family:"Courier New""> "date_of_expiry": "2029-11-30"<o:p></o:p></span></p>
<p class="MsoPlainText"><span lang="EN-US" style="font-family:"Courier New""> }<o:p></o:p></span></p>
<p class="MsoPlainText"><span lang="EN-US" style="font-family:"Courier New""> }<o:p></o:p></span></p>
<p class="MsoPlainText"><span lang="EN-US" style="font-family:"Courier New""> ]<o:p></o:p></span></p>
<p class="MsoPlainText"><span lang="EN-US" style="font-family:"Courier New""> },<o:p></o:p></span></p>
<p class="MsoPlainText"><span lang="EN-US" style="font-family:"Courier New""> "claims": {<o:p></o:p></span></p>
<p class="MsoPlainText"><span lang="EN-US" style="font-family:"Courier New""> "restrictedId": "5a4a9f25a60a8f99064c4e0719a893198869fa06c10d22988c53575593db2a8f",<o:p></o:p></span></p>
<p class="MsoPlainText"><span lang="EN-US" style="font-family:"Courier New""> "given_name": "ERIKA",<o:p></o:p></span></p>
<p class="MsoPlainText"><span lang="EN-US" style="font-family:"Courier New""> "family_name": "MUSTERMANN",<o:p></o:p></span></p>
<p class="MsoPlainText"><span lang="EN-US" style="font-family:"Courier New""> "birthdate": "1964-08-12",<o:p></o:p></span></p>
<p class="MsoPlainText"><span lang="EN-US" style="font-family:"Courier New""> "address": {<o:p></o:p></span></p>
<p class="MsoPlainText"><span lang="EN-US" style="font-family:"Courier New""> "locality": "FLOH-SELIGENTHAL OT STRUTH-HELMERSHOF",<o:p></o:p></span></p>
<p class="MsoPlainText"><span lang="EN-US" style="font-family:"Courier New"">
</span><span style="font-family:"Courier New"">"postal_code": "98593",<o:p></o:p></span></p>
<p class="MsoPlainText"><span style="font-family:"Courier New""> "street_name": "Hauptstraße",<o:p></o:p></span></p>
<p class="MsoPlainText"><span style="font-family:"Courier New""> </span><span lang="EN-US" style="font-family:"Courier New"">"house_number": "94",<o:p></o:p></span></p>
<p class="MsoPlainText"><span lang="EN-US" style="font-family:"Courier New""> "country": "DE"<o:p></o:p></span></p>
<p class="MsoPlainText"><span lang="EN-US" style="font-family:"Courier New""> }<o:p></o:p></span></p>
<p class="MsoPlainText"><span lang="EN-US" style="font-family:"Courier New""> }<o:p></o:p></span></p>
<p class="MsoPlainText"><span lang="EN-US" style="font-family:"Courier New""> }<o:p></o:p></span></p>
<p class="MsoPlainText"><span lang="EN-US" style="font-family:"Courier New"">}<o:p></o:p></span></p>
<p class="MsoPlainText"><span lang="EN-US"><o:p> </o:p></span></p>
<p class="MsoPlainText"><span lang="EN-US">restrictedId is in the claims. I guess this should be restricted_id or PPID?<o:p></o:p></span></p>
<p class="MsoPlainText"><span lang="EN-US">Street_address is replaced by street_name and house_number (all the three backends I am sending data to need the house_number separately).<o:p></o:p></span></p>
<p class="MsoPlainText"><span lang="EN-US">I redacted the </span><span lang="EN-US" style="font-family:"Courier New"">verification_process</span><span lang="EN-US"> because I chose to have an jwt access token in that field which is not public<o:p></o:p></span></p>
<p class="MsoPlainText"><span lang="EN-US">The txn is the ID of the SAML assertion I get back from the Governikus eid-server.<o:p></o:p></span></p>
<p class="MsoPlainText"><span lang="EN-US"><o:p> </o:p></span></p>
<p class="MsoPlainText"><span lang="EN-US"><o:p> </o:p></span></p>
<p class="MsoPlainText"><span lang="EN-US">Kind regards<o:p></o:p></span></p>
<p class="MsoPlainText"><span lang="EN-US">Axel<o:p></o:p></span></p>
<p class="MsoPlainText"><span lang="EN-US"><o:p> </o:p></span></p>
<p class="MsoNormal"><span lang="EN-US" style="font-size:10.0pt;font-family:"Courier New";mso-fareast-language:DE"><?xml version="1.0" encoding="UTF-8"?><o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US" style="font-size:10.0pt;font-family:"Courier New";mso-fareast-language:DE"><saml2p:Response xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol" Destination="redacted" ID="_68f9b0df-abe3-4934-974a-a0df1193ef1d" InResponseTo="_6452ce5c-7c0d-4571-8ab3-df7fe543823f"
