<html>

<head>

<meta http-equiv="Content-Type" content="text/html; charset=utf-8">

<style type="text/css" style="display:none;"> P {margin-top:0;margin-bottom:0;} </style>

</head>

<body dir="ltr">

<div class="elementToProof" style="font-family: Aptos, Aptos_EmbeddedFont, Aptos_MSFontService, Calibri, Helvetica, sans-serif; font-size: 12pt; color: rgb(0, 0, 0);">

George and Axel,</div>

<div class="elementToProof" style="font-family: Aptos, Aptos_EmbeddedFont, Aptos_MSFontService, Calibri, Helvetica, sans-serif; font-size: 12pt; color: rgb(0, 0, 0);">

In my initial e-mail to the Identity and Consent Management group, I pointed to the

<a href="https://openid.net/specs/fapi-grant-management-01.html" id="LPNoLPOWALinkPreview" title="https://openid.net/specs/fapi-grant-management-01.html">

Grant Management for OAuth 2.0</a> spec. as well as referenced the IETF RAR (<a href="https://datatracker.ietf.org/doc/html/rfc9396" id="LPNoLPOWALinkPreview_1" title="https://datatracker.ietf.org/doc/html/rfc9396">RFC 9396</a>) as proposed solutions to solve

 for this functionality.</div>

<div class="elementToProof" style="font-family: Aptos, Aptos_EmbeddedFont, Aptos_MSFontService, Calibri, Helvetica, sans-serif; font-size: 12pt; color: rgb(0, 0, 0);">

<br>

</div>

<div class="elementToProof" style="font-family: Aptos, Aptos_EmbeddedFont, Aptos_MSFontService, Calibri, Helvetica, sans-serif; font-size: 12pt; color: rgb(0, 0, 0);">

I agree with George's comment and the <a href="https://openid.net/specs/fapi-grant-management-01.html#name-use-cases-supported" id="LPNoLPOWALinkPreview_2" title="https://openid.net/specs/fapi-grant-management-01.html#name-use-cases-supported">

section 3</a> of Grant Management for OAuth 2.0 outlines the use cases for this spec. allowing to issue. modify and revoke an authorization such as user consent.</div>

<div style="font-family: Aptos, Aptos_EmbeddedFont, Aptos_MSFontService, Calibri, Helvetica, sans-serif; font-size: 12pt; color: rgb(0, 0, 0);" class="elementToProof">

<br>

</div>

<div class="elementToProof" style="font-family: Aptos, Aptos_EmbeddedFont, Aptos_MSFontService, Calibri, Helvetica, sans-serif; font-size: 12pt; color: rgb(0, 0, 0);">

Kind Regards,</div>

<div class="elementToProof" style="font-family: Aptos, Aptos_EmbeddedFont, Aptos_MSFontService, Calibri, Helvetica, sans-serif; font-size: 12pt; color: rgb(0, 0, 0);">

Bjorn</div>

<div id="appendonsend"></div>

<hr style="display:inline-block;width:98%" tabindex="-1">

<div id="divRplyFwdMsg" dir="ltr"><font face="Calibri, sans-serif" style="font-size:11pt" color="#000000"><b>From:</b> George Fletcher <george.fletcher@capitalone.com><br>

<b>Sent:</b> Friday, September 22, 2023 6:58 AM<br>

<b>To:</b> OpenID eKYC Identity Assurance Working Group <openid-specs-ekyc-ida@lists.openid.net><br>

<b>Cc:</b> Axel.Nennker@telekom.de <Axel.Nennker@telekom.de>; Dawid.Wroblewski@t-mobile.pl <Dawid.Wroblewski@t-mobile.pl>; Shilpa.Padgaonkar@telekom.de <Shilpa.Padgaonkar@telekom.de>; Bjorn Hjelm <bjorn.hjelm@oidf.org>; openid-specs-fapi@lists.openid.net <openid-specs-fapi@lists.openid.net>;

 openid-specs-mobile-profile@lists.openid.net <openid-specs-mobile-profile@lists.openid.net><br>

<b>Subject:</b> Re: [External Sender] Re: [OpenID-Specs-eKYC-IDA] Camara & openid connect standards, and consent and purpose</font>

