[Openid-specs-ab] [E] OpenID Connect for Identity Proofing(Proposal)

Torsten Lodderstedt torsten at lodderstedt.net
Fri Feb 15 17:33:54 UTC 2019 


> Am 14.02.2019 um 19:22 schrieb Tom Jones <thomasclinganjones at gmail.com>:
> 
> Their API is public, their processes are not. It is my understanding that they do the lookup in the state databases directly. I cannot tell you anything about that api.

I took a look onto the "Driver's License Data Verification (DLDV) Service" (https://www.aamva.org/DLDV/ and http://www.movemag.org/identity-management/172-it-s-a-match.html)

The service tells the caller whether the data presented in the request is the same as what the issuer has on file. That’s basically a check whether the data presented are consistent, e.g. there is a person John Smith born on 1/1/1976 in New York City. 

It does not tell the caller whether the user it interacts with is this person.

How is this link typically established?

> This is becoming more interesting because the DHS 'Real ID law', which mandates a certain level of proofing be be able to get on an airplane (or certain other venues.)
> My state already offers two levels of proofing (assurance if you will.)  I can use my enhanced state driver's license as a stand-in for a passport and visa to Canada.
> 
> Health is now the topic of most interest to me.  What sort of user consent is required for each of about 6 different categories of data that could be transferred between providers.
> I think that you are going the wrong way with sending more data than is required for the proofing process. Current history is not on your side.  Legally i have no information about what might be required.
> Peace ..tom
> 
> 
> On Thu, Feb 14, 2019 at 10:09 AM Torsten Lodderstedt <torsten at lodderstedt.net> wrote:
> 
> > Am 14.02.2019 um 17:47 schrieb Tom Jones <thomasclinganjones at gmail.com>:
> > 
> > AAMVA validates the data provided to it by the client (from the user) against state issued identity documents
> 
> I’m trying to understand the process. I assume the client sends a set of data to a AAMVA via an API. Does AAMVA look that data up in databases containing the data of state issued identity documents?

-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 3923 bytes
Desc: not available
URL: <http://lists.openid.net/pipermail/openid-specs-ab/attachments/20190215/0d553424/attachment.p7s>

More information about the Openid-specs-ab mailing list