[OpenID-Specs-eKYC-IDA] json validation and PPID
Torsten Lodderstedt
torsten at lodderstedt.net
Mon Feb 8 17:52:36 UTC 2021
Hi Axel,
I think this could be due to different interpretations of JSON schemas.
I will get in contact with you directly.
best regards,
Torsten.
> Am 08.02.2021 um 12:17 schrieb Axel.Nennker--- via Openid-specs-ekyc-ida <openid-specs-ekyc-ida at lists.openid.net>:
>
> Hi,
>
> we, Deutsche Telekom, have a server that allows us to read German eIDs (id_card) and eATs (de_erp).
>
> I want to forward the information read from the card to some sales backend using the ekyc_ida format.
>
> Here is a json generated by a unit test – hence the dummy values.
>
>
> {
> "verified_claims": {
> "verification": {
> "trust_framework": "de_tkg111",
> "time": "2021-02-07T10:53:18.557729Z",
> "verification_process": "verification_process_dummy",
> "evidence": [
> {
> "type": "id_document",
> "method": "onsite",
> "verifier": {
> "organization": "organization_dummy",
> "txn": "txn_dummy"
> },
> "time": "2021-02-07T10:53:18.558089Z",
> "document": {
> "type": "idcard",
> "restrictedId": "5a4a9f25a60a8f99064c4e0719a893198869fa06c10d22988c53575593db2a8f",
> "date_of_expiry": "2029-11-30"
> }
> }
> ]
> },
> "claims": {
> "given_name": "ERIKA",
> "family_name": "MUSTERMANN",
> "birthdate": "1964-08-12",
> "address": {
> "locality": "KÖLN",
> "postal_code": "51147",
> "street_address": "HEIDESTRASSE 17",
> "country": "DE"
> }
> }
> }
> }
>
> What I added to the ekyc_ida format is “restrictedId”, which is an identifier depending on the server’s authorization certificate and the card’s id.
> RestrictedID is something like a pseudonymous customer reference from Mobile Connect or Pairwise Pseudonymous Identifier from OpenID Connect Core Spec.
> So I was not sure where to put “restrictedId” – it could be under verifier AND document with equal justification.
>
> Could you please help me on this? Is the json valid according the ekyc_ida schema?
> https://bitbucket.org/openid/ekyc-ida/src/master/schema/verified_claims.json
>
> I checked using an online json schema validator which says it is valid. https://www.jsonschemavalidator.net/
> But using a java schema validator in my unit tests it comes out as invalid.
> <dependency>
> <groupId>com.networknt</groupId>
> <artifactId>json-schema-validator</artifactId>
> <version>1.0.48</version>
> <scope>test</scope>
> </dependency>
>
> To summarize:
> • Is the json valid?
> • Where to put the restrictedId?
> • Add restrictedId to schema?
>
>
> --
> Openid-specs-ekyc-ida mailing list
> Openid-specs-ekyc-ida at lists.openid.net
> https://www.google.com/url?q=http://lists.openid.net/mailman/listinfo/openid-specs-ekyc-ida&source=gmail-imap&ust=1613387847000000&usg=AOvVaw2NiPAlftR0mY30osU9AXOy
More information about the Openid-specs-ekyc-ida
mailing list