IssueInstant="2021-02-10T15:56:19.801Z" Version="2.0"><o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US" style="font-size:10.0pt;font-family:"Courier New";mso-fareast-language:DE"> <saml2:Issuer xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">Governikus Autent</saml2:Issuer><o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US" style="font-size:10.0pt;font-family:"Courier New";mso-fareast-language:DE"> <saml2p:Status><o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US" style="font-size:10.0pt;font-family:"Courier New";mso-fareast-language:DE"> <saml2p:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/><o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US" style="font-size:10.0pt;font-family:"Courier New";mso-fareast-language:DE"> </saml2p:Status><o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US" style="font-size:10.0pt;font-family:"Courier New";mso-fareast-language:DE"> <saml2:Assertion xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion" ID="_71fdb2dd-5ff7-4585-a7d4-d034f9383de2" IssueInstant="2021-02-10T15:56:19.798Z"
Version="2.0"><o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US" style="font-size:10.0pt;font-family:"Courier New";mso-fareast-language:DE"> <saml2:Issuer>Governikus Autent</saml2:Issuer><o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US" style="font-size:10.0pt;font-family:"Courier New";mso-fareast-language:DE"> <saml2:Subject><o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US" style="font-size:10.0pt;font-family:"Courier New";mso-fareast-language:DE"> <saml2:NameID Format="urn:oasis:names:tc:SAML:2.0:nameid-format:transient" NameQualifier="Governikus Autent">ef542df5-965c-46bb-ac11-3e357c1d0ba7</saml2:NameID><o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US" style="font-size:10.0pt;font-family:"Courier New";mso-fareast-language:DE"> <saml2:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer"><o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US" style="font-size:10.0pt;font-family:"Courier New";mso-fareast-language:DE"> <saml2:SubjectConfirmationData Address="87.159.179.136" InResponseTo="_6452ce5c-7c0d-4571-8ab3-df7fe543823f" NotOnOrAfter="2021-02-10T16:06:19.798Z"
Recipient="redacted"/><o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US" style="font-size:10.0pt;font-family:"Courier New";mso-fareast-language:DE"> </saml2:SubjectConfirmation><o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US" style="font-size:10.0pt;font-family:"Courier New";mso-fareast-language:DE"> </saml2:Subject><o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US" style="font-size:10.0pt;font-family:"Courier New";mso-fareast-language:DE"> <saml2:Conditions NotBefore="2021-02-10T15:56:19.798Z" NotOnOrAfter="2021-02-10T16:06:19.798Z"><o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US" style="font-size:10.0pt;font-family:"Courier New";mso-fareast-language:DE"> <saml2:AudienceRestriction><o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US" style="font-size:10.0pt;font-family:"Courier New";mso-fareast-language:DE"> <saml2:Audience>redacted</saml2:Audience><o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US" style="font-size:10.0pt;font-family:"Courier New";mso-fareast-language:DE"> </saml2:AudienceRestriction><o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US" style="font-size:10.0pt;font-family:"Courier New";mso-fareast-language:DE"> <saml2:OneTimeUse/><o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US" style="font-size:10.0pt;font-family:"Courier New";mso-fareast-language:DE"> </saml2:Conditions><o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US" style="font-size:10.0pt;font-family:"Courier New";mso-fareast-language:DE"> <saml2:AuthnStatement