[OpenID-Specs-eKYC-IDA] Feedback needed
Leif Johansson
leifj at sunet.se
Fri Jan 17 16:26:47 UTC 2020
On 2020-01-16 17:46, Pål Axelsson via Openid-specs-ekyc-ida wrote:
> Hi all,
>
> I subscribed to this list today due to that we're owrking with assurance
> framework within our academic federation in Sweden. Today we uses SAML
> and signal assurance certifications. When we start to use OpenID Connect
> we want to be able to do that there to.
>
> When I read the proposed standard earlier today I saw a large
> enumeration in the working materials. I think this is a bad practice to
> enumerate in the standard documentation due to these things tend to
> change and then there will be a need to update the standard. The
> enumeration should instead be in an external registry, for example IANA
> registry over Level of Assurance (LoA) Profiles
> (https://www.iana.org/assignments/loa-profiles/loa-profiles.xhtml).
>
> Please correct me if I'm wrong in my assumption.
>
> Pål Axelsson
As the author of RFC6711 I can tell you that you're not wrong. The
way we setup the LOA registry was to be able to handle multiple
protocol - something I'm sure john bradley could attest to aswell
since he was also involved.
In fact I think I might mentioned the registry to Torsten @ IIW
last fall :-)
Cheers Leif
>
>
> ------ Originalmeddelande ------
> Från: "Torsten Lodderstedt via Openid-specs-ekyc-ida"
> <openid-specs-ekyc-ida at lists.openid.net
> <mailto:openid-specs-ekyc-ida at lists.openid.net>>
> Till: "OpenID eKYC Identity Assurance Working Group"
> <openid-specs-ekyc-ida at lists.openid.net
> <mailto:openid-specs-ekyc-ida at lists.openid.net>>
> Kopia: "Torsten Lodderstedt" <torsten at lodderstedt.net
> <mailto:torsten at lodderstedt.net>>
> Skickat: 2020-01-16 17:34:19
> Ämne: Re: [OpenID-Specs-eKYC-IDA] Feedback needed
>
>> Hi Naohiro,
>>
>> good question.
>>
>> I would go with Wikipedia‘s
>> definition: https://en.m.wikipedia.org/wiki/Jurisdiction
>>
>> And for every jurisdiction list the respective law(s) + further use cases.
>>
>> Ronald just raised the question about a use case repository. I think
>> this nicely fits together.
>>
>> We could setup a sub page listing the laws/use cases that were
>> implemented using OIDC4IDA and how.
>>
>> Thoughts?
>>
>> best regards,
>> Torsten.
>>
>>> Am 16.01.2020 um 10:35 schrieb Naohiro Fujie via
>>> Openid-specs-ekyc-ida <openid-specs-ekyc-ida at lists.openid.net
>>> <mailto:openid-specs-ekyc-ida at lists.openid.net>>:
>>>
>>> Hello Torsten,
>>>
>>> Any criteria to list up jurisdictions? OpenID Foundation Japan have
>>> listed up financial and telco related laws earlier, but there are more
>>> laws require identity assurance.
>>>
>>> Naohiro
>>>
>>> 2020年1月16日(木) 1:29 Torsten Lodderstedt via Openid-specs-ekyc-ida
>>> <openid-specs-ekyc-ida at lists.openid.net
>>> <mailto:openid-specs-ekyc-ida at lists.openid.net>>:
>>>>
>>>> Hi all,
>>>>
>>>> we have so far checked OpenID Connect 4 Identity Assurance in detail
>>>> against the requirements and use cases of certain jurisdictions (JP
>>>> & DE) or are expecting such feedback from other jurisdictions (UK,
>>>> Scandinavia, Australia).
>>>>
>>>> We are seeking for detailed review feedback regarding applicability
>>>> of OpenID Connect 4 Identity Assurance from other jurisdictions
>>>> since we want to make sure we develop a truly International standard.
>>>>
>>>> We would highly appreciate any feedback!
>>>>
>>>> Thanks in advance,
>>>> Torsten.
>>>>
>>>> --
>>>> Openid-specs-ekyc-ida mailing list
>>>> Openid-specs-ekyc-ida at lists.openid.net
>>>> <mailto:Openid-specs-ekyc-ida at lists.openid.net>
>>>> http://lists.openid.net/mailman/listinfo/openid-specs-ekyc-ida
>>>>
>>> --
>>> Openid-specs-ekyc-ida mailing list
>>> Openid-specs-ekyc-ida at lists.openid.net
>>> <mailto:Openid-specs-ekyc-ida at lists.openid.net>
>>> http://lists.openid.net/mailman/listinfo/openid-specs-ekyc-ida
>
More information about the Openid-specs-ekyc-ida
mailing list