[OpenID-Specs-eKYC-IDA] Data minimization in the previously granted clasims access

[Torsten Lodderstedt]

Hi Nat, 

we haven’t discussed this feature yet.

I think it makes sense to have that feature, especially if the RP obtained the authorization to access the user’s claims over a long time. I would assume an interesting use case would be to gather a larger set of data in the first request and update a sub set in subsequent transactions. 

The use case you illustrated, on the other hand, I think, could raise interesting questions regarding data minimisation itself. Why should the RP ask for a broader data set than it needs for the use case at hand?

We can discuss in the call today.

best regards,
Torsten.  

> On 11. Mar 2020, at 06:06, Nat Sakimura via Openid-specs-ekyc-ida <openid-specs-ekyc-ida at lists.openid.net> wrote:
> 
> Hi
> 
> I was wondering if it has already come up but I have a use-case where only a subset of (verified) claims are needed from time to time.
> For example, I may need to get the Nationa ID number, address, DoB etc. in the first request, but in the subsequent request, I may just need the address as that is the only dynamic claim.
> 
> Presumably, I can use the previously obtained access token for this purpose as it is just down scoping, but I am not aware of a standardized way of sending "give me only this claim and nothing else" request to the Userinfo endpoint. From the data minimization point of view, this is pretty important.
> 
> Has this been discussed in this WG before?
> 
> Best,
> 
> Nat Sakimura
> -- 
> Openid-specs-ekyc-ida mailing list
> Openid-specs-ekyc-ida at lists.openid.net
> http://lists.openid.net/mailman/listinfo/openid-specs-ekyc-ida

-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 3946 bytes
Desc: not available
URL: <http://lists.openid.net/pipermail/openid-specs-ekyc-ida/attachments/20200311/a1d224b3/attachment.p7s>