[Openid-specs-mobile-profile] [External Sender] Re: [OpenID-Specs-eKYC-IDA] Camara & openid connect standards, and consent and purpose

George Fletcher george.fletcher at capitalone.com
Fri Sep 22 13:58:16 UTC 2023 

What about using Rich Authorization Request to address the purpose and even
the scope aspects? That would provide a lot of flexibility without adding
any new parameters.

Thanks,
George

On Fri, Sep 22, 2023 at 9:14 AM Axel.Nennker--- via Openid-specs-ekyc-ida <
openid-specs-ekyc-ida at lists.openid.net> wrote:

> An addition from Shilpa (who is not subscribed to OIDF mailing lists):
>
>
>
> A good place to look at would be the PR
> https://github.com/camaraproject/IdentityAndConsentManagement/blob/526207689d024dd2294167d52f248fc4ae82f6b3/documentation/SupportingDocuments/Purpose%20Consent%20Proposal%20comparison.md
> <https://urldefense.com/v3/__https://github.com/camaraproject/IdentityAndConsentManagement/blob/526207689d024dd2294167d52f248fc4ae82f6b3/documentation/SupportingDocuments/Purpose*20Consent*20Proposal*20comparison.md__;JSUl!!FrPt2g6CO4Wadw!Ln7wmdCcyM40rpO7YOEsJ3y5c4_-G9jbSR9QQ9WrXmI9WVludTNqwbPQoz5lVyf-ymIA7JBRcVOxOePMX7TAJo6whq_dbr1VClZYRZaG$>
>
>
>
> In the table there is a row about  “What is expected for
> each /authorize call?”. Here you can find the comments from the 3
> proposals in a consolidated format.
>
>
>
>
>
>
>
> *From: *Nennker, Axel <Axel.Nennker at telekom.de>
> *Date: *Friday, 22. September 2023 at 14:54
> *To: *Bjorn Hjelm <bjorn.hjelm at oidf.org>, MODRNA WG <
> openid-specs-mobile-profile at lists.openid.net>, OpenID eKYC Identity
> Assurance Working Group <openid-specs-ekyc-ida at lists.openid.net>, FAPI
> Working Group List <openid-specs-fapi at lists.openid.net>
> *Cc: *Padgaonkar, Shilpa <Shilpa.Padgaonkar at telekom.de>, Wróblewski,
> Dawid <Dawid.Wroblewski at t-mobile.pl>
> *Subject: *Camara & openid connect standards, and consent and purpose
>
> Hi all,
>
>
>
> in the Linux Foundation’s Camara project “consent” for API access is an
> important topic.
>
> https://github.com/camaraproject/IdentityAndConsentManagement
> <https://urldefense.com/v3/__https://github.com/camaraproject/IdentityAndConsentManagement__;!!FrPt2g6CO4Wadw!Ln7wmdCcyM40rpO7YOEsJ3y5c4_-G9jbSR9QQ9WrXmI9WVludTNqwbPQoz5lVyf-ymIA7JBRcVOxOePMX7TAJo6whq_dbr1VCnpLKN8b$>
>
>
>
> We discussed “consent”, “purpose”, etc in the past in the OIDF in several
> working groups but people felt that the topic is not well understood, and
> most of the details were not standardized.
>
>
>
> The eKYC-IDA group opted for going the way of defining a parameter
> “purpose” which is “some text”.
>
>
> https://openid.net/specs/openid-connect-4-identity-assurance-1_0-13.html#name-transaction-specific-purpos
> <https://urldefense.com/v3/__https://openid.net/specs/openid-connect-4-identity-assurance-1_0-13.html*name-transaction-specific-purpos__;Iw!!FrPt2g6CO4Wadw!Ln7wmdCcyM40rpO7YOEsJ3y5c4_-G9jbSR9QQ9WrXmI9WVludTNqwbPQoz5lVyf-ymIA7JBRcVOxOePMX7TAJo6whq_dbr1VCuplX4y8$>
>
>
>
> Instead of “some text” others suggested to encode the purpose/consent into
> scope like e.g.
>
> “scope=FraudPreventionandDetection:check-sim-swap-date”
>
> https://github.com/camaraproject/IdentityAndConsentManagement/issues/32
