[OpenID-Specs-eKYC-IDA] json validation and PPID

Axel.Nennker at telekom.de Axel.Nennker at telekom.de
Mon Feb 8 11:17:09 UTC 2021 

Hi,

we, Deutsche Telekom, have a server that allows us to read German eIDs (id_card) and eATs (de_erp).

I want to forward the information read from the card to some sales backend using the ekyc_ida format.

Here is a json generated by a unit test – hence the dummy values.


{
  "verified_claims": {
    "verification": {
      "trust_framework": "de_tkg111",
      "time": "2021-02-07T10:53:18.557729Z",
      "verification_process": "verification_process_dummy",
      "evidence": [
        {
          "type": "id_document",
          "method": "onsite",
          "verifier": {
            "organization": "organization_dummy",
            "txn": "txn_dummy"
          },
          "time": "2021-02-07T10:53:18.558089Z",
          "document": {
            "type": "idcard",
            "restrictedId": "5a4a9f25a60a8f99064c4e0719a893198869fa06c10d22988c53575593db2a8f",
            "date_of_expiry": "2029-11-30"
          }
        }
      ]
    },
    "claims": {
      "given_name": "ERIKA",
      "family_name": "MUSTERMANN",
      "birthdate": "1964-08-12",
      "address": {
        "locality": "KÖLN",
        "postal_code": "51147",
        "street_address": "HEIDESTRASSE 17",
        "country": "DE"
      }
    }
  }
}

What I added to the ekyc_ida format is “restrictedId”, which is an identifier depending on the server’s authorization certificate and the card’s id.
RestrictedID is something like a pseudonymous customer reference from Mobile Connect or Pairwise Pseudonymous Identifier from OpenID Connect Core Spec.
So I was not sure where to put “restrictedId” – it could be under verifier AND document with equal justification.

Could you please help me on this? Is the json valid according the ekyc_ida schema?
https://bitbucket.org/openid/ekyc-ida/src/master/schema/verified_claims.json

I checked using an online json schema validator which says it is valid. https://www.jsonschemavalidator.net/
But using a java schema validator in my unit tests it comes out as invalid.

        <dependency>
            <groupId>com.networknt</groupId>
            <artifactId>json-schema-validator</artifactId>
            <version>1.0.48</version>
            <scope>test</scope>
        </dependency>

To summarize:

  *   Is the json valid?
  *   Where to put the restrictedId?
  *   Add restrictedId to schema?

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-ekyc-ida/attachments/20210208/c4e370ab/attachment-0001.html>

More information about the Openid-specs-ekyc-ida mailing list