[Openid-specs-fapi] Issue #153: Add level of assurance to scope (openid/fapi)

tomcjones issues-reply at bitbucket.org
Sun Jul 29 19:37:34 UTC 2018

New issue 153: Add level of assurance to scope


The current  sid inherently has no level of assurance. It can eve be ephemeral. Most financial institutions operate under "know you customer" regulations. I propose separate level, however there might be better ways to get the same result.  Sooo...
Level 2 - there is some means for the user to assure that they control access to the account.
Level 3 - the user's identity has been proofed (eg KYC) and level two met as well.
Level 4 - hardware protection of user access is required (this may not be part of OP, but client)

More information about the Openid-specs-fapi mailing list