This week the OpenID Foundation announced the approval of the Implementer’s Draft of the OpenID Connect for Identity Assurance specification. This new specification is a product of the OpenID Connect Working group. An Implementer’s Draft is a stable version of a specification providing intellectual property protections to implementers of the specification.
The global adoption of OpenID Connect is demonstrated in the many profiles it has generated. OpenID Connect’s value is seen the range of use cases it serves and its impact on the privacy, security, and ease of use it delivers to end users. As its global adoption grows, OpenID Connect is increasingly being used in scenarios requiring higher identity assurance levels. Some examples include:
One can observe that current implementations often rely on implicit attestation of the verification status of the data provided based on the context the relying party (RP) and the trust framework the IDP has joined. Implicit attestation may cause ambiguity. For example, what claims in result set are verified and which are not? As a further challenge, the RP lacks metadata and evidence needed for mapping between regulatory/legal contexts, dispute resolution, and auditing.
The new OpenID Connect for Identity Assurance specification defines a representation for verified claims and associated metadata and evidence while enabling legal compliance for the aforementioned use cases. This specification provides important support for explicit attestation in a trust framework wherein the identity provider can supply:
The specification advances solutions for privacy wherein the RP asks for individual claims and verification data elements. This makes clear that the purpose of inquiry can be conveyed per transaction or individual claim.
This effort is intentionally and importantly internationally driven and benefits from contributions from the UK, US, CA, DE, and JP. The specification includes (growing number) of pre-defined identifiers for:
The Foundation plans to start a new working group dedicated to eKYC and Identity Assurance. The working group’s charter has roots in contributions from the UK, US, CA, DE, and JP. We would benefit from an even broader group of participants to build on the initial contributions drawing from Torsten Lodderstedt’s domain expertise and experience at yes.com.
Finally thanks to Torsten, on behalf of the Foundation and community, for advancing this important specification. Bravo Torsten!
Don Thibeau
OpenID Foundation Executive Director
© Copyright | OpenID Foundation | All Rights Reserved l Read our Privacy Policy
Adjust Cookie Setting
To provide the best experiences, we use technologies like cookies to store and/or access device information. Consenting to these technologies will allow us to process data such as browsing behavior or unique IDs on this site. Not consenting or withdrawing consent, may adversely affect certain features and functions.