AuthnInstant="2021-02-10T15:56:19.798Z"><o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US" style="font-size:10.0pt;font-family:"Courier New";mso-fareast-language:DE"> <saml2:AuthnContext><o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US" style="font-size:10.0pt;font-family:"Courier New";mso-fareast-language:DE"> <saml2:AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:SmartcardPKI</saml2:AuthnContextClassRef><o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US" style="font-size:10.0pt;font-family:"Courier New";mso-fareast-language:DE"> <saml2:AuthnContextDeclRef>urn:oasis:names:tc:SAML:2.0:ac:classes:SmartcardPKI</saml2:AuthnContextDeclRef><o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US" style="font-size:10.0pt;font-family:"Courier New";mso-fareast-language:DE"> </saml2:AuthnContext><o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US" style="font-size:10.0pt;font-family:"Courier New";mso-fareast-language:DE"> </saml2:AuthnStatement><o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US" style="font-size:10.0pt;font-family:"Courier New";mso-fareast-language:DE"> <saml2:AttributeStatement><o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US" style="font-size:10.0pt;font-family:"Courier New";mso-fareast-language:DE"> <saml2:Attribute Name="LevelOfAssurance"><o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US" style="font-size:10.0pt;font-family:"Courier New";mso-fareast-language:DE"> <saml2:AttributeValue xmlns:idp="http://bsi.bund.de/eID/" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="idp:LevelOfAssuranceType">http://bsi.bund.de/eID/LoA/hoch</saml2:AttributeValue><o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US" style="font-size:10.0pt;font-family:"Courier New";mso-fareast-language:DE"> </saml2:Attribute><o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US" style="font-size:10.0pt;font-family:"Courier New";mso-fareast-language:DE"> <saml2:Attribute Name="DateOfBirth"><o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US" style="font-size:10.0pt;font-family:"Courier New";mso-fareast-language:DE"> <saml2:AttributeValue xmlns:idp="http://bsi.bund.de/eID/" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="idp:GeneralDateType"><o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US" style="font-size:10.0pt;font-family:"Courier New";mso-fareast-language:DE"> <idp:DateString>19640812</idp:DateString><o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US" style="font-size:10.0pt;font-family:"Courier New";mso-fareast-language:DE"> <idp:DateValue>1964-08-12</idp:DateValue><o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US" style="font-size:10.0pt;font-family:"Courier New";mso-fareast-language:DE"> </saml2:AttributeValue><o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US" style="font-size:10.0pt;font-family:"Courier New";mso-fareast-language:DE"> </saml2:Attribute><o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US" style="font-size:10.0pt;font-family:"Courier New";mso-fareast-language:DE"> <saml2:Attribute Name="RestrictedID"><o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US" style="font-size:10.0pt;font-family:"Courier New";mso-fareast-language:DE"> <saml2:AttributeValue xmlns:idp="http://bsi.bund.de/eID/" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="idp:RestrictedIDType"><o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US" style="font-size:10.0pt;font-family:"Courier New";mso-fareast-language:DE"> <idp:ID>5A4A9F25A60A8F99064C4E0719A893198869FA06C10D22988C53575593DB2A8F</idp:ID><o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US" style="font-size:10.0pt;font-family:"Courier New";mso-fareast-language:DE"> </saml2:AttributeValue><o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US" style="font-size:10.0pt;font-family:"Courier New";mso-fareast-language:DE"> </saml2:Attribute><o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US" style="font-size:10.0pt;font-family:"Courier