[OpenID-Specs-eKYC-IDA] Issue #1271: Section 8: Example responses: Issues and comments (openid/ekyc-ida)

Tue Dec 28 10:30:07 UTC 2021

New issue 1271: Section 8: Example responses: Issues and comments
https://bitbucket.org/openid/ekyc-ida/issues/1271/section-8-example-responses-issues-and

Vladimir Dzhuvinov:

After updating the OAuth / OIDC SDK to the latest draft 12 the new examples were made part of the automated tests. This revealed several issues when parsing the example responses JSON in section 8. Some of the encountered issues may need to be addressed in the spec itself. I will create separate tickets for those.

‌

[https://openid.bitbucket.io/eKYC-IDA/openid-connect-4-identity-assurance-1\_0-master.html#name-id-document-deprecated-form](https://openid.bitbucket.io/eKYC-IDA/openid-connect-4-identity-assurance-1_0-master.html#name-id-document-deprecated-form)

There appear to be two ways to get the response to parse successfully:

* Change the evidence type to the deprecated `id_document` evidence \(now it’s `document`\).
* Or change it so that it parses as the new `document` evidence \(see [spec](https://openid.bitbucket.io/eKYC-IDA/openid-connect-4-identity-assurance-1_0-master.html#section-5.1.1.1)\):

    * The ID card details go into a `document_details` elements \(now it’s `details`\).
    * The document `number` becomes `document_number` , `serial_number` or `person_number`.

‌

[https://openid.bitbucket.io/eKYC-IDA/openid-connect-4-identity-assurance-1\_0-master.html#section-8.14](https://openid.bitbucket.io/eKYC-IDA/openid-connect-4-identity-assurance-1_0-master.html#section-8.14)

* Change the `document` element to `document_details`.

‌

[https://openid.bitbucket.io/eKYC-IDA/openid-connect-4-identity-assurance-1\_0-master.html#section-8.10](https://openid.bitbucket.io/eKYC-IDA/openid-connect-4-identity-assurance-1_0-master.html#section-8.10)

* The `created_at` in the example `1979-01-22`  doesn’t fit the expected timestamp format. 

> `created_at`: OPTIONAL. The time the record was created as ISO 8601:2004 \[[ISO8601-2004](https://openid.bitbucket.io/eKYC-IDA/openid-connect-4-identity-assurance-1_0-master.html#ISO8601-2004)\] `YYYY-MM-DDThh:mm[:ss]TZD` format.

* The `assurance_level` set to `al_2` is not in the registry, it looks like `al2` was intended here.
* The `place_of_birth.country` claim uses a three letter code. According to the [spec](https://openid.bitbucket.io/eKYC-IDA/openid-connect-4-identity-assurance-1_0-master.html#name-additional-claims-about-end) the code must be 2 or 4 letters.
* There are decimal HTML entities in the `place_of_birth.locality`. See the [JSON RFC](https://datatracker.ietf.org/doc/html/rfc8259#section-7) for the standard string encoding.

‌

[https://openid.bitbucket.io/eKYC-IDA/openid-connect-4-identity-assurance-1\_0-master.html#section-8.12](https://openid.bitbucket.io/eKYC-IDA/openid-connect-4-identity-assurance-1_0-master.html#section-8.12)

* The `voucher` element contains the `given_name` and `family_name` parameters. According to the spec those should be communicated in the `name` parameter.
* The `place_of_birth.country` claim uses a three letter code. According to the [spec](https://openid.bitbucket.io/eKYC-IDA/openid-connect-4-identity-assurance-1_0-master.html#name-additional-claims-about-end) the code must be 2 or 4 letters.

‌

[https://openid.bitbucket.io/eKYC-IDA/openid-connect-4-identity-assurance-1\_0-master.html#name-document-with-validation-an](https://openid.bitbucket.io/eKYC-IDA/openid-connect-4-identity-assurance-1_0-master.html#name-document-with-validation-an)

* According to the spec the issuer country code `ITA` should be communicated in the `country_code` parameter.
* The `place_of_birth.country` claim uses a three letter code. According to the [spec](https://openid.bitbucket.io/eKYC-IDA/openid-connect-4-identity-assurance-1_0-master.html#name-additional-claims-about-end) the code must be 2 or 4 letters.

