[OpenID-Specs-eKYC-IDA] Issue #1201: Clarify what the IDP MUST/SHOULD/MAY send in verification data. (openid/ekyc-ida)
issues-reply at bitbucket.org
Wed May 27 15:29:08 UTC 2020
New issue 1201: Clarify what the IDP MUST/SHOULD/MAY send in verification data.
We currently say:
> The RP MUST explicitly request any data it wants the OP to add to the `verification` element.
We do not say that the IDP MUST only send data if it was requested by the RP.
Do we want to say that?
If so, we also need to take a look at this example, where the IDP delivers much more verification data than requested: [https://openid.net/specs/openid-connect-4-identity-assurance-1\_0.html#section-6.5.1](https://openid.net/specs/openid-connect-4-identity-assurance-1_0.html#section-6.5.1)
\(possibly other examples as well\)
Responsible: Torsten Lodderstedt
More information about the Openid-specs-ekyc-ida