<div dir="ltr">Hi George,<div><br></div><div>It's building on top of the existing definition in RFC8417.</div><div><span style="color:rgb(23,43,77);font-family:"Atlassian Sans",ui-sans-serif,-apple-system,"system-ui","Segoe UI",Ubuntu,"Helvetica Neue",sans-serif;font-size:14px"><br></span></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><span style="color:rgb(23,43,77);font-family:"Atlassian Sans",ui-sans-serif,-apple-system,"system-ui","Segoe UI",Ubuntu,"Helvetica Neue",sans-serif;font-size:14px">Strong identity verification typically requires the participants to keep an audit trail of the whole process. The </span><code style="font-variant-numeric:normal;font-variant-east-asian:normal;font-variant-alternates:normal;font-size-adjust:none;font-kerning:auto;font-feature-settings:normal;font-stretch:normal;font-size:12px;line-height:16px;font-family:"Atlassian Mono",ui-monospace,Menlo,"Segoe UI Mono","Ubuntu Mono",monospace;max-width:100%;padding:2px 4px;background:none 0% 0%/auto repeat scroll padding-box border-box rgb(247,248,249);border-radius:3px;overflow-x:auto;color:rgb(23,43,77)">txn</code><span style="color:rgb(23,43,77);font-family:"Atlassian Sans",ui-sans-serif,-apple-system,"system-ui","Segoe UI",Ubuntu,"Helvetica Neue",sans-serif;font-size:14px"> Claim as defined in [@!RFC8417] is used in the context of this extension to build audit trails across the parties involved in an OpenID Connect transaction.</span></blockquote><div><br></div><div>We have removed it from OpenID Connect for Identity Assurance because it was more generic and applicable to OpenID Connect transactions as well.<span style="color:rgb(23,43,77);font-family:"Atlassian Sans",ui-sans-serif,-apple-system,"system-ui","Segoe UI",Ubuntu,"Helvetica Neue",sans-serif;font-size:14px"></span></div><div><font color="#172b4d" face="Atlassian Sans, ui-sans-serif, -apple-system, system-ui, Segoe UI, Ubuntu, Helvetica Neue, sans-serif"><span style="font-size:14px">...</span></font></div></div><br><div class="gmail_quote gmail_quote_container"><div dir="ltr" class="gmail_attr">On Wed, Aug 6, 2025 at 4:56 PM Nat Sakimura via Openid-specs-ab <<a href="mailto:openid-specs-ab@lists.openid.net">openid-specs-ab@lists.openid.net</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><div dir="ltr">Yup. </div><br><div class="gmail_quote"><div dir="ltr" class="gmail_attr">2025年8月6日(水) 11:16 <<a href="mailto:george@practicalidentity.com" target="_blank">george@practicalidentity.com</a>>:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><div>Thanks Nat. Maybe the “trx” string in the notes is a typo and should instead be “txn”?<div><br id="m_-4983353969882964454m_2760168458239700800lineBreakAtBeginningOfMessage"><div>
<div>George Fletcher</div><div>Identity Standards Architect</div><div>Practical Identity LLC</div><div><br></div><br>

</div>
<div><br><blockquote type="cite"><div>On Aug 5, 2025, at 9:06 PM, Nat Sakimura via Openid-specs-ab <<a href="mailto:openid-specs-ab@lists.openid.net" target="_blank">openid-specs-ab@lists.openid.net</a>> wrote:</div><br><div><div dir="auto"><div dir="auto">As I understand, this proposal is to introduce the txn claim into ID Token, but I may be wrong. </div><div dir="auto"><br></div><div dir="auto"><div dir="ltr">Nat Sakimura<br><div><br></div></div></div><br><div class="gmail_quote" dir="auto"><div dir="ltr" class="gmail_attr">2025年8月6日(水) 0:51  <<a href="mailto:george@practicalidentity.com" target="_blank">george@practicalidentity.com</a>>:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><div><br>
<div><br><blockquote type="cite"><div>On Aug 5, 2025, at 2:25 AM, Nat Sakimura via Openid-specs-ab <<a href="mailto:openid-specs-ab@lists.openid.net" rel="noreferrer" target="_blank">openid-specs-ab@lists.openid.net</a>> wrote:</div><br><div><h3 dir="ltr" style="font-family:Helvetica;font-style:normal;font-variant-caps:normal;letter-spacing:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px;text-decoration:none;line-height:1.38;margin-top:14pt;margin-bottom:4pt"><span style="font-size:13pt;font-family:Arial,sans-serif;background-color:transparent;font-variant-numeric:normal;font-variant-east-asian:normal;font-variant-alternates:normal;vertical-align:baseline">Transaction Identifier Claim</span></h3><ul