<div> </div>

</div>

<div>

<div dir="auto">What about using Rich Authorization Request to address the purpose and even the scope aspects? That would provide a lot of flexibility without adding any new parameters.</div>

<div dir="auto"><br>

</div>

<div dir="auto">Thanks,</div>

<div dir="auto">George</div>

<div><br>

<div class="x_gmail_quote">

<div dir="ltr" class="x_gmail_attr">On Fri, Sep 22, 2023 at 9:14 AM Axel.Nennker--- via Openid-specs-ekyc-ida <<a href="mailto:openid-specs-ekyc-ida@lists.openid.net">openid-specs-ekyc-ida@lists.openid.net</a>> wrote:<br>

</div>

<blockquote class="x_gmail_quote" style="margin:0px 0px 0px 0.8ex; border-left-width:1px; border-left-style:solid; padding-left:1ex; border-left-color:rgb(204,204,204)">

<div lang="en-DE" style="">

<div class="x_m_-269941130090251749WordSection1">

<p class="x_MsoNormal"><span lang="EN-US" style="font-size:11pt">An addition from Shilpa (who is not subscribed to OIDF mailing lists):<u></u><u></u></span></p>

<p class="x_MsoNormal"><span lang="EN-US" style="font-size:11pt"><u></u> <u></u></span></p>

<p class="x_MsoNormal" style="margin-left:36pt"><span lang="EN-US" style="font-size:11pt; color:rgb(33,33,33)">A good place to look at would be the PR<a href="https://urldefense.com/v3/__https://github.com/camaraproject/IdentityAndConsentManagement/blob/526207689d024dd2294167d52f248fc4ae82f6b3/documentation/SupportingDocuments/Purpose*20Consent*20Proposal*20comparison.md__;JSUl!!FrPt2g6CO4Wadw!Ln7wmdCcyM40rpO7YOEsJ3y5c4_-G9jbSR9QQ9WrXmI9WVludTNqwbPQoz5lVyf-ymIA7JBRcVOxOePMX7TAJo6whq_dbr1VClZYRZaG$" title="https://github.com/camaraproject/IdentityAndConsentManagement/blob/526207689d024dd2294167d52f248fc4ae82f6b3/documentation/SupportingDocuments/Purpose%20Consent%20Proposal%20comparison.md" target="_blank"><span style="color:rgb(0,120,215)">https://github.com/camaraproject/IdentityAndConsentManagement/blob/526207689d024dd2294167d52f248fc4ae82f6b3/documentation/SupportingDocuments/Purpose%20Consent%20Proposal%20comparison.md</span></a></span><span style="color:rgb(33,33,33)"><u></u><u></u></span></p>

<p class="x_MsoNormal" style="margin-left:36pt"><span lang="EN-US" style="font-size:11pt; color:rgb(33,33,33)"> </span><span style="color:rgb(33,33,33)"><u></u><u></u></span></p>

<p class="x_MsoNormal" style="margin-left:36pt"><span lang="EN-US" style="font-size:11pt; color:rgb(33,33,33)">In the table there is a row about  </span><span lang="EN-US" style="font-size:11pt; color:rgb(68,114,196)">“What is expected for each /authorize call?”. </span><span lang="EN-US" style="font-size:11pt; color:rgb(33,33,33)">Here

 you can find the comments from the 3 proposals in a consolidated format.</span><span style="color:rgb(33,33,33)"><u></u><u></u></span></p>

</div>

</div>

<div lang="en-DE" style="">

<div class="x_m_-269941130090251749WordSection1">

<p class="x_MsoNormal"><span style="font-size:11pt"><u></u> <u></u></span></p>

<p class="x_MsoNormal"><span style="font-size:11pt"><u></u> <u></u></span></p>

<p class="x_MsoNormal"><span style="font-size:11pt"><u></u> <u></u></span></p>

<div id="x_m_-269941130090251749mail-editor-reference-message-container">

<div>

<div style="border-width:1pt medium medium; border-style:solid none none; padding:3pt 0cm 0cm; border-color:rgb(181,196,223) currentcolor currentcolor">

<p class="x_MsoNormal" style="margin-bottom:12pt"><b><span style="font-size:12pt; color:black">From:

</span></b><span style="font-size:12pt; color:black">Nennker, Axel <<a href="mailto:Axel.Nennker@telekom.de" target="_blank">Axel.Nennker@telekom.de</a>><br>

<b>Date: </b>Friday, 22. September 2023 at 14:54<br>

<b>To: </b>Bjorn Hjelm <<a href="mailto:bjorn.hjelm@oidf.org" target="_blank">bjorn.hjelm@oidf.org</a>>, MODRNA WG <<a href="mailto:openid-specs-mobile-profile@lists.openid.net" target="_blank">openid-specs-mobile-profile@lists.openid.net</a>>, OpenID eKYC

 Identity Assurance Working Group <<a href="mailto:openid-specs-ekyc-ida@lists.openid.net" target="_blank">openid-specs-ekyc-ida@lists.openid.net</a>>, FAPI Working Group List <<a href="mailto:openid-specs-fapi@lists.openid.net" target="_blank">openid-specs-fapi@lists.openid.net</a>><br>

<b>Cc: </b>Padgaonkar, Shilpa <<a href="mailto:Shilpa.Padgaonkar@telekom.de" target="_blank">Shilpa.Padgaonkar@telekom.de</a>>, Wróblewski, Dawid <<a href="mailto:Dawid.Wroblewski@t-mobile.pl" target="_blank">Dawid.Wroblewski@t-mobile.pl</a>><br>

<b>Subject: </b>Camara & openid connect standards, and consent and purpose<u></u><u></u></span></p>

</div>

<p class="x_MsoNormal"><span lang="EN-US" style="font-size:11pt">Hi all,</span><u></u><u></u></p>

<p class="x_MsoNormal"><span lang="EN-US" style="font-size:11pt"> </span><u></u><u></u></p>

<p class="x_MsoNormal"><span lang="EN-US" style="font-size:11pt">in the Linux Foundation’s Camara project “consent” for API access is an important topic.</span><u></u><u></u></p>

<p class="x_MsoNormal"><span lang="EN-US" style="font-size:11pt"><a href="https://urldefense.com/v3/__https://github.com/camaraproject/IdentityAndConsentManagement__;!!FrPt2g6CO4Wadw!Ln7wmdCcyM40rpO7YOEsJ3y5c4_-G9jbSR9QQ9WrXmI9WVludTNqwbPQoz5lVyf-ymIA7JBRcVOxOePMX7TAJo6whq_dbr1VCnpLKN8b$" target="_blank">https://github.com/camaraproject/IdentityAndConsentManagement</a></span><u></u><u></u></p>

<p class="x_MsoNormal"><span lang="EN-US" style="font-size:11pt"> </span><u></u><u></u></p>

<p class="x_MsoNormal"><span lang="EN-US" style="font-size:11pt">We discussed “consent”, “purpose”, etc in the past in the OIDF in several working groups but people felt that the topic is not well understood, and most of the details were not standardized.</span><u></u><u></u></p>

<p class="x_MsoNormal"><span lang="EN-US" style="font-size:11pt"> </span><u></u><u></u></p>

<p class="x_MsoNormal"><span lang="EN-US" style="font-size:11pt">The eKYC-IDA group opted for going the way of defining a parameter “purpose” which is “some text”.

</span><u></u><u></u></p>

<p class="x_MsoNormal"><span lang="EN-US" style="font-size:11pt"><a href="https://urldefense.com/v3/__https://openid.net/specs/openid-connect-4-identity-assurance-1_0-13.html*name-transaction-specific-purpos__;Iw!!FrPt2g6CO4Wadw!Ln7wmdCcyM40rpO7YOEsJ3y5c4_-G9jbSR9QQ9WrXmI9WVludTNqwbPQoz5lVyf-ymIA7JBRcVOxOePMX7TAJo6whq_dbr1VCuplX4y8$" target="_blank">https://openid.net/specs/openid-connect-4-identity-assurance-1_0-13.html#name-transaction-specific-purpos</a></span><u></u><u></u></p>

<p class="x_MsoNormal"><span lang="EN-US" style="font-size:11pt"> </span><u></u><u></u></p>

<p class="x_MsoNormal"><span lang="EN-US" style="font-size:11pt">Instead of “some text” others suggested to encode the purpose/consent into scope like e.g.

