[OpenID-Specs-eKYC-IDA] json validation and PPID

Torsten Lodderstedt torsten at lodderstedt.net
Mon Feb 8 17:52:36 UTC 2021 

Hi Axel,

I think this could be due to different interpretations of JSON schemas.

I will get in contact with you directly.

best regards,
Torsten. 

> Am 08.02.2021 um 12:17 schrieb Axel.Nennker--- via Openid-specs-ekyc-ida <openid-specs-ekyc-ida at lists.openid.net>:
> 
> Hi,
>  
> we, Deutsche Telekom, have a server that allows us to read German eIDs (id_card) and eATs (de_erp).
>  
> I want to forward the information read from the card to some sales backend using the ekyc_ida format.
>  
> Here is a json generated by a unit test – hence the dummy values.
>  
>  
> {
>   "verified_claims": {
>     "verification": {
>       "trust_framework": "de_tkg111",
>       "time": "2021-02-07T10:53:18.557729Z",
>       "verification_process": "verification_process_dummy",
>       "evidence": [
>         {
>           "type": "id_document",
>           "method": "onsite",
>           "verifier": {
>             "organization": "organization_dummy",
>             "txn": "txn_dummy"
>           },
>           "time": "2021-02-07T10:53:18.558089Z",
>           "document": {
>             "type": "idcard",
>             "restrictedId": "5a4a9f25a60a8f99064c4e0719a893198869fa06c10d22988c53575593db2a8f",
>             "date_of_expiry": "2029-11-30"
>           }
>         }
>       ]
>     },
>     "claims": {
>       "given_name": "ERIKA",
>       "family_name": "MUSTERMANN",
>       "birthdate": "1964-08-12",
>       "address": {
>         "locality": "KÖLN",
>         "postal_code": "51147",
>         "street_address": "HEIDESTRASSE 17",
>         "country": "DE"
>       }
>     }
>   }
> }
>  
> What I added to the ekyc_ida format is “restrictedId”, which is an identifier depending on the server’s authorization certificate and the card’s id.
> RestrictedID is something like a pseudonymous customer reference from Mobile Connect or Pairwise Pseudonymous Identifier from OpenID Connect Core Spec.
> So I was not sure where to put “restrictedId” – it could be under verifier AND document with equal justification.
>  
> Could you please help me on this? Is the json valid according the ekyc_ida schema?
> https://bitbucket.org/openid/ekyc-ida/src/master/schema/verified_claims.json
>  
> I checked using an online json schema validator which says it is valid. https://www.jsonschemavalidator.net/
> But using a java schema validator in my unit tests it comes out as invalid.
>         <dependency>
>             <groupId>com.networknt</groupId>
>             <artifactId>json-schema-validator</artifactId>
>             <version>1.0.48</version>
>             <scope>test</scope>
>         </dependency>
>  
> To summarize:
> 	• Is the json valid?
> 	• Where to put the restrictedId?
> 	• Add restrictedId to schema?
>  
> 
> -- 
> Openid-specs-ekyc-ida mailing list
> Openid-specs-ekyc-ida at lists.openid.net
> https://www.google.com/url?q=http://lists.openid.net/mailman/listinfo/openid-specs-ekyc-ida&source=gmail-imap&ust=1613387847000000&usg=AOvVaw2NiPAlftR0mY30osU9AXOy

More information about the Openid-specs-ekyc-ida mailing list