style="font-family:Helvetica;font-size:12px;font-style:normal;font-variant-caps:normal;font-weight:400;letter-spacing:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px;text-decoration:none;margin-top:0px;margin-bottom:0px"><li dir="ltr" style="list-style-type:disc;font-size:11pt;font-family:Arial,sans-serif;background-color:transparent;font-variant-numeric:normal;font-variant-east-asian:normal;font-variant-alternates:normal;vertical-align:baseline;white-space:pre-wrap"><p dir="ltr" role="presentation" style="line-height:1.38;margin-top:12pt;margin-bottom:0pt"><span style="font-size:11pt;background-color:transparent;font-weight:700;font-variant-numeric:normal;font-variant-east-asian:normal;font-variant-alternates:normal;vertical-align:baseline">Proposer:</span><span style="font-size:11pt;background-color:transparent;font-variant-numeric:normal;font-variant-east-asian:normal;font-variant-alternates:normal;vertical-align:baseline"> Dima Postnikov</span></p></li><li dir="ltr" style="list-style-type:disc;font-size:11pt;font-family:Arial,sans-serif;background-color:transparent;font-variant-numeric:normal;font-variant-east-asian:normal;font-variant-alternates:normal;vertical-align:baseline;white-space:pre-wrap"><div style="line-height:1.38;margin-top:0pt;margin-bottom:0pt"><span style="font-size:11pt;background-color:transparent;font-weight:700;font-variant-numeric:normal;font-variant-east-asian:normal;font-variant-alternates:normal;vertical-align:baseline">Background:</span><span style="font-size:11pt;background-color:transparent;font-variant-numeric:normal;font-variant-east-asian:normal;font-variant-alternates:normal;vertical-align:baseline"> trx Claim was removed from eKYC specification as too generic for identity assurance</span></div></li><li dir="ltr" style="list-style-type:disc;font-size:11pt;font-family:Arial,sans-serif;background-color:transparent;font-variant-numeric:normal;font-variant-east-asian:normal;font-variant-alternates:normal;vertical-align:baseline;white-space:pre-wrap"><div style="line-height:1.38;margin-top:0pt;margin-bottom:0pt"><span style="font-size:11pt;background-color:transparent;font-weight:700;font-variant-numeric:normal;font-variant-east-asian:normal;font-variant-alternates:normal;vertical-align:baseline">Use Case:</span><span style="font-size:11pt;background-color:transparent;font-variant-numeric:normal;font-variant-east-asian:normal;font-variant-alternates:normal;vertical-align:baseline"> Commercial ecosystems need to trace transactions after performance, especially for identity sharing</span></div></li><li dir="ltr" style="list-style-type:disc;font-size:11pt;font-family:Arial,sans-serif;background-color:transparent;font-variant-numeric:normal;font-variant-east-asian:normal;font-variant-alternates:normal;vertical-align:baseline;white-space:pre-wrap"><div style="line-height:1.38;margin-top:0pt;margin-bottom:0pt"><span style="font-size:11pt;background-color:transparent;font-weight:700;font-variant-numeric:normal;font-variant-east-asian:normal;font-variant-alternates:normal;vertical-align:baseline">Existing Work:</span><span style="font-size:11pt;background-color:transparent;font-variant-numeric:normal;font-variant-east-asian:normal;font-variant-alternates:normal;vertical-align:baseline"> References SEC events transaction identifier</span></div></li><li dir="ltr" style="list-style-type:disc;font-size:11pt;font-family:Arial,sans-serif;background-color:transparent;font-variant-numeric:normal;font-variant-east-asian:normal;font-variant-alternates:normal;vertical-align:baseline;white-space:pre-wrap"><div style="line-height:1.38;margin-top:0pt;margin-bottom:0pt"><span style="font-size:11pt;background-color:transparent;font-weight:700;font-variant-numeric:normal;font-variant-east-asian:normal;font-variant-alternates:normal;vertical-align:baseline">Proposal:</span><span style="font-size:11pt;background-color:transparent;font-variant-numeric:normal;font-variant-east-asian:normal;font-variant-alternates:normal;vertical-align:baseline"> Create a separate OpenID Connect specification to define usage in ID tokens</span></div></li><li dir="ltr" style="list-style-type:disc;font-size:11pt;font-family:Arial,sans-serif;background-color:transparent;font-variant-numeric:normal;font-variant-east-asian:normal;font-variant-alternates:normal;vertical-align:baseline;white-space:pre-wrap"><div