[OpenID-Specs-eKYC-IDA] Camara & openid connect standards, and consent and purpose
Axel.Nennker at telekom.de
Axel.Nennker at telekom.de
Fri Sep 22 13:13:54 UTC 2023
An addition from Shilpa (who is not subscribed to OIDF mailing lists):
A good place to look at would be the PRhttps://github.com/camaraproject/IdentityAndConsentManagement/blob/526207689d024dd2294167d52f248fc4ae82f6b3/documentation/SupportingDocuments/Purpose%20Consent%20Proposal%20comparison.md
In the table there is a row about “What is expected for each /authorize call?”. Here you can find the comments from the 3 proposals in a consolidated format.
From: Nennker, Axel <Axel.Nennker at telekom.de>
Date: Friday, 22. September 2023 at 14:54
To: Bjorn Hjelm <bjorn.hjelm at oidf.org>, MODRNA WG <openid-specs-mobile-profile at lists.openid.net>, OpenID eKYC Identity Assurance Working Group <openid-specs-ekyc-ida at lists.openid.net>, FAPI Working Group List <openid-specs-fapi at lists.openid.net>
Cc: Padgaonkar, Shilpa <Shilpa.Padgaonkar at telekom.de>, Wróblewski, Dawid <Dawid.Wroblewski at t-mobile.pl>
Subject: Camara & openid connect standards, and consent and purpose
Hi all,
in the Linux Foundation’s Camara project “consent” for API access is an important topic.
https://github.com/camaraproject/IdentityAndConsentManagement
We discussed “consent”, “purpose”, etc in the past in the OIDF in several working groups but people felt that the topic is not well understood, and most of the details were not standardized.
The eKYC-IDA group opted for going the way of defining a parameter “purpose” which is “some text”.
https://openid.net/specs/openid-connect-4-identity-assurance-1_0-13.html#name-transaction-specific-purpos
Instead of “some text” others suggested to encode the purpose/consent into scope like e.g.
“scope=FraudPreventionandDetection:check-sim-swap-date”
https://github.com/camaraproject/IdentityAndConsentManagement/issues/32
Sorry for cross-posting to MODRNA and eKYC-IDA and FAPI.
Which OIDF would be the right one to tackle consent/purpose (again)?
Or please contribute to the issue https://github.com/camaraproject/IdentityAndConsentManagement/issues/32 and others directly.
Also, if you are a telco employee who participates in OIDF WGs while your colleagues are working in Camara, please reach out to your colleagues.
Kind regards
Axel
Bjorn and Gail presented OIDF to Camara
https://github.com/camaraproject/WorkingGroups/blob/main/Commonalities/documentation/SupportingDocuments/OIDF-CAMARA%20Project%20Presentation%20Jun%201%202023.pptx
https://openid.net/specs/openid-connect-user-questioning-api-1_0-11.html
https://openid.net/specs/fapi-grant-management.html#name-historical-grant-authorisat
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-ekyc-ida/attachments/20230922/91d32b48/attachment.html>
More information about the Openid-specs-ekyc-ida
mailing list