[OpenID-Specs-eKYC-IDA] Data minimization in the previously granted clasims access
torsten at lodderstedt.net
Wed Mar 11 07:42:47 UTC 2020
we haven’t discussed this feature yet.
I think it makes sense to have that feature, especially if the RP obtained the authorization to access the user’s claims over a long time. I would assume an interesting use case would be to gather a larger set of data in the first request and update a sub set in subsequent transactions.
The use case you illustrated, on the other hand, I think, could raise interesting questions regarding data minimisation itself. Why should the RP ask for a broader data set than it needs for the use case at hand?
We can discuss in the call today.
> On 11. Mar 2020, at 06:06, Nat Sakimura via Openid-specs-ekyc-ida <openid-specs-ekyc-ida at lists.openid.net> wrote:
> I was wondering if it has already come up but I have a use-case where only a subset of (verified) claims are needed from time to time.
> For example, I may need to get the Nationa ID number, address, DoB etc. in the first request, but in the subsequent request, I may just need the address as that is the only dynamic claim.
> Presumably, I can use the previously obtained access token for this purpose as it is just down scoping, but I am not aware of a standardized way of sending "give me only this claim and nothing else" request to the Userinfo endpoint. From the data minimization point of view, this is pretty important.
> Has this been discussed in this WG before?
> Nat Sakimura
> Openid-specs-ekyc-ida mailing list
> Openid-specs-ekyc-ida at lists.openid.net
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 3946 bytes
Desc: not available
More information about the Openid-specs-ekyc-ida