[Openid-specs-ab] AB/C WG Pacific Meeting Notes (2025-08-04)

Dima Postnikov dima at postnikov.net
Wed Aug 6 15:13:35 UTC 2025 

Hi George,

It's building on top of the existing definition in RFC8417.

Strong identity verification typically requires the participants to keep an
> audit trail of the whole process. The txn Claim as defined in [@!RFC8417]
> is used in the context of this extension to build audit trails across the
> parties involved in an OpenID Connect transaction.


We have removed it from OpenID Connect for Identity Assurance because it
was more generic and applicable to OpenID Connect transactions as well.
...

On Wed, Aug 6, 2025 at 4:56 PM Nat Sakimura via Openid-specs-ab <
openid-specs-ab at lists.openid.net> wrote:

> Yup.
>
> 2025年8月6日(水) 11:16 <george at practicalidentity.com>:
>
>> Thanks Nat. Maybe the “trx” string in the notes is a typo and should
>> instead be “txn”?
>>
>> George Fletcher
>> Identity Standards Architect
>> Practical Identity LLC
>>
>>
>>
>> On Aug 5, 2025, at 9:06 PM, Nat Sakimura via Openid-specs-ab <
>> openid-specs-ab at lists.openid.net> wrote:
>>
>> As I understand, this proposal is to introduce the txn claim into ID
>> Token, but I may be wrong.
>>
>> Nat Sakimura
>>
>>
>> 2025年8月6日(水) 0:51 <george at practicalidentity.com>:
>>
>>>
>>>
>>> On Aug 5, 2025, at 2:25 AM, Nat Sakimura via Openid-specs-ab <
>>> openid-specs-ab at lists.openid.net> wrote:
>>>
>>> Transaction Identifier Claim
>>>
>>>    -
>>>
>>>    Proposer: Dima Postnikov
>>>    - Background: trx Claim was removed from eKYC specification as too
>>>    generic for identity assurance
>>>    - Use Case: Commercial ecosystems need to trace transactions after
>>>    performance, especially for identity sharing
>>>    - Existing Work: References SEC events transaction identifier
>>>    - Proposal: Create a separate OpenID Connect specification to define
>>>    usage in ID tokens
>>>    - Process: Michael offered to help create GitHub repository for the
>>>    specification
>>>    -
>>>
>>>    Precedent: Referenced unmet authentication requirements spec that
>>>    defined only an error code
>>>
>>> How is this claim different from that being used in the OAuth
>>> Transaction Tokens spec as specified by the Security Event Token RFC 8417
>>> section 2.2?
>>>
>>>
>>>    "txn" (Transaction Identifier) Claim
>>>       An OPTIONAL string value that represents a unique transaction
>>>       identifier.  In cases in which multiple related JWTs are issued,
>>>       the transaction identifier claim can be used to correlate these
>>>       related JWTs.  Note that this claim can be used in JWTs that are
>>>       SETs and also in JWTs using non-SET profiles.
>>>
>>>
>>>
>>>
>>> _______________________________________________
>> Openid-specs-ab mailing list
>> Openid-specs-ab at lists.openid.net
>> https://lists.openid.net/mailman/listinfo/openid-specs-ab
>>
>>
>> _______________________________________________
> Openid-specs-ab mailing list
> Openid-specs-ab at lists.openid.net
> https://lists.openid.net/mailman/listinfo/openid-specs-ab
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-ab/attachments/20250807/2c38351d/attachment.htm>

More information about the Openid-specs-ab mailing list