[Openid-specs-mobile-profile] Introduction of IAL

Fri Feb 1 04:25:56 UTC 2019

Good evening,

Has anyone looked at the rollout of IAL on their Attributes? I am looking at it for the US carriers and wanted feedback. Genericly we want to align to the NIST definitions.
Ial1: self asserted
Ial2: IDP has verified
Ial3: trained human has verified with government issued id.

We have two main approaches we are contemplating, but I would be open to others if anyone in the community has looked into it.
Approach 1

Approach 2

“sub”:”<mccmnc-(salted for this SP)>”,
    “name”: {
        “name”:”Jane Doe”,
        “given_name”: “Jane”,
        “family_name”: “Doe”,
        “ial”:1 },
   “birthdate”: {
        “birthdate”:”0000-03-22”,
        “ial”:1},
   “email”:{
        “email: “janedoe at example.com<mailto:janedoe at example.com>”,
         “email_validated”:”true”,
        “ial”:2 }
   “gender”:{
        “gender”:”xxx”,
        “ial”:1 }
    “profile_photo”:https://www.....,
    “location”:{
        "lat":"xxxxxx",
        "long":"yyyyyy",
        "alt":"zzzzzzzzzz",
        "acc":"accuracy",
        "speed":"cccccccc"
    “address”: {
        “street_address”: “1234 Hollywood Blvd.\naddress line 2”,
        “locality”: “Los Angeles”,
         “region”: “CA”,
         “postal_code”: “90210-3456”,
        “country”: “US”,
        “ial”:2},
   “postal_code”: {
        “postal_code”:“90210-3456”,
        “ial”:2 }
   “phone_number”: {
        “phone_number”:“+13101234567”,
       “phone_validated”:”true”,
        “ial”:3 }
  }

myData = {
                "name":"Jane Doe",
                "given_name":"Jane Doe",
                "family_name":"Jane Doe",
                "birthdate":"Jane Doe",
                "phone_number":"9132848814",
                "email":"ptdecker at mac.com<mailto:ptdecker at mac.com>",
                "ial2":["name","email"],
                "ial3":["phone_number"]
};

In this approach each attribute gains sub elements.  It greatly increases the size. And makes some access odd.  Like  $name=$data.name.name…

In this approach the data seems more compressed, but does not seem right either.   It also may make it harder to hold other attributes like the last validated time stamp, or last edited timestamp per attribute for more verbose internal access.

Note; email_validated and phone_validated came from Core spec, and with IAL we could/should drop them completely.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-mobile-profile/attachments/20190201/db9b7c79/attachment-0001.html>