</span><u></u><u></u></p>

<pre style="font-family:monospace"><span lang="EN-US" style="font-size:11pt; font-family:Calibri,sans-serif">“</span>scope=FraudPreventionandDetection:check-sim-swap-date<span lang="EN-US" style="font-size:11pt; font-family:Calibri,sans-serif">”</span><u style="font-family:monospace"></u><u style="font-family:monospace"></u></pre>

<div id="x_m_-269941130090251749mail-editor-reference-message-container">

<div>

<div>

<p class="x_MsoNormal"><span lang="EN-US" style="font-size:11pt"><a href="https://urldefense.com/v3/__https://github.com/camaraproject/IdentityAndConsentManagement/issues/32__;!!FrPt2g6CO4Wadw!Ln7wmdCcyM40rpO7YOEsJ3y5c4_-G9jbSR9QQ9WrXmI9WVludTNqwbPQoz5lVyf-ymIA7JBRcVOxOePMX7TAJo6whq_dbr1VCiP4CYHQ$" target="_blank"><span lang="EN-GB">https://github.com/camaraproject/IdentityAndConsentManagement/issues/32</span></a></span><u></u><u></u></p>

<p class="x_MsoNormal"><span style="font-size:12pt; font-family:Aptos,sans-serif"> </span><u></u><u></u></p>

<p class="x_MsoNormal"><span lang="EN-US" style="font-size:11pt">Sorry for cross-posting to MODRNA and eKYC-IDA and FAPI.

</span><u></u><u></u></p>

<p class="x_MsoNormal"><span lang="EN-US" style="font-size:11pt">Which OIDF would be the right one to tackle consent/purpose (again)?</span><u></u><u></u></p>

<p class="x_MsoNormal"><span lang="EN-US" style="font-size:11pt"> </span><u></u><u></u></p>

</div>

</div>

</div>

<p class="x_MsoNormal"><span lang="EN-US" style="font-size:11pt">Or please contribute to the issue

</span><span lang="EN-US" style="font-size:11pt"><a href="https://urldefense.com/v3/__https://github.com/camaraproject/IdentityAndConsentManagement/issues/32__;!!FrPt2g6CO4Wadw!Ln7wmdCcyM40rpO7YOEsJ3y5c4_-G9jbSR9QQ9WrXmI9WVludTNqwbPQoz5lVyf-ymIA7JBRcVOxOePMX7TAJo6whq_dbr1VCiP4CYHQ$" target="_blank"><span lang="EN-GB">https://github.com/camaraproject/IdentityAndConsentManagement/issues/32</span></a>

 and others directly.</span><u></u><u></u></p>

<p class="x_MsoNormal"><span lang="EN-US" style="font-size:11pt"> </span><u></u><u></u></p>

<p class="x_MsoNormal"><span lang="EN-US" style="font-size:11pt">Also, if you are a telco employee who participates in OIDF WGs while your colleagues are working in Camara, please reach out to your colleagues.</span><u></u><u></u></p>

<p class="x_MsoNormal"><span lang="EN-US" style="font-size:11pt"> </span><u></u><u></u></p>

<p class="x_MsoNormal"><span lang="EN-US" style="font-size:11pt"> </span><u></u><u></u></p>

<p class="x_MsoNormal"><span lang="EN-US" style="font-size:11pt">Kind regards</span><u></u><u></u></p>

<p class="x_MsoNormal"><span lang="EN-US" style="font-size:11pt">Axel</span><u></u><u></u></p>

<p class="x_MsoNormal"><span lang="EN-US" style="font-size:11pt"> </span><u></u><u></u></p>

<p class="x_MsoNormal"><span lang="EN-US" style="font-size:11pt">Bjorn and Gail presented OIDF to Camara</span><u></u><u></u></p>