New";mso-fareast-language:DE"> <saml2:Attribute Name="GivenNames"><o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US" style="font-size:10.0pt;font-family:"Courier New";mso-fareast-language:DE"> <saml2:AttributeValue xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xsd:string">ERIKA</saml2:AttributeValue><o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US" style="font-size:10.0pt;font-family:"Courier New";mso-fareast-language:DE"> </saml2:Attribute><o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US" style="font-size:10.0pt;font-family:"Courier New";mso-fareast-language:DE"> <saml2:Attribute Name="DocumentValidity"><o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US" style="font-size:10.0pt;font-family:"Courier New";mso-fareast-language:DE"> <saml2:AttributeValue xmlns="http://bsi.bund.de/eID/" xmlns:idp="http://bsi.bund.de/eID/" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
Version="1" xsi:type="idp:DocumentValidityResultType"><o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US" style="font-size:10.0pt;font-family:"Courier New";mso-fareast-language:DE"> <idp:ReferenceDate>2021-02-10</idp:ReferenceDate><o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US" style="font-size:10.0pt;font-family:"Courier New";mso-fareast-language:DE"> <idp:Status>valid</idp:Status><o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US" style="font-size:10.0pt;font-family:"Courier New";mso-fareast-language:DE"> </saml2:AttributeValue><o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US" style="font-size:10.0pt;font-family:"Courier New";mso-fareast-language:DE"> </saml2:Attribute><o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US" style="font-size:10.0pt;font-family:"Courier New";mso-fareast-language:DE"> <saml2:Attribute Name="DocumentType"><o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US" style="font-size:10.0pt;font-family:"Courier New";mso-fareast-language:DE"> <saml2:AttributeValue xmlns:idp="http://bsi.bund.de/eID/" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="idp:DocumentType">ID</saml2:AttributeValue><o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US" style="font-size:10.0pt;font-family:"Courier New";mso-fareast-language:DE"> </saml2:Attribute><o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US" style="font-size:10.0pt;font-family:"Courier New";mso-fareast-language:DE"> <saml2:Attribute Name="FamilyNames"><o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US" style="font-size:10.0pt;font-family:"Courier New";mso-fareast-language:DE"> <saml2:AttributeValue xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xsd:string">MUSTERMANN</saml2:AttributeValue><o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US" style="font-size:10.0pt;font-family:"Courier New";mso-fareast-language:DE"> </saml2:Attribute><o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US" style="font-size:10.0pt;font-family:"Courier New";mso-fareast-language:DE"> <saml2:Attribute Name="PlaceOfResidence"><o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US" style="font-size:10.0pt;font-family:"Courier New";mso-fareast-language:DE"> <saml2:AttributeValue xmlns:idp="http://bsi.bund.de/eID/" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="idp:GeneralPlaceType"><o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US" style="font-size:10.0pt;font-family:"Courier New";mso-fareast-language:DE"> <idp:StructuredPlace><o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US" style="font-size:10.0pt;font-family:"Courier New";mso-fareast-language:DE"> <idp:Country>D</idp:Country><o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US" style="font-size:10.0pt;font-family:"Courier New";mso-fareast-language:DE"> <idp:City>FLOH-SELIGENTHAL OT STRUTH-HELMERSHOF</idp:City><o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US" style="font-size:10.0pt;font-family:"Courier New";mso-fareast-language:DE">