> <https://urldefense.com/v3/__https://github.com/camaraproject/IdentityAndConsentManagement/issues/32__;!!FrPt2g6CO4Wadw!Ln7wmdCcyM40rpO7YOEsJ3y5c4_-G9jbSR9QQ9WrXmI9WVludTNqwbPQoz5lVyf-ymIA7JBRcVOxOePMX7TAJo6whq_dbr1VCiP4CYHQ$>
>
>
>
> Sorry for cross-posting to MODRNA and eKYC-IDA and FAPI.
>
> Which OIDF would be the right one to tackle consent/purpose (again)?
>
>
>
> Or please contribute to the issue
> https://github.com/camaraproject/IdentityAndConsentManagement/issues/32
> <https://urldefense.com/v3/__https://github.com/camaraproject/IdentityAndConsentManagement/issues/32__;!!FrPt2g6CO4Wadw!Ln7wmdCcyM40rpO7YOEsJ3y5c4_-G9jbSR9QQ9WrXmI9WVludTNqwbPQoz5lVyf-ymIA7JBRcVOxOePMX7TAJo6whq_dbr1VCiP4CYHQ$>
> and others directly.
>
>
>
> Also, if you are a telco employee who participates in OIDF WGs while your
> colleagues are working in Camara, please reach out to your colleagues.
>
>
>
>
>
> Kind regards
>
> Axel
>
>
>
> Bjorn and Gail presented OIDF to Camara
>
>
> https://github.com/camaraproject/WorkingGroups/blob/main/Commonalities/documentation/SupportingDocuments/OIDF-CAMARA%20Project%20Presentation%20Jun%201%202023.pptx
> <https://urldefense.com/v3/__https://github.com/camaraproject/WorkingGroups/blob/main/Commonalities/documentation/SupportingDocuments/OIDF-CAMARA*20Project*20Presentation*20Jun*201*202023.pptx__;JSUlJSU!!FrPt2g6CO4Wadw!Ln7wmdCcyM40rpO7YOEsJ3y5c4_-G9jbSR9QQ9WrXmI9WVludTNqwbPQoz5lVyf-ymIA7JBRcVOxOePMX7TAJo6whq_dbr1VCjtPFPXX$>
>
>
>
> https://openid.net/specs/openid-connect-user-questioning-api-1_0-11.html
> <https://urldefense.com/v3/__https://openid.net/specs/openid-connect-user-questioning-api-1_0-11.html__;!!FrPt2g6CO4Wadw!Ln7wmdCcyM40rpO7YOEsJ3y5c4_-G9jbSR9QQ9WrXmI9WVludTNqwbPQoz5lVyf-ymIA7JBRcVOxOePMX7TAJo6whq_dbr1VCl09MZ4X$>
>
>
> https://openid.net/specs/fapi-grant-management.html#name-historical-grant-authorisat
> <https://urldefense.com/v3/__https://openid.net/specs/fapi-grant-management.html*name-historical-grant-authorisat__;Iw!!FrPt2g6CO4Wadw!Ln7wmdCcyM40rpO7YOEsJ3y5c4_-G9jbSR9QQ9WrXmI9WVludTNqwbPQoz5lVyf-ymIA7JBRcVOxOePMX7TAJo6whq_dbr1VCoHPZQHj$>
>
>
> --
> Openid-specs-ekyc-ida mailing list
> Openid-specs-ekyc-ida at lists.openid.net
>
> https://urldefense.com/v3/__https://lists.openid.net/mailman/listinfo/openid-specs-ekyc-ida__;!!FrPt2g6CO4Wadw!Ln7wmdCcyM40rpO7YOEsJ3y5c4_-G9jbSR9QQ9WrXmI9WVludTNqwbPQoz5lVyf-ymIA7JBRcVOxOePMX7TAJo6whq_dbr1VCjFxiH69$
>

______________________________________________________________________



The information contained in this e-mail is confidential and/or proprietary to Capital One and/or its affiliates and may only be used solely in performance of work or services for Capital One. The information transmitted herewith is intended only for use by the individual or entity to which it is addressed. If the reader of this message is not the intended recipient, you are hereby notified that any review, retransmission, dissemination, distribution, copying or other use of, or taking of any action in reliance upon this information is strictly prohibited. If you have received this communication in error, please contact the sender and delete the material from your computer.



-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-mobile-profile/attachments/20230922/bbeefbd0/attachment-0001.html>

More information about the Openid-specs-mobile-profile mailing list