[Openid-specs-mobile-profile] Camara & openid connect standards, and consent and purpose
Axel.Nennker at telekom.de
Axel.Nennker at telekom.de
Fri Sep 22 12:54:15 UTC 2023
Hi all,
in the Linux Foundation’s Camara project “consent” for API access is an important topic.
https://github.com/camaraproject/IdentityAndConsentManagement
We discussed “consent”, “purpose”, etc in the past in the OIDF in several working groups but people felt that the topic is not well understood, and most of the details were not standardized.
The eKYC-IDA group opted for going the way of defining a parameter “purpose” which is “some text”.
https://openid.net/specs/openid-connect-4-identity-assurance-1_0-13.html#name-transaction-specific-purpos
Instead of “some text” others suggested to encode the purpose/consent into scope like e.g.
“scope=FraudPreventionandDetection:check-sim-swap-date”
https://github.com/camaraproject/IdentityAndConsentManagement/issues/32
Sorry for cross-posting to MODRNA and eKYC-IDA and FAPI.
Which OIDF would be the right one to tackle consent/purpose (again)?
Or please contribute to the issue https://github.com/camaraproject/IdentityAndConsentManagement/issues/32 and others directly.
Also, if you are a telco employee who participates in OIDF WGs while your colleagues are working in Camara, please reach out to your colleagues.
Kind regards
Axel
Bjorn and Gail presented OIDF to Camara
https://github.com/camaraproject/WorkingGroups/blob/main/Commonalities/documentation/SupportingDocuments/OIDF-CAMARA%20Project%20Presentation%20Jun%201%202023.pptx
https://openid.net/specs/openid-connect-user-questioning-api-1_0-11.html
https://openid.net/specs/fapi-grant-management.html#name-historical-grant-authorisat
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-mobile-profile/attachments/20230922/4a6f33d6/attachment-0001.html>
More information about the Openid-specs-mobile-profile
mailing list