</span><span style="font-size:10.0pt;font-family:"Courier New";mso-fareast-language:DE"><idp:ZipCode>98593</idp:ZipCode><o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:10.0pt;font-family:"Courier New";mso-fareast-language:DE"> <idp:Street>Hauptstraße 94</idp:Street><o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:10.0pt;font-family:"Courier New";mso-fareast-language:DE">
</span><span lang="EN-US" style="font-size:10.0pt;font-family:"Courier New";mso-fareast-language:DE"></idp:StructuredPlace><o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US" style="font-size:10.0pt;font-family:"Courier New";mso-fareast-language:DE"> </saml2:AttributeValue><o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US" style="font-size:10.0pt;font-family:"Courier New";mso-fareast-language:DE"> </saml2:Attribute><o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US" style="font-size:10.0pt;font-family:"Courier New";mso-fareast-language:DE"> <saml2:Attribute Name="DateOfExpiry"><o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US" style="font-size:10.0pt;font-family:"Courier New";mso-fareast-language:DE"> <saml2:AttributeValue xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xsd:date">2029-11-30</saml2:AttributeValue><o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US" style="font-size:10.0pt;font-family:"Courier New";mso-fareast-language:DE"> </saml2:Attribute><o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US" style="font-size:10.0pt;font-family:"Courier New";mso-fareast-language:DE"> <saml2:Attribute Name="AcademicTitle"><o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US" style="font-size:10.0pt;font-family:"Courier New";mso-fareast-language:DE"> <saml2:AttributeValue xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xsd:string"/><o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US" style="font-size:10.0pt;font-family:"Courier New";mso-fareast-language:DE"> </saml2:Attribute><o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US" style="font-size:10.0pt;font-family:"Courier New";mso-fareast-language:DE"> </saml2:AttributeStatement><o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US" style="font-size:10.0pt;font-family:"Courier New";mso-fareast-language:DE"> </saml2:Assertion><o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:10.0pt;font-family:"Courier New";mso-fareast-language:DE"></saml2p:Response><o:p></o:p></span></p>
<p class="MsoPlainText"><span lang="EN-US"><o:p> </o:p></span></p>
<p class="MsoPlainText"><span lang="EN-US" style="mso-fareast-language:DE">-----Original Message-----<br>
From: Kai Lehmann <kai.lehmann@1und1.de> <br>
Sent: Dienstag, 9. Februar 2021 10:05<br>
To: OpenID eKYC Identity Assurance Working Group <openid-specs-ekyc-ida@lists.openid.net>; torsten@lodderstedt.net<br>
Cc: Nennker, Axel <Axel.Nennker@telekom.de><br>
Subject: Re: [OpenID-Specs-eKYC-IDA] json validation and PPID</span></p>
<p class="MsoPlainText"><o:p> </o:p></p>
<p class="MsoPlainText">Hi Alex,<o:p></o:p></p>
<p class="MsoPlainText"><o:p> </o:p></p>
<p class="MsoPlainText">For De-Mail, we at 1&1 also use the restricted id provided by the eID service for identification/authentication. It seems restricted ids is not only used in German eID cards, but also in eHealth cards outside of Germany. Putting it inside
of the claims section would be my preference as well. That said, I suggest to stick to the snake_case naming convention used everywhere. So if there is no objection, I can create a PR to add restricted_id to the list of new claims.<o:p></o:p></p>
<p class="MsoPlainText"><o:p> </o:p></p>
<p class="MsoPlainText">/Kai<o:p></o:p></p>
<p class="MsoPlainText"><o:p> </o:p></p>
