[OpenID-Specs-eKYC-IDA] Feedback needed
Leif Johansson
leifj at sunet.se
Fri Jan 17 17:35:10 UTC 2020
Probably not but IANA/IESG is gona review and will also notice and push back on overlap.
Skickat från min iPhone
> 17 jan. 2020 kl. 18:30 skrev Torsten Lodderstedt <torsten at lodderstedt.net>:
>
> I know. My point is, we have several different elements in our data model where we seek extensibility for. Can we put all of those into this single registry?
>
>> On 17. Jan 2020, at 18:29, Leif Johansson <leifj at sunet.se> wrote:
>>
>> Påls point (and mine) is that there is one already.
>>
>> Skickat från min iPhone
>>
>>>> 17 jan. 2020 kl. 18:16 skrev Torsten Lodderstedt <torsten at lodderstedt.net>:
>>>
>>> Hi,
>>>
>>> thanks for your feedback. We know the current state is not the perfect solution.
>>>
>>> Finding a sustainable solution is a key topic for the next revision of OpenId Connect for Identity Assurance.
>>>
>>> Please see https://bitbucket.org/openid/ekyc-ida/issues/1093/extensibility-how-do-we-support
>>>
>>> As you can see ased on the discussion in the latest call, we are aiming at using IANA registries for the different element types.
>>>
>>> best regards,
>>> Torsten.
>>>
>>>> On 17. Jan 2020, at 17:26, Leif Johansson via Openid-specs-ekyc-ida <openid-specs-ekyc-ida at lists.openid.net> wrote:
>>>>
>>>>> On 2020-01-16 17:46, Pål Axelsson via Openid-specs-ekyc-ida wrote:
>>>>> Hi all,
>>>>>
>>>>> I subscribed to this list today due to that we're owrking with assurance
>>>>> framework within our academic federation in Sweden. Today we uses SAML
>>>>> and signal assurance certifications. When we start to use OpenID Connect
>>>>> we want to be able to do that there to.
>>>>>
>>>>> When I read the proposed standard earlier today I saw a large
>>>>> enumeration in the working materials. I think this is a bad practice to
>>>>> enumerate in the standard documentation due to these things tend to
>>>>> change and then there will be a need to update the standard. The
>>>>> enumeration should instead be in an external registry, for example IANA
>>>>> registry over Level of Assurance (LoA) Profiles
>>>>> (https://www.iana.org/assignments/loa-profiles/loa-profiles.xhtml).
>>>>>
>>>>> Please correct me if I'm wrong in my assumption.
>>>>>
>>>>> Pål Axelsson
>>>>
>>>> As the author of RFC6711 I can tell you that you're not wrong. The
>>>> way we setup the LOA registry was to be able to handle multiple
>>>> protocol - something I'm sure john bradley could attest to aswell
>>>> since he was also involved.
>>>>
>>>> In fact I think I might mentioned the registry to Torsten @ IIW
>>>> last fall :-)
>>>>
>>>> Cheers Leif
>>>>
>>>>>
>>>>>
>>>>> ------ Originalmeddelande ------
>>>>> Från: "Torsten Lodderstedt via Openid-specs-ekyc-ida"
>>>>> <openid-specs-ekyc-ida at lists.openid.net
>>>>> <mailto:openid-specs-ekyc-ida at lists.openid.net>>
>>>>> Till: "OpenID eKYC Identity Assurance Working Group"
>>>>> <openid-specs-ekyc-ida at lists.openid.net
>>>>> <mailto:openid-specs-ekyc-ida at lists.openid.net>>
>>>>> Kopia: "Torsten Lodderstedt" <torsten at lodderstedt.net
>>>>> <mailto:torsten at lodderstedt.net>>
>>>>> Skickat: 2020-01-16 17:34:19
>>>>> Ämne: Re: [OpenID-Specs-eKYC-IDA] Feedback needed
>>>>>
>>>>>> Hi Naohiro,
>>>>>>
>>>>>> good question.
>>>>>>
>>>>>> I would go with Wikipedia‘s
>>>>>> definition: https://en.m.wikipedia.org/wiki/Jurisdiction
>>>>>>
>>>>>> And for every jurisdiction list the respective law(s) + further use cases.
>>>>>>
>>>>>> Ronald just raised the question about a use case repository. I think
>>>>>> this nicely fits together.
>>>>>>
>>>>>> We could setup a sub page listing the laws/use cases that were
>>>>>> implemented using OIDC4IDA and how.
>>>>>>
>>>>>> Thoughts?
>>>>>>
>>>>>> best regards,
>>>>>> Torsten.
>>>>>>
>>>>>>> Am 16.01.2020 um 10:35 schrieb Naohiro Fujie via
>>>>>>> Openid-specs-ekyc-ida <openid-specs-ekyc-ida at lists.openid.net
>>>>>>> <mailto:openid-specs-ekyc-ida at lists.openid.net>>:
>>>>>>>
>>>>>>> Hello Torsten,
>>>>>>>
>>>>>>> Any criteria to list up jurisdictions? OpenID Foundation Japan have
>>>>>>> listed up financial and telco related laws earlier, but there are more
>>>>>>> laws require identity assurance.
>>>>>>>
>>>>>>> Naohiro
>>>>>>>
>>>>>>> 2020年1月16日(木) 1:29 Torsten Lodderstedt via Openid-specs-ekyc-ida
>>>>>>> <openid-specs-ekyc-ida at lists.openid.net
>>>>>>> <mailto:openid-specs-ekyc-ida at lists.openid.net>>:
>>>>>>>>
>>>>>>>> Hi all,
>>>>>>>>
>>>>>>>> we have so far checked OpenID Connect 4 Identity Assurance in detail
>>>>>>>> against the requirements and use cases of certain jurisdictions (JP
>>>>>>>> & DE) or are expecting such feedback from other jurisdictions (UK,
>>>>>>>> Scandinavia, Australia).
>>>>>>>>
>>>>>>>> We are seeking for detailed review feedback regarding applicability
>>>>>>>> of OpenID Connect 4 Identity Assurance from other jurisdictions
>>>>>>>> since we want to make sure we develop a truly International standard.
>>>>>>>>
>>>>>>>> We would highly appreciate any feedback!
>>>>>>>>
>>>>>>>> Thanks in advance,
>>>>>>>> Torsten.
>>>>>>>>
>>>>>>>> --
>>>>>>>> Openid-specs-ekyc-ida mailing list
>>>>>>>> Openid-specs-ekyc-ida at lists.openid.net
>>>>>>>> <mailto:Openid-specs-ekyc-ida at lists.openid.net>
>>>>>>>> http://lists.openid.net/mailman/listinfo/openid-specs-ekyc-ida
>>>>>>>>
>>>>>>> --
>>>>>>> Openid-specs-ekyc-ida mailing list
>>>>>>> Openid-specs-ekyc-ida at lists.openid.net
>>>>>>> <mailto:Openid-specs-ekyc-ida at lists.openid.net>
>>>>>>> http://lists.openid.net/mailman/listinfo/openid-specs-ekyc-ida
>>>>>
>>>>
>>>> --
>>>> Openid-specs-ekyc-ida mailing list
>>>> Openid-specs-ekyc-ida at lists.openid.net
>>>> http://lists.openid.net/mailman/listinfo/openid-specs-ekyc-ida
>>>
>
More information about the Openid-specs-ekyc-ida
mailing list