eKYC and Identity Assurance WG



The eKYC and Identity Assurance (eKYC & IDA) WG is developing extensions to OpenID Connect that will standardise the communication of assured identity information, i.e. verified claims and information about how the verification was done and how the respective claims are maintained.


What is the burning business problem?

  • Ambiguity and implicit assumptions regarding claims assurance
  • Complex and costly custom solutions for communicating assured identity
  • Inconsistent implementations
  • Proprietary interfaces
  • In-person proofing is now a challenge due to COVID-19
  • Emerging regulations such as GDPR, CCPA, and AMLD V
  • Huge costs of implementing and operating these services


Why is this being done as an OpenID Connect extension? 

  • Built on top of a set of widely adopted open standards
    • OpenID Connect
    • And optionally the Financial-grade API security profile
  • OpenID Connect is increasingly used in scenarios requiring higher identity assurance levels. Some examples include:
    • Anti-money laundering
    • Telecommunications
    • eGovernment
    • Access to health data
    • Risk mitigation
    • Fraud prevention
  • OpenID Connect already provides for specific user authorisation and exchange mechanisms of the data being shared
  • Implementers can built upon the broad tool set available for OpenID Connect to implement high assurance use cases
  • Existing implementations can be enhanced to use verified claims


eKYC & IDA will simplify and reduce costs of identity verification

  • Creates a standardised interface for communicating how verification of a user was performed
  • Clearly differentiates verified and unverified claims thus removing ambiguity and allowing to represent both types of claims in the same assertion 
  • Simplifies integration of remote high assurance identification processes
  • Allow purchase of vendor solutions that will interoperate with other standardised identity verification components
  • OIDF will provide a testing framework for standardised eKYC software and implementations


How will eKYC & IDA spec do this?

  • The specification adds a way to express information about how the identity claims were assured and how they are maintained
  • Defined flexible data schemas for request and response as well as communicating information relating to the assured identity data including:
    • Which data are required
    • How identity was verified
    • Which entity performed the ID verification
    • What evidence was presented
    • When identity was verified
  • Planning to add support for conditional claims
  • Planning to add support for legal entity and delegated authority use cases


Participation

  • Working Group Mailing List
    • http://lists.openid.net/mailman/listinfo/openid-specs-ekyc-ida


Working Group Chairs

  • Torsten Lodderstedt, Anthony Nadalin, Naohiro Fujie, Mark Haine
    • Email Distribution List: openid-specs-ekyc-ida@lists.openid.net.


List of Specifications

The most current update on eKYC & IDA efforts are summarised in this presentation: