[OpenID-Specs-eKYC-IDA] Issue #1276: [SAO] Output claim set varies depending on evaluation order (openid/ekyc-ida)

[Takahiko Kawasaki]

New issue 1276: [SAO] Output claim set varies depending on evaluation order
https://bitbucket.org/openid/ekyc-ida/issues/1276/sao-output-claim-set-varies-depending-on

Takahiko Kawasaki:

The current specification of “Selective Abort/Omit” \(SAO\) does not prevent the output claim set from varying depending on evaluation order.

### Example request and data:

```json
{
  "id_token": {
    "verified_claims": {
      "verification": null,
      "claims": {
        "given_name": {
          "if_different": "omit_verified_claims",
          "value": "John"
        },
        "family_name": {
          "if_different": "omit_set",
          "value": "Smith"
        }
      }
    },
    "email": {
      "if_unavailable": "omit_set"
    }
  }
}
```

| **claim** | **actual value** |
| --- | --- |
| verified\_claims / given\_name | Max |
| verified\_claims / family\_name | Meier |
| email | max at example.com |

‌

### Case 1:

If `"if_different"` of `"given_name"` is evaluated before `"if_different"` of `"family_name"`,

1. The whole `"verified_claims"` is omitted.
2. The value of `"family_name"` becomes unavailable.
3. The action for `"if_different"` of `"family_name"`, `"omit_set"`, is not triggered.

As a result, `"email":"max at example.com"` is included in the output claim set.

‌

### Case 2:

If `"if_different"` of `"family_name"` is evaluated before `"if_different"` of `"given_name"`,

1. The `"omit_set"` action is triggered.
2. The value of `"email"` becomes unavailable.

As a result, the `"email"` claim is not included in the output claim.

‌

### Comment from an implementer

I spent some weeks considering how to implement SAO, but I’ve not reached a conclusion yet. The difficult part of the specification is in that `"if_different"` may trigger omission of other nodes and even itself \(not only by `"omit_set"` and `"omit_verified_claims"` but also by `"omit"` which may recursively omit upper nodes\) and the omission may invalidate `"if_different"` of other nodes and even itself. Therefore, the evaluation order of `"if_different"` matters and may generate different claim sets.

I’m afraid that the current specification of SAO cannot be implemented in a deterministic way. Different implementations would generate different claim sets.