<p class="MsoPlainText">On 08.02.21, 20:52, "Openid-specs-ekyc-ida on behalf of Axel.Nennker--- via Openid-specs-ekyc-ida" <<a href="mailto:openid-specs-ekyc-ida-bounces@lists.openid.net%20on%20behalf%20of%20openid-specs-ekyc-ida@lists.openid.net"><span style="color:windowtext;text-decoration:none">openid-specs-ekyc-ida-bounces@lists.openid.net
on behalf of openid-specs-ekyc-ida@lists.openid.net</span></a>> wrote:<o:p></o:p></p>
<p class="MsoPlainText"><o:p> </o:p></p>
<p class="MsoPlainText"> HI Torsten,<o:p></o:p></p>
<p class="MsoPlainText"><o:p> </o:p></p>
<p class="MsoPlainText"> thanks for the quick answer. I think I figured it out.<o:p></o:p></p>
<p class="MsoPlainText"> My understanding of the validator was wrong. My bad. <o:p>
</o:p></p>
<p class="MsoPlainText"> So, the json validates OK.<o:p></o:p></p>
<p class="MsoPlainText"> I looked for version differences first, as well. Then, I took an example from the working group and is appeared to be invalid as well. Which seems unlikely. So, I looked for an error in my validation code and found it.<o:p></o:p></p>
<p class="MsoPlainText"><o:p> </o:p></p>
<p class="MsoPlainText"> Regarding the restrictedId, PPID, pcr, I think I will put it in the list of claims. Seems simplest and that way I don't have to change the schema.<o:p></o:p></p>
<p class="MsoPlainText"><o:p> </o:p></p>
<p class="MsoPlainText"> Although I might fiddle with a variant of the schema. I think if the trust_framework is de_tkg111 then some values are not optional anymore.<o:p></o:p></p>
<p class="MsoPlainText"> Maybe I succeed to put that into the schema.<o:p></o:p></p>
<p class="MsoPlainText"><o:p> </o:p></p>
<p class="MsoPlainText"> I would be happy to chat with you and the group regarding which values to use for txn etc and describe DT's use case. Would be happy if other MNO chime in, too. So, we can standardize more.<o:p></o:p></p>
<p class="MsoPlainText"><o:p> </o:p></p>
<p class="MsoPlainText"> Thanks again<o:p></o:p></p>
<p class="MsoPlainText"> Axel<o:p></o:p></p>
<p class="MsoPlainText"><o:p> </o:p></p>
<p class="MsoPlainText"><o:p> </o:p></p>
<p class="MsoPlainText"><o:p> </o:p></p>
<p class="MsoPlainText"><o:p> </o:p></p>
<p class="MsoPlainText"> -----Original Message-----<o:p></o:p></p>
<p class="MsoPlainText"> From: Torsten Lodderstedt <<a href="mailto:torsten@lodderstedt.net"><span style="color:windowtext;text-decoration:none">torsten@lodderstedt.net</span></a>>
<o:p></o:p></p>
<p class="MsoPlainText"> Sent: Montag, 8. Februar 2021 18:53<o:p></o:p></p>
<p class="MsoPlainText"> To: Nennker, Axel <<a href="mailto:Axel.Nennker@telekom.de"><span style="color:windowtext;text-decoration:none">Axel.Nennker@telekom.de</span></a>><o:p></o:p></p>
<p class="MsoPlainText"> Cc: OpenID eKYC Identity Assurance Working Group <<a href="mailto:openid-specs-ekyc-ida@lists.openid.net"><span style="color:windowtext;text-decoration:none">openid-specs-ekyc-ida@lists.openid.net</span></a>><o:p></o:p></p>
<p class="MsoPlainText"> Subject: Re: [OpenID-Specs-eKYC-IDA] json validation and PPID<o:p></o:p></p>
<p class="MsoPlainText"><o:p> </o:p></p>
<p class="MsoPlainText"> Hi Axel,<o:p></o:p></p>
<p class="MsoPlainText"><o:p> </o:p></p>
<p class="MsoPlainText"> I think this could be due to different interpretations of JSON schemas.<o:p></o:p></p>
<p class="MsoPlainText"><o:p> </o:p></p>
<p class="MsoPlainText"> I will get in contact with you directly.<o:p></o:p></p>
<p class="MsoPlainText"><o:p> </o:p></p>
<p class="MsoPlainText"> best regards,<o:p></o:p></p>
<p class="MsoPlainText"> Torsten. <o:p></o:p></p>
<p class="MsoPlainText"><o:p> </o:p></p>
<p class="MsoPlainText"> > Am 08.02.2021 um 12:17 schrieb Axel.Nennker--- via Openid-specs-ekyc-ida <<a href="mailto:openid-specs-ekyc-ida@lists.openid.net"><span style="color:windowtext;text-decoration:none">openid-specs-ekyc-ida@lists.openid.net</span></a>>:<o:p></o:p></p>
<p class="MsoPlainText"> > <o:p></o:p></p>
<p class="MsoPlainText"> > Hi,<o:p></o:p></p>
<p class="MsoPlainText"> > <o:p></o:p></p>
