<html xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns="http://www.w3.org/TR/REC-html40"><head><meta http-equiv=Content-Type content="text/html; charset=utf-8"><meta name=Generator content="Microsoft Word 15 (filtered medium)"><style><!--
/* Font Definitions */
@font-face
{font-family:"Cambria Math";
panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0in;
margin-bottom:.0001pt;
font-size:11.0pt;
font-family:"Calibri",sans-serif;}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:blue;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{mso-style-priority:99;
color:#954F72;
text-decoration:underline;}
.MsoChpDefault
{mso-style-type:export-only;}
@page WordSection1
{size:8.5in 11.0in;
margin:1.0in 1.0in 1.0in 1.0in;}
div.WordSection1
{page:WordSection1;}
--></style></head><body lang=EN-US link=blue vlink="#954F72"><div class=WordSection1><p class=MsoNormal>At a recent conference on strong identities (dec 10-11 redmond) John brady suggested that we needed to separate identity claims from authentication.</p><p class=MsoNormal>I strongly support John’s concept.</p><p class=MsoNormal>From my perspective what that means is that the OP should be primarily in the business of authentication.</p><p class=MsoNormal>Verified claims should not be mixed into that same basket.</p><p class=MsoNormal>I would strong support creating some sort of “attribute provider” (whatever) to supplied claims.</p><p class=MsoNormal>Note that the verified claims working group ahs a different meaning for verified.</p><p class=MsoNormal>I believe to avoid confusion this concept needs a different name, like validated claims.</p><p class=MsoNormal><o:p> </o:p></p><p class=MsoNormal>thx ..tom</p><p class=MsoNormal><o:p> </o:p></p><div style='mso-element:para-border-div;border:none;border-top:solid #E1E1E1 1.0pt;padding:3.0pt 0in 0in 0in'><p class=MsoNormal style='border:none;padding:0in'><b>From: </b><a href="mailto:openid-specs-ab@lists.openid.net">Hjelm, Bjorn via Openid-specs-ab</a><br><b>Sent: </b>Monday, February 11, 2019 11:35 AM<br><b>To: </b><a href="mailto:openid-specs-ab@lists.openid.net">Artifact Binding/Connect Working Group</a>; <a href="mailto:torsten@lodderstedt.net">Torsten Lodderstedt</a><br><b>Cc: </b><a href="mailto:Bjorn.Hjelm@VerizonWireless.com">Hjelm, Bjorn</a>; <a href="mailto:pgrassi@easydynamics.com">Paul Grassi</a><br><b>Subject: </b>Re: [Openid-specs-ab] [E] OpenID Connect for Identity Proofing(Proposal)</p></div><p class=MsoNormal><o:p> </o:p></p><p class=MsoNormal>Torsten,</p><p class=MsoNormal>Thank you for submitting this draft. I see a clear need for this functionality. Besides support for NIST SP 800-63A, I would also like to discuss how this work aligns with some of the discussions in the iGov WG about developing support for NISTIR 8112.</p><p class=MsoNormal><o:p> </o:p></p><p class=MsoNormal>Looking forward to a productive WG discussion.</p><p class=MsoNormal><o:p> </o:p></p><p class=MsoNormal>BR,</p><p class=MsoNormal>Bjorn</p><p class=MsoNormal><o:p> </o:p></p><p class=MsoNormal>On 2/9/19, 4:41 AM, "Openid-specs-ab on behalf of Torsten Lodderstedt via Openid-specs-ab" <openid-specs-ab-bounces@lists.openid.net on behalf of openid-specs-ab@lists.openid.net> wrote:</p><p class=MsoNormal><o:p> </o:p></p><p class=MsoNormal> Hi all,</p><p class=MsoNormal> </p><p class=MsoNormal> please find attached a document specifying an OpenID Connect Extension for the purpose of strong Identity Proofing. On behalf of yes.com, I would be delighted to contribute this document to the AB/Connect Working Group.</p><p class=MsoNormal> </p><p class=MsoNormal> Background: At IIW I held a session about Identity Proofing with OpenID Connect to get a feeling regarding the communities appetite to standardize an OpenID Extension for this important but also challenging topic. The feedback was tremendous so I started to work on this specification. It is based on yes.com’s experience with strong identity attestation in highly regulated contexts in the European Union, mainly in Germany. For example, it will be used to attest user identities in the context of creating Qualified (Remote) Electronic Signature according to eIDAS. This kind of signature is legally equivalent to a traditional (wet) signature on paper. </p><p class=MsoNormal> </p><p class=MsoNormal> The approach taken is focused on fulfilling the business requirements for natural person identification in the EU. So my assumption (and hope) is we together as a WG will refine and enhance the concept to cover the requirements of jurisdictions around the world. I look forward to having productive discussions.</p><p class=MsoNormal> </p><p class=MsoNormal> best regards,</p><p class=MsoNormal> Torsten. </p><p class=MsoNormal> </p><p class=MsoNormal> </p><p class=MsoNormal><o:p> </o:p></p><p class=MsoNormal>_______________________________________________</p><p class=MsoNormal>Openid-specs-ab mailing list</p><p class=MsoNormal>Openid-specs-ab@lists.openid.net</p><p class=MsoNormal>http://lists.openid.net/mailman/listinfo/openid-specs-ab</p><p class=MsoNormal><o:p> </o:p></p></div></body></html>