eKYC and Identity Assurance WG



Overview

The global adoption of OpenID Connect is demonstrated in the many profiles it has generated.  OpenID Connect’s value is seen the range of use cases it serves and its impact on the privacy, security, and ease of use it delivers to end users. As its global adoption grows, OpenID Connect is increasingly being used in scenarios requiring higher identity assurance levels. Some examples include:

  • Anti-Money Laundering
  • Telecommunications
  • eGovernment
  • Access to Health Data
  • Risk mitigation
  • Fraud prevention

One can observer that current implementations often rely on implicit attestation of the verification status of the data provided based on the context the relying party (RP) and the trust framework the IDP has joined. Implicit attestation may cause ambiguity. For example, what claims in result set are verified and which are not? As a further challenge, the RP lacks metadata and evidence needed for mapping between regulatory/legal contexts, dispute resolution, and auditing.

The eKYC and Identity Assurance WG develops OpenID specifications for providing Relying Parties with identity information, i.e.  verified Claims, along with an explicit attestation of the verification status of those Claims (what, how, when, according to what rules, using what evidence).

Starting point of the WG is OpenID Connect for Identity Assurance 1.0. This specification provides important support for explicit attestation in a trust framework wherein the identity provider can supply:

  • Time of verification
  • Verifier: what party verified the user‘s identity
  • Evidence: which evidence where used
  • Verification Method: how were the evidence verified

The specification advances solutions for privacy wherein the RP asks for individual claims and verification data elements. This makes clear that the purpose of inquiry can be conveyed per transaction or individual claim.

This effort is intentionally and importantly internationally driven and has benefited from contributions from the UK, US, CA, DE, and JP. The specification includes (a growing number) of pre-defined identifiers for:

  • Trust frameworks, e.g., eIDAS, NIST 800-63A, Japanese and German AML
  • Identity documents, e.g., ID Card, Passport, Driving Permit
  • Verification Methods, e.g., „“Physical In-Person Proofing” and “Supervised remote In-Person Proofing”

If you want to contribute, please join the working group!

Working Group Chairs

  • Torsten Lodderstedt, Anthony Nadalin, Naohiro Fujie, Mark Haine

The chairs can be reached at openid-specs-ekyc-ida@lists.openid.net.

List of Specifications

The current thought around it can be found in this presentation.

OpenID Connect 4 Identity Assurance Overview

Participation

The easiest way to participate is to join the mailing list at http://lists.openid.net/mailman/listinfo/openid-specs-ekyc-ida.

Please note that while anyone can join the mailing list as a read-only recipient, posting to the mailing list or actively contributing to the specification itself requires the submission of an IPR Agreement. More information is available at http://openid.net/intellectual-property. Make sure to specify the working group as eKYC-IDA WG.

Meeting Venue and Schedule

  • Regular Meetings
  • GoToMeeting software is available on Mac, PC, iPhone, and Android Phone.
  • Using VoIP option of GoToMeeting is preferred. If you have to absolutely use a plain old telephone for some reason, here is the phone number:
    United States: +1 (224) 501-3316 United Kingdom: +44 (0) 20 3713 5011
  • Meeting minutes are available at: https://bitbucket.org/openid/ekyc-ida/wiki/browse/