<p class="x_MsoNormal"><span lang="EN-US" style="font-size:11pt"><a href="https://urldefense.com/v3/__https://github.com/camaraproject/WorkingGroups/blob/main/Commonalities/documentation/SupportingDocuments/OIDF-CAMARA*20Project*20Presentation*20Jun*201*202023.pptx__;JSUlJSU!!FrPt2g6CO4Wadw!Ln7wmdCcyM40rpO7YOEsJ3y5c4_-G9jbSR9QQ9WrXmI9WVludTNqwbPQoz5lVyf-ymIA7JBRcVOxOePMX7TAJo6whq_dbr1VCjtPFPXX$" target="_blank">https://github.com/camaraproject/WorkingGroups/blob/main/Commonalities/documentation/SupportingDocuments/OIDF-CAMARA%20Project%20Presentation%20Jun%201%202023.pptx</a></span><u></u><u></u></p>

<p class="x_MsoNormal"><span lang="EN-US" style="font-size:11pt"> </span><u></u><u></u></p>

<p class="x_MsoNormal"><span lang="EN-US" style="font-size:11pt"><a href="https://urldefense.com/v3/__https://openid.net/specs/openid-connect-user-questioning-api-1_0-11.html__;!!FrPt2g6CO4Wadw!Ln7wmdCcyM40rpO7YOEsJ3y5c4_-G9jbSR9QQ9WrXmI9WVludTNqwbPQoz5lVyf-ymIA7JBRcVOxOePMX7TAJo6whq_dbr1VCl09MZ4X$" target="_blank">https://openid.net/specs/openid-connect-user-questioning-api-1_0-11.html</a></span><u></u><u></u></p>

<p class="x_MsoNormal"><span lang="EN-US" style="font-size:11pt"><a href="https://urldefense.com/v3/__https://openid.net/specs/fapi-grant-management.html*name-historical-grant-authorisat__;Iw!!FrPt2g6CO4Wadw!Ln7wmdCcyM40rpO7YOEsJ3y5c4_-G9jbSR9QQ9WrXmI9WVludTNqwbPQoz5lVyf-ymIA7JBRcVOxOePMX7TAJo6whq_dbr1VCoHPZQHj$" target="_blank">https://openid.net/specs/fapi-grant-management.html#name-historical-grant-authorisat</a></span><u></u><u></u></p>

<p class="x_MsoNormal"><span lang="EN-US" style="font-size:11pt"> </span><u></u><u></u></p>

</div>

</div>

</div>

</div>

<div lang="en-DE" style="">

<div class="x_m_-269941130090251749WordSection1"></div>

</div>

-- <br>

Openid-specs-ekyc-ida mailing list<br>

<a href="mailto:Openid-specs-ekyc-ida@lists.openid.net" target="_blank">Openid-specs-ekyc-ida@lists.openid.net</a><br>

<a href="https://urldefense.com/v3/__https://lists.openid.net/mailman/listinfo/openid-specs-ekyc-ida__;!!FrPt2g6CO4Wadw!Ln7wmdCcyM40rpO7YOEsJ3y5c4_-G9jbSR9QQ9WrXmI9WVludTNqwbPQoz5lVyf-ymIA7JBRcVOxOePMX7TAJo6whq_dbr1VCjFxiH69$" rel="noreferrer" target="_blank">https://urldefense.com/v3/__https://lists.openid.net/mailman/listinfo/openid-specs-ekyc-ida__;!!FrPt2g6CO4Wadw!Ln7wmdCcyM40rpO7YOEsJ3y5c4_-G9jbSR9QQ9WrXmI9WVludTNqwbPQoz5lVyf-ymIA7JBRcVOxOePMX7TAJo6whq_dbr1VCjFxiH69$</a>

<br>

</blockquote>

</div>

</div>

<hr>

<table border="0" cellspacing="0" cellpadding="0" width="100%" height="30">

<br>

<tbody>

<tr>

<br>

<font color="#404040">The information contained in this e-mail is confidential and/or proprietary to Capital One and/or its affiliates and may only be used solely in performance of work or services for Capital One. The information transmitted herewith is intended

 only for use by the individual or entity to which it is addressed. If the reader of this message is not the intended recipient, you are hereby notified that any review, retransmission, dissemination, distribution, copying or other use of, or taking of any

 action in reliance upon this information is strictly prohibited. If you have received this communication in error, please contact the sender and delete the material from your computer.</font><br>

</tr>

<br>

</tbody>

</table>

<br>

</div>

</body>

</html>