[OpenID-Specs-eKYC-IDA] Information about the RP in the verified_claims structure

Steinar Noem steinar at udelt.no
Mon Jul 4 13:01:20 UTC 2022 

Hi eKYC-IDA peoples!

Have you discussed adding information about the RP in the verified claims
structure?

I am dealing with a case where I would like to include information about
the system the user uses in the verified claims structure. At the same time
I understand that this information is not directly related to the end-user
identity - and would perhaps not be a natural fit for the IA specification.

The systems in my scenario has the following characteristics:

   - They are always used by health personnel.
   - They are always used in a healthcare organization
   - They are always used for health information
   - They must adhere to national legislation
   - They must adhere to a national code-of-conduct
   - They are subject to a set of contractual agreements where technical
   requirements are described (e.g. FAPI)
   - They are self-declared in a management system
   - They always have to authenticate themselves in the OP (strong
   authentication)
   - Their client secrets are always associated with an organization with a
   high LoA

My feeling is that the verfied_claims structure could include information
about the system that requested authentication of the end-user.
This could be expressed in two main categories of information:

   - The software e.g.:
      - identifier (something else than client_id)
      - version(?)
      - type of software (not technical platform, but businessfunction)
   - Information about the runtime instance:
      - The organization that operates the software - most often a data
      processor in my case
      - On whose behalf the data processor operates (similar to the
      authority structure) - also an organization

Any thoughts/feelings about this?

-- 
Vennlig hilsen

Steinar Noem
Partner Udelt AS
Systemutvikler

| steinar at udelt.no | hei at udelt.no  | +47 955 21 620 | www.udelt.no |
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-ekyc-ida/attachments/20220704/e46ed33a/attachment.html>

More information about the Openid-specs-ekyc-ida mailing list