style="line-height:1.38;margin-top:0pt;margin-bottom:0pt"><span style="font-size:11pt;background-color:transparent;font-weight:700;font-variant-numeric:normal;font-variant-east-asian:normal;font-variant-alternates:normal;vertical-align:baseline">Process:</span><span style="font-size:11pt;background-color:transparent;font-variant-numeric:normal;font-variant-east-asian:normal;font-variant-alternates:normal;vertical-align:baseline"> Michael offered to help create GitHub repository for the specification</span></div></li><li dir="ltr" style="list-style-type:disc;font-size:11pt;font-family:Arial,sans-serif;background-color:transparent;font-variant-numeric:normal;font-variant-east-asian:normal;font-variant-alternates:normal;vertical-align:baseline;white-space:pre-wrap"><p dir="ltr" role="presentation" style="line-height:1.38;margin-top:0pt;margin-bottom:12pt"><span style="font-size:11pt;background-color:transparent;font-weight:700;font-variant-numeric:normal;font-variant-east-asian:normal;font-variant-alternates:normal;vertical-align:baseline">Precedent:</span><span style="font-size:11pt;background-color:transparent;font-variant-numeric:normal;font-variant-east-asian:normal;font-variant-alternates:normal;vertical-align:baseline"> Referenced unmet authentication requirements spec that defined only an error code</span></p></li></ul></div></blockquote></div>How is this claim different from that being used in the OAuth Transaction Tokens spec as specified by the Security Event Token RFC 8417 section 2.2?<div><br><div><br></div><div><pre style="font-size:16px;box-sizing:border-box;font-family:"Noto Sans Mono",SFMono-Regular,Menlo,Monaco,Consolas,"Liberation Mono","Courier New",monospace;margin-bottom:0px;overflow:visible;padding:0px;width:80ch;color:rgb(32,37,42);font-variant-ligatures:normal;background-color:rgb(255,255,255);text-decoration-style:initial;text-decoration-color:initial">   "txn" (Transaction Identifier) Claim
      An OPTIONAL string value that represents a unique transaction
      identifier.  In cases in which multiple related JWTs are issued,
      the transaction identifier claim can be used to correlate these
      related JWTs.  Note that this claim can be used in JWTs that are
      SETs and also in JWTs using non-SET profiles.</pre><pre style="font-size:16px;box-sizing:border-box;font-family:"Noto Sans Mono",SFMono-Regular,Menlo,Monaco,Consolas,"Liberation Mono","Courier New",monospace;margin-bottom:0px;overflow:visible;padding:0px;width:80ch;color:rgb(32,37,42);font-variant-ligatures:normal;background-color:rgb(255,255,255);text-decoration-style:initial;text-decoration-color:initial"><br></pre><pre style="font-size:16px;box-sizing:border-box;font-family:"Noto Sans Mono",SFMono-Regular,Menlo,Monaco,Consolas,"Liberation Mono","Courier New",monospace;margin-bottom:0px;overflow:visible;padding:0px;width:80ch;color:rgb(32,37,42);font-variant-ligatures:normal;background-color:rgb(255,255,255);text-decoration-style:initial;text-decoration-color:initial"><br></pre><pre style="font-size:16px;box-sizing:border-box;font-family:"Noto Sans Mono",SFMono-Regular,Menlo,Monaco,Consolas,"Liberation Mono","Courier New",monospace;margin-bottom:0px;overflow:visible;padding:0px;width:80ch;color:rgb(32,37,42);font-variant-ligatures:normal;background-color:rgb(255,255,255);text-decoration-style:initial;text-decoration-color:initial"><br></pre></div></div></div></blockquote></div></div>
_______________________________________________<br>Openid-specs-ab mailing list<br><a href="mailto:Openid-specs-ab@lists.openid.net" target="_blank">Openid-specs-ab@lists.openid.net</a><br><a href="https://lists.openid.net/mailman/listinfo/openid-specs-ab" target="_blank">https://lists.openid.net/mailman/listinfo/openid-specs-ab</a><br></div></blockquote></div><br></div></div></blockquote></div>
_______________________________________________<br>
Openid-specs-ab mailing list<br>
<a href="mailto:Openid-specs-ab@lists.openid.net" target="_blank">Openid-specs-ab@lists.openid.net</a><br>
<a href="https://lists.openid.net/mailman/listinfo/openid-specs-ab" rel="noreferrer" target="_blank">https://lists.openid.net/mailman/listinfo/openid-specs-ab</a><br>
</blockquote></div>