[OpenID-Specs-eKYC-IDA] Data minimization in the previously granted clasims access

Nat Sakimura nat at sakimura.org
Wed Mar 11 13:55:03 UTC 2020


Yup. I can explain it in today's call. BTW, it is not only for this 
use-case that this kind of feature is desirable, by the way.

On 2020-03-11 16:42, Torsten Lodderstedt wrote:
> Hi Nat,
> 
> we haven’t discussed this feature yet.
> 
> I think it makes sense to have that feature, especially if the RP
> obtained the authorization to access the user’s claims over a long
> time. I would assume an interesting use case would be to gather a
> larger set of data in the first request and update a sub set in
> subsequent transactions.
> 
> The use case you illustrated, on the other hand, I think, could raise
> interesting questions regarding data minimisation itself. Why should
> the RP ask for a broader data set than it needs for the use case at
> hand?
> 
> We can discuss in the call today.
> 
> best regards,
> Torsten.
> 
>> On 11. Mar 2020, at 06:06, Nat Sakimura via Openid-specs-ekyc-ida 
>> <openid-specs-ekyc-ida at lists.openid.net> wrote:
>> 
>> Hi
>> 
>> I was wondering if it has already come up but I have a use-case where 
>> only a subset of (verified) claims are needed from time to time.
>> For example, I may need to get the Nationa ID number, address, DoB 
>> etc. in the first request, but in the subsequent request, I may just 
>> need the address as that is the only dynamic claim.
>> 
>> Presumably, I can use the previously obtained access token for this 
>> purpose as it is just down scoping, but I am not aware of a 
>> standardized way of sending "give me only this claim and nothing else" 
>> request to the Userinfo endpoint. From the data minimization point of 
>> view, this is pretty important.
>> 
>> Has this been discussed in this WG before?
>> 
>> Best,
>> 
>> Nat Sakimura
>> --
>> Openid-specs-ekyc-ida mailing list
>> Openid-specs-ekyc-ida at lists.openid.net
>> http://lists.openid.net/mailman/listinfo/openid-specs-ekyc-ida


More information about the Openid-specs-ekyc-ida mailing list