[OpenID-Specs-eKYC-IDA] Issue #1194: eKYC eIDAS bridge (openid/ekyc-ida)

sgmouy issues-reply at bitbucket.org
Thu Apr 30 17:11:36 UTC 2020

New issue 1194: eKYC eIDAS bridge

Stéphane Mouy:

\(This is not an ‘issue' but rather an out-of-the-box suggestion as per our April 29 discussion\).

My starting point is that it would be ideal if the eKYC initiative undertaken here could fit within the regulatory framework applicable to financial institutions, especially when it comes to AML/KYC rules.  We are not yet there in Europe but this would likely become realistic if we could find a way to make use of eIDAS Qualified certificates, which are ‘recognized animals’ under the AMLD5 directive and many national regulations in Europe, and we also know that the EU Commission is keen to develop the eIDAS framework for the financial sector. In a nutshell :  finding a suitable niche within the existing AML regulatory framework is considerably easier than amending the AML regulations to suit the OpenID Connect specifications… \(I know, our world is very imperfect\)  

Qualified certificates for e-signature and e-seals are defined in broad - technology neutral - see in particular Annexes I & III of the eIDAS regulation \(attached\) and make use of defined signature formats, which are fairly rigidly defined. Amending the broad features of Qualified certificates as defined in the eIDAS annexes is in my opinion unrealistic, but suggesting another technical format may be considered.  

So in light of this my question is the following : can we consider either combining the eKYC OpenID Connect extension with existing eIDAS Qualified certificates or defining an OpenID connect eKYC format for Qualified certificates? It may well be that the answer is no, but if this would appear to be possible, the EU Commission would no doubt be interested in hearing more about this.

Your views on this would be appreciated.

More information about the Openid-specs-ekyc-ida mailing list