[OpenID-Specs-eKYC-IDA] Logic of verified_claims Request Processing

Takahiko Kawasaki taka at authlete.com
Wed Apr 27 21:15:01 UTC 2022 

Hi All,

The logic of "verified_claims" request processing which is defined in
OpenID Connect for Identity Assurance 1.0 is complex because of its
filtering rules and data minimization policy. I'm afraid that difficulties
in implementing it are not recognized enough by the eKYC-IDA WG itself
(^_^; Here is an implementation of the logic:

https://github.com/authlete/authlete-java-common/blob/master/src/main/java/com/authlete/common/ida/DatasetExtractor.java


Some tests are written here:

https://github.com/authlete/authlete-java-common/blob/master/src/test/java/com/authlete/common/ida/DatasetExtractorTest.java


Some of you may understand that verified_claims request processing is not a
simple task only by reading the JavaDoc of the implementation
(DatasetExtractor):

https://authlete.github.io/authlete-java-common/com/authlete/common/ida/DatasetExtractor.html


The main reason I published the code as open source is that I believe some
discussions in the WG should be based on a shared understanding of the
logic. For example,


   - Issue 1276 <https://bitbucket.org/openid/ekyc-ida/issues/1276>: [SAO]
   Output claim set varies depending on evaluation order
      - Is "if_different" defined in SAO (Selective Abort/Omit) meaningful?
   - Issue 1301 <https://bitbucket.org/openid/ekyc-ida/issues/1301>: convey
   error response in userinfo
      - Many unmatches may occur during filtering. It's not always easy to
      identify an error that represents the failure of obtaining
      "verified_claims". What error report do you want?
   - Issue 1304 <https://bitbucket.org/openid/ekyc-ida/issues/1304>: [IDA]
   Does the same rule apply to other properties of array type?
      - In my opinion, yes, it should.


I'm preparing a sample IdP that incorporates the logic and will be able to
do a demo in a regular meeting when requested and/or necessary for
discussions.

Best Regards,
Takahiko Kawasaki
Co-founder, Authlete, Inc.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-ekyc-ida/attachments/20220428/657e3d0a/attachment.html>

More information about the Openid-specs-ekyc-ida mailing list