[OpenID-Specs-eKYC-IDA] Issue #1153: Request syntax complexity (openid/ekyc-ida)

Daniel Fett issues-reply at bitbucket.org
Fri Jan 17 15:46:39 UTC 2020

New issue 1153: Request syntax complexity

Daniel Fett:

When working on my OIDC4IA prototype, I noticed that there is an enormous amount of complexity hidden in the current request syntax. \(I would like to hear if other implementers have the same perception!\)

Currently, we have different request semantics on almost every level of the request JSON. I feel like some simplification and unification is needed here. On top of that, a lot of the options that the current syntax gives seem useless, for example, filtering by the country of the provider of a utility bill. 

See also Issue #1152: We are creating a lot of complexity on the OPs, but at the same time, RPs should not rely on proper filtering at the OP. We might be better off with some simple filters \(like trust\_framework\) and letting the client handle the rest. 

To illustrate the complexity, here are my notes for the request semantics on different levels of the JSON:

* (claims on root level)
                            Possible values except for verified_claims:    ("Standard Rules")
                             - null: send claim contents (string/JSON/etc.)
                             - JSON object: send claim contents
                                - essential: essential claim
                                - values: check if one of the values match (each value can be string/JSON/etc.)
                                - value: check if value matches
                                - max_age: if date or timestamp, check max-age of date or timestamp
                             - null: ?
                            Always required; if omitted: null
                            Possible values:
                             - null: equals { trust_framework: null }
                             - JSON object with values: send only those fields
                            Apply Standard Rules, except for "evidence"
                            Possible values:
                             - null: send all available evidence (?)
                             - JSON array (!) with exactly one object.
                            Apply Standard Rules, except for "document"
                            Possible values:
                             - null: send whole available document
                             - JSON object with values: send only those fields
                            Apply Standard Rules
                            Always required; if omitted: null
                            Rules to apply:
                             - null: send all claims
                             - JSON with values: send only those fields
                            Apply Standard Rules plus:
                             - JSON: purpose 


More information about the Openid-specs-ekyc-ida mailing list