‌

‌

[https://openid.bitbucket.io/eKYC-IDA/openid-connect-4-identity-assurance-1\_0-master.html#name-id-document-deprecated-form](https://openid.bitbucket.io/eKYC-IDA/openid-connect-4-identity-assurance-1_0-master.html#name-id-document-deprecated-form)

[https://openid.bitbucket.io/eKYC-IDA/openid-connect-4-identity-assurance-1\_0-master.html#section-8.3](https://openid.bitbucket.io/eKYC-IDA/openid-connect-4-identity-assurance-1_0-master.html#section-8.3)

[https://openid.bitbucket.io/eKYC-IDA/openid-connect-4-identity-assurance-1\_0-master.html#section-8.4](https://openid.bitbucket.io/eKYC-IDA/openid-connect-4-identity-assurance-1_0-master.html#section-8.4)

[https://openid.bitbucket.io/eKYC-IDA/openid-connect-4-identity-assurance-1\_0-master.html#section-8.6](https://openid.bitbucket.io/eKYC-IDA/openid-connect-4-identity-assurance-1_0-master.html#section-8.6)

[https://openid.bitbucket.io/eKYC-IDA/openid-connect-4-identity-assurance-1\_0-master.html#section-8.7](https://openid.bitbucket.io/eKYC-IDA/openid-connect-4-identity-assurance-1_0-master.html#section-8.7)

[https://openid.bitbucket.io/eKYC-IDA/openid-connect-4-identity-assurance-1\_0-master.html#section-8.8](https://openid.bitbucket.io/eKYC-IDA/openid-connect-4-identity-assurance-1_0-master.html#section-8.8)

[https://openid.bitbucket.io/eKYC-IDA/openid-connect-4-identity-assurance-1\_0-master.html#section-8.10](https://openid.bitbucket.io/eKYC-IDA/openid-connect-4-identity-assurance-1_0-master.html#section-8.10)

[https://openid.bitbucket.io/eKYC-IDA/openid-connect-4-identity-assurance-1\_0-master.html#section-8.13](https://openid.bitbucket.io/eKYC-IDA/openid-connect-4-identity-assurance-1_0-master.html#section-8.13)

[https://openid.bitbucket.io/eKYC-IDA/openid-connect-4-identity-assurance-1\_0-master.html#section-8.14](https://openid.bitbucket.io/eKYC-IDA/openid-connect-4-identity-assurance-1_0-master.html#section-8.14)

```json
"address": {
        "locality": "Maxstadt",
        "postal_code": "12344",
        "country": "DE",
        "street_address": "An der Weide 22"
}
```

```json
"address": {
        "locality": "Karlstad",
        "postal_code": "65344",
        "country": "SWE",
        "street_address": "Gatunamn 221b"
}
```

```json
"address": {
        "locality": "Imola BO",
        "postal_code": "40026",
        "country": "ITA",
        "street_address": "Viale Dante Alighieri, 26"
}
```

There are 9 example responses where a country code appears to be communicated in the `address.country` claim, defined in OIDC Core as “country name”. At the same time there are two examples where `address.country` is set to `Monaco` and `UK`. The `address.country_code` claim introduced by the eKYC spec appears the most appropriate here, with its purpose to identify a country in a way that is unambiguous and interoperable.

‌

[https://openid.bitbucket.io/eKYC-IDA/openid-connect-4-identity-assurance-1\_0-master.html#section-8.2](https://openid.bitbucket.io/eKYC-IDA/openid-connect-4-identity-assurance-1_0-master.html#section-8.2)

[https://openid.bitbucket.io/eKYC-IDA/openid-connect-4-identity-assurance-1\_0-master.html#section-8.5](https://openid.bitbucket.io/eKYC-IDA/openid-connect-4-identity-assurance-1_0-master.html#section-8.5)

The `place_of_birth.country` claim where a country code is expected is set to `UK` \(which is not a valid two-letter country ISO code\).

‌