<p class="MsoPlainText"> > we, Deutsche Telekom, have a server that allows us to read German eIDs (id_card) and eATs (de_erp).<o:p></o:p></p>
<p class="MsoPlainText"> > <o:p></o:p></p>
<p class="MsoPlainText"> > I want to forward the information read from the card to some sales backend using the ekyc_ida format.<o:p></o:p></p>
<p class="MsoPlainText"> > <o:p></o:p></p>
<p class="MsoPlainText"> > Here is a json generated by a unit test – hence the dummy values.<o:p></o:p></p>
<p class="MsoPlainText"> > <o:p></o:p></p>
<p class="MsoPlainText"> > <o:p></o:p></p>
<p class="MsoPlainText"> > {<o:p></o:p></p>
<p class="MsoPlainText"> > "verified_claims": {<o:p></o:p></p>
<p class="MsoPlainText"> > "verification": {<o:p></o:p></p>
<p class="MsoPlainText"> > "trust_framework": "de_tkg111",<o:p></o:p></p>
<p class="MsoPlainText"> > "time": "2021-02-07T10:53:18.557729Z",<o:p></o:p></p>
<p class="MsoPlainText"> > "verification_process": "verification_process_dummy",<o:p></o:p></p>
<p class="MsoPlainText"> > "evidence": [<o:p></o:p></p>
<p class="MsoPlainText"> > {<o:p></o:p></p>
<p class="MsoPlainText"> > "type": "id_document",<o:p></o:p></p>
<p class="MsoPlainText"> > "method": "onsite",<o:p></o:p></p>
<p class="MsoPlainText"> > "verifier": {<o:p></o:p></p>
<p class="MsoPlainText"> > "organization": "organization_dummy",<o:p></o:p></p>
<p class="MsoPlainText"> > "txn": "txn_dummy"<o:p></o:p></p>
<p class="MsoPlainText"> > },<o:p></o:p></p>
<p class="MsoPlainText"> > "time": "2021-02-07T10:53:18.558089Z",<o:p></o:p></p>
<p class="MsoPlainText"> > "document": {<o:p></o:p></p>
<p class="MsoPlainText"> > "type": "idcard",<o:p></o:p></p>
<p class="MsoPlainText"> > "restrictedId": "5a4a9f25a60a8f99064c4e0719a893198869fa06c10d22988c53575593db2a8f",<o:p></o:p></p>
<p class="MsoPlainText"> > "date_of_expiry": "2029-11-30"<o:p></o:p></p>
<p class="MsoPlainText"> > }<o:p></o:p></p>
<p class="MsoPlainText"> > }<o:p></o:p></p>
<p class="MsoPlainText"> > ]<o:p></o:p></p>
<p class="MsoPlainText"> > },<o:p></o:p></p>
<p class="MsoPlainText"> > "claims": {<o:p></o:p></p>
<p class="MsoPlainText"> > "given_name": "ERIKA",<o:p></o:p></p>
<p class="MsoPlainText"> > "family_name": "MUSTERMANN",<o:p></o:p></p>
<p class="MsoPlainText"> > "birthdate": "1964-08-12",<o:p></o:p></p>
<p class="MsoPlainText"> > "address": {<o:p></o:p></p>
<p class="MsoPlainText"> > "locality": "KÖLN",<o:p></o:p></p>
<p class="MsoPlainText"> > "postal_code": "51147",<o:p></o:p></p>
<p class="MsoPlainText"> > "street_address": "HEIDESTRASSE 17",<o:p></o:p></p>
<p class="MsoPlainText"> > "country": "DE"<o:p></o:p></p>
<p class="MsoPlainText"> > }<o:p></o:p></p>
<p class="MsoPlainText"> > }<o:p></o:p></p>
<p class="MsoPlainText"> > }<o:p></o:p></p>
<p class="MsoPlainText"> > }<o:p></o:p></p>
<p class="MsoPlainText"> > <o:p></o:p></p>
<p class="MsoPlainText"> > What I added to the ekyc_ida format is “restrictedId”, which is an identifier depending on the server’s authorization certificate and the card’s id.<o:p></o:p></p>
<p class="MsoPlainText"> > RestrictedID is something like a pseudonymous customer reference from Mobile Connect or Pairwise Pseudonymous Identifier from OpenID Connect Core Spec.<o:p></o:p></p>
<p class="MsoPlainText"> > So I was not sure where to put “restrictedId” – it could be under verifier AND document with equal justification.<o:p></o:p></p>
<p class="MsoPlainText"> > <o:p></o:p></p>
<p class="MsoPlainText"> > Could you please help me on this? Is the json valid according the ekyc_ida schema?<o:p></o:p></p>
<p class="MsoPlainText"> > <a href="https://bitbucket.org/openid/ekyc-ida/src/master/schema/verified_claims.json">
<span style="color:windowtext;text-decoration:none">https://bitbucket.org/openid/ekyc-ida/src/master/schema/verified_claims.json</span></a><o:p></o:p></p>
<p class="MsoPlainText"> > <o:p></o:p></p>
<p class="MsoPlainText"> > I checked using an online json schema validator which says it is valid.
