eKYC & IDA Working Group - Specifications
The eKYC and Identity Assurance (eKYC & IDA) WG is developing extensions to OpenID Connect that will standardise the communication of assured identity information, i.e. verified claims and information about how the verification was done and how the respective claims are maintained.
eKYC & IDA Working Group
OVERVIEW
eKYC & IDA Working Group
CHARTER
eKYC & IDA Working Group
SPECIFICATIONS
eKYC & IDA Working Group
REPOSITORY
The working group has been developing the following specifications:
Final Specifications
- OpenID Identity Assurance Schema Definition 1.0 – defines a payload schema that can be used to describe a wide variety of identity assurance metadata about a number of claims that have been assessed as meeting a given assurance level
- OpenID Connect for Identity Assurance Claims Registration 1.0 – specification defines an extension of OpenID Connect that registers new JWT claims about end-users. This extension defines new claims relating to the identity of a natural person that were originally defined within earlier drafts of OpenID Connect for Identity Assurance.
- OpenID Connect for Identity Assurance 1.0 – defines an extension of OpenID Connect protocol for providing relying parties with claims about end-users that have a certain level of verification and/or additional metadata about the claim or the process of verification for access control, entitlement decisions or input to further verification processes
Implementer's Drafts
- OpenID Connect for Identity Assurance 1.0. – Defines an extension to OpenID Connect for providing Relying Parties with identity information, i.e., Verified Claims, along with an explicit statement about the verification status of these Claims (what, how, when, according to what rules, using what evidence).
– Most recent Implementer’s Draft
Drafts
The current SNAPSHOT versions is being built automatically from the master branch and can be accessed at:
OpenID Connect Authority claims extension – defines an extension of OpenID Connect for providing Relying Parties with verified claims about the relationships between legal persons (humans and other humans or organisations), in a secure way, using OIDC and OAuth 2.0 protocols. This extension is intended to be used to communicate a relationship between a natural person and another natural person or legal entity in a way that can be relied upon
OpenID Connect Advanced Syntax for Claims (ASC) 1.0 – defines an extension of OpenID Connect to enable new features for requesting and receiving Claims and meta-information about Claims. There are two components that can be implemented independently or together, “Selective Abort and Omit” and “Transformed Claims”. These components enable additional data minimization requirements to be expressed between the Relying Party and the Identity Provider thus helping both parties comply with business requirements, policies and regulatory requirements relating to limiting data being transferred to that which is needed.
OpenID Attachments 1.0 – defines a way of representing binary data in the context of a JSON payload. It can be used as an extension of OpenID Connect that defines new attachments relating to the identity of a natural person or in other JSON contexts that have binary data elements
Resources
Known implementations: https://bitbucket.org/openid/ekyc-ida/wiki/Implementations
Identiverse 2022 presentation: https://www.youtube.com/watch?v=ZSGyav5w34U&list=PLpKq7xRiIHaSeBkOv_FPYHWbukhjqrJRE&index=57