[OpenID-Specs-eKYC-IDA] Issue #1288: [IDA] digest of external attachment is not always computable (openid/ekyc-ida)
Takahiko Kawasaki
issues-reply at bitbucket.org
Fri Jan 28 19:59:45 UTC 2022
New issue 1288: [IDA] digest of external attachment is not always computable
https://bitbucket.org/openid/ekyc-ida/issues/1288/ida-digest-of-external-attachment-is-not
Takahiko Kawasaki:
IDA ID3 [Section 5.1.2.2. External Attachments](https://openid.net/specs/openid-connect-4-identity-assurance-1_0.html#name-external-attachments) requires `digest` for each external attachment. However, it is not always possible to compute digest values at the time when an authorization server issues an ID token or returns a userinfo response which includes `attachments`. Content of attachments may be hosted on resource servers that are managed by other entities which is different from the entity that manages the authorization server. In this case, it is difficult, if not impossible, to compute digest values of the contents. A certain company is planning to implement an authorization server that supports IDA ID3 and they told us that the pattern actually exists, where evidence contents are hosted on resource servers of end-customers of the company.
I propose changing the requirement of the `digest` property from `REQUIRED` to `OPTIONAL`.
More information about the Openid-specs-ekyc-ida
mailing list