[Openid-specs-ab] [E] OpenID Connect for Identity Proofing(Proposal)

Nat Sakimura sakimura at gmail.com
Thu Feb 14 13:47:02 UTC 2019 

So, like I have stated several times in the past, there is an initiative at
the European Commission on eKYC. They go in the same direction: separating
out eKYC minimum viable claims from the authentication, which is sensible,
IMHO.
We need to align with them though. The chair of the group is willing to
work with us so let us see what we can do in that respect.

On Thu, Feb 14, 2019 at 10:15 PM Torsten Lodderstedt via Openid-specs-ab <
openid-specs-ab at lists.openid.net> wrote:

> Hi Jeff,
>
> I agree that authentication and identity assurance must be treated
> separately. The proposal is based on that concept (see intro).
>
> kind regards,
> Torsten.
>
> > Am 12.02.2019 um 20:53 schrieb Jeff LOMBARDO <jeff.lombardo at gmail.com>:
> >
> > Thanks Torsten, that's very interesting to see new use cases poping up.
> Great initiative.
> >
> > I will read carefully as I'm very attached to 63A and even if as a
> starter I tend to thing like Tom (and by extension John.
> >
> > Best,
> >
> > JF
> >
> > Le lun. 11 févr. 2019, à 15 h 26, Tom Jones via Openid-specs-ab <
> openid-specs-ab at lists.openid.net> a écrit :
> > At a recent conference on strong identities (dec 10-11 redmond) John
> brady suggested that we needed to separate identity claims from
> authentication.
> >
> > I strongly support John’s concept.
> >
> > From my perspective what that means is that the OP should be primarily
> in the business of authentication.
> >
> > Verified claims should not be mixed into that same basket.
> >
> > I would strong support creating some sort of “attribute provider”
> (whatever) to supplied claims.
> >
> > Note that the verified claims working group ahs a different meaning for
> verified.
> >
> > I believe to avoid confusion this concept needs a different name, like
> validated claims.
> >
> >
> >
> > thx ..tom
> >
> >
> >
> > From: Hjelm, Bjorn via Openid-specs-ab
> > Sent: Monday, February 11, 2019 11:35 AM
> > To: Artifact Binding/Connect Working Group; Torsten Lodderstedt
> > Cc: Hjelm, Bjorn; Paul Grassi
> > Subject: Re: [Openid-specs-ab] [E] OpenID Connect for Identity
> Proofing(Proposal)
> >
> >
> >
> > Torsten,
> >
> > Thank you for submitting this draft. I see a clear need for this
> functionality. Besides support for NIST SP 800-63A, I would also like to
> discuss how this work aligns with some of the discussions in the iGov WG
> about developing support for NISTIR 8112.
> >
> >
> >
> > Looking forward to a productive WG discussion.
> >
> >
> >
> > BR,
> >
> > Bjorn
> >
> >
> >
> > On 2/9/19, 4:41 AM, "Openid-specs-ab on behalf of Torsten Lodderstedt
> via Openid-specs-ab" <openid-specs-ab-bounces at lists.openid.net on behalf
> of openid-specs-ab at lists.openid.net> wrote:
> >
> >
> >
> >     Hi all,
> >
> >
> >     please find attached a document specifying an OpenID Connect
> Extension for the purpose of strong Identity Proofing. On behalf of
> yes.com, I would be delighted to contribute this document to the
> AB/Connect Working Group.
> >
> >
> >     Background: At IIW I held a session about Identity Proofing with
> OpenID Connect to get a feeling regarding the communities appetite to
> standardize an OpenID Extension for this important but also challenging
> topic. The feedback was tremendous so I started to work on this
> specification. It is based on yes.com’s experience with strong identity
> attestation in highly regulated contexts in the European Union, mainly in
> Germany. For example, it will be used to attest user identities in the
> context of creating Qualified (Remote) Electronic Signature according to
> eIDAS. This kind of signature is legally equivalent to a traditional (wet)
> signature on paper.
> >
> >
> >     The approach taken is focused on fulfilling the business
> requirements for natural person identification in the EU. So my assumption
> (and hope) is we together as a WG will refine and enhance the concept to
> cover the requirements of jurisdictions around the world. I look forward to
> having productive discussions.
> >
> >
> >     best regards,
> >
> >     Torsten.
> >
> >
> >
> >
> >
> > _______________________________________________
> >
> > Openid-specs-ab mailing list
> >
> > Openid-specs-ab at lists.openid.net
> >
> > http://lists.openid.net/mailman/listinfo/openid-specs-ab
> >
> >
> >
> > _______________________________________________
> > Openid-specs-ab mailing list
> > Openid-specs-ab at lists.openid.net
> > http://lists.openid.net/mailman/listinfo/openid-specs-ab
>
> _______________________________________________
> Openid-specs-ab mailing list
> Openid-specs-ab at lists.openid.net
> http://lists.openid.net/mailman/listinfo/openid-specs-ab
>


-- 
Nat Sakimura (=nat)
Chairman, OpenID Foundation
http://nat.sakimura.org/
@_nat_en
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-ab/attachments/20190214/1760c651/attachment.html>

More information about the Openid-specs-ab mailing list