<a href="https://www.jsonschemavalidator.net/"><span style="color:windowtext;text-decoration:none">https://www.jsonschemavalidator.net/</span></a><o:p></o:p></p>
<p class="MsoPlainText"> > But using a java schema validator in my unit tests it comes out as invalid.<o:p></o:p></p>
<p class="MsoPlainText"> > <dependency><o:p></o:p></p>
<p class="MsoPlainText"> > <groupId>com.networknt</groupId><o:p></o:p></p>
<p class="MsoPlainText"> > <artifactId>json-schema-validator</artifactId><o:p></o:p></p>
<p class="MsoPlainText"> > <version>1.0.48</version><o:p></o:p></p>
<p class="MsoPlainText"> > <scope>test</scope><o:p></o:p></p>
<p class="MsoPlainText"> > </dependency><o:p></o:p></p>
<p class="MsoPlainText"> > <o:p></o:p></p>
<p class="MsoPlainText"> > To summarize:<o:p></o:p></p>
<p class="MsoPlainText"> > • Is the json valid?<o:p></o:p></p>
<p class="MsoPlainText"> > • Where to put the restrictedId?<o:p></o:p></p>
<p class="MsoPlainText"> > • Add restrictedId to schema?<o:p></o:p></p>
<p class="MsoPlainText"> > <o:p></o:p></p>
<p class="MsoPlainText"> > <o:p></o:p></p>
<p class="MsoPlainText"> > -- <o:p></o:p></p>
<p class="MsoPlainText"> > Openid-specs-ekyc-ida mailing list<o:p></o:p></p>
<p class="MsoPlainText"> > <a href="mailto:Openid-specs-ekyc-ida@lists.openid.net">
<span style="color:windowtext;text-decoration:none">Openid-specs-ekyc-ida@lists.openid.net</span></a><o:p></o:p></p>
<p class="MsoPlainText"> > <a href="https://www.google.com/url?q=http://lists.openid.net/mailman/listinfo/openid-specs-ekyc-ida&source=gmail-imap&ust=1613387847000000&usg=AOvVaw2NiPAlftR0mY30osU9AXOy">
<span style="color:windowtext;text-decoration:none">https://www.google.com/url?q=http://lists.openid.net/mailman/listinfo/openid-specs-ekyc-ida&source=gmail-imap&ust=1613387847000000&usg=AOvVaw2NiPAlftR0mY30osU9AXOy</span></a><o:p></o:p></p>
<p class="MsoPlainText"><o:p> </o:p></p>
<p class="MsoPlainText"> -- <o:p></o:p></p>
<p class="MsoPlainText"> Openid-specs-ekyc-ida mailing list<o:p></o:p></p>
<p class="MsoPlainText"> <a href="mailto:Openid-specs-ekyc-ida@lists.openid.net">
<span style="color:windowtext;text-decoration:none">Openid-specs-ekyc-ida@lists.openid.net</span></a><o:p></o:p></p>
<p class="MsoPlainText"> <a href="http://lists.openid.net/mailman/listinfo/openid-specs-ekyc-ida">
<span style="color:windowtext;text-decoration:none">http://lists.openid.net/mailman/listinfo/openid-specs-ekyc-ida</span></a><o:p></o:p></p>
<p class="MsoPlainText"><o:p> </o:p></p>
</div>
</body>
</html>