[Openid-specs-mobile-profile] Camara & openid connect standards, and consent and purpose
Bjorn Hjelm
bjorn.hjelm at oidf.org
Fri Sep 22 16:32:32 UTC 2023
Axel,
Related to your question about how to engage with the OpenID Foundation, we're in the process of establishing a formal liaison relationship between the CAMARA Project/Linux Foundation and the OpenID Foundation and just waiting for document signatures to completed.
The presentation that we made to the CAMARA Project was prior to the revised external relationship that the CAMARA Project has now established and is now being formalized between the two organizations. Once in place, I would envision that the communication would be more frequent and the OpenID Foundation would be in a better position to help guide and assist the CAMARA Project in the technical development.
Kind REgards,
Bjorn
________________________________
From: Axel.Nennker at telekom.de <Axel.Nennker at telekom.de>
Sent: Friday, September 22, 2023 5:54 AM
To: Bjorn Hjelm <bjorn.hjelm at oidf.org>; openid-specs-mobile-profile at lists.openid.net <openid-specs-mobile-profile at lists.openid.net>; openid-specs-ekyc-ida at lists.openid.net <openid-specs-ekyc-ida at lists.openid.net>; openid-specs-fapi at lists.openid.net <openid-specs-fapi at lists.openid.net>
Cc: Shilpa.Padgaonkar at telekom.de <Shilpa.Padgaonkar at telekom.de>; Dawid.Wroblewski at t-mobile.pl <Dawid.Wroblewski at t-mobile.pl>
Subject: Camara & openid connect standards, and consent and purpose
Hi all,
in the Linux Foundation’s Camara project “consent” for API access is an important topic.
https://github.com/camaraproject/IdentityAndConsentManagement
We discussed “consent”, “purpose”, etc in the past in the OIDF in several working groups but people felt that the topic is not well understood, and most of the details were not standardized.
The eKYC-IDA group opted for going the way of defining a parameter “purpose” which is “some text”.
https://openid.net/specs/openid-connect-4-identity-assurance-1_0-13.html#name-transaction-specific-purpos
Instead of “some text” others suggested to encode the purpose/consent into scope like e.g.
“scope=FraudPreventionandDetection:check-sim-swap-date”
https://github.com/camaraproject/IdentityAndConsentManagement/issues/32
Sorry for cross-posting to MODRNA and eKYC-IDA and FAPI.
Which OIDF would be the right one to tackle consent/purpose (again)?
Or please contribute to the issue https://github.com/camaraproject/IdentityAndConsentManagement/issues/32 and others directly.
Also, if you are a telco employee who participates in OIDF WGs while your colleagues are working in Camara, please reach out to your colleagues.
Kind regards
Axel
Bjorn and Gail presented OIDF to Camara
https://github.com/camaraproject/WorkingGroups/blob/main/Commonalities/documentation/SupportingDocuments/OIDF-CAMARA%20Project%20Presentation%20Jun%201%202023.pptx
https://openid.net/specs/openid-connect-user-questioning-api-1_0-11.html
https://openid.net/specs/fapi-grant-management.html#name-historical-grant-authorisat
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-mobile-profile/attachments/20230922/3710c15e/attachment-0001.html>
More information about the Openid-specs-mobile-profile
mailing list