[Openid-specs-ab] [E] OpenID Connect for IdentityProofing(Proposal)
thomasclinganjones at gmail.com
thomasclinganjones at gmail.com
Fri Feb 15 17:55:47 UTC 2019
All of the state registrars have a proofing process which varies by state. The processes are all published and publicly available.
Or do you mean proof-of-presence.
The two are both important, but not necessarily solved by the same method.
I guess the real problem is that no one in Germany trusts a proofing process that does not involve presentment of all the proofing data. It seems like the EU is a war with itself over the meaning of privacy. I guess privacy concerns only applies when then company in question is in the US. Otherwise privacy does not apply?
thx ..tom
From: Torsten Lodderstedt
Sent: Friday, February 15, 2019 9:33 AM
To: Tom Jones
Cc: Artifact Binding/Connect Working Group; Jeff LOMBARDO
Subject: Re: [Openid-specs-ab] [E] OpenID Connect for IdentityProofing(Proposal)
> Am 14.02.2019 um 19:22 schrieb Tom Jones <thomasclinganjones at gmail.com>:
>
> Their API is public, their processes are not. It is my understanding that they do the lookup in the state databases directly. I cannot tell you anything about that api.
I took a look onto the "Driver's License Data Verification (DLDV) Service" (https://www.aamva.org/DLDV/ and http://www.movemag.org/identity-management/172-it-s-a-match.html)
The service tells the caller whether the data presented in the request is the same as what the issuer has on file. That’s basically a check whether the data presented are consistent, e.g. there is a person John Smith born on 1/1/1976 in New York City.
It does not tell the caller whether the user it interacts with is this person.
How is this link typically established?
> This is becoming more interesting because the DHS 'Real ID law', which mandates a certain level of proofing be be able to get on an airplane (or certain other venues.)
> My state already offers two levels of proofing (assurance if you will.) I can use my enhanced state driver's license as a stand-in for a passport and visa to Canada.
>
> Health is now the topic of most interest to me. What sort of user consent is required for each of about 6 different categories of data that could be transferred between providers.
> I think that you are going the wrong way with sending more data than is required for the proofing process. Current history is not on your side. Legally i have no information about what might be required.
> Peace ..tom
>
>
> On Thu, Feb 14, 2019 at 10:09 AM Torsten Lodderstedt <torsten at lodderstedt.net> wrote:
>
> > Am 14.02.2019 um 17:47 schrieb Tom Jones <thomasclinganjones at gmail.com>:
> >
> > AAMVA validates the data provided to it by the client (from the user) against state issued identity documents
>
> I’m trying to understand the process. I assume the client sends a set of data to a AAMVA via an API. Does AAMVA look that data up in databases containing the data of state issued identity documents?
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-ab/attachments/20190215/f0a884da/attachment.html>
More information about the Openid-specs-ab
mailing list