eKYC & IDA Working Group - Charter
The eKYC and Identity Assurance (eKYC & IDA) WG is developing extensions to OpenID Connect that will standardise the communication of assured identity information, i.e. verified claims and information about how the verification was done and how the respective claims are maintained.
eKYC & IDA Working Group
OVERVIEW
eKYC & IDA Working Group
CHARTER
eKYC & IDA Working Group
SPECIFICATIONS
eKYC & IDA Working Group
REPOSITORY
eKYC & IDA Working Group Charter
1) Working Group name
eKYC and Identity Assurance Working Group
2) Purpose
Develop OpenID specifications for providing Relying Parties with identity information, i.e. verified Claims, along with an explicit attestation of the verification status of those Claims (what, how, when, according to what rules, using what evidence). These specifications are aimed at enabling use cases requiring strong identity assurance, for example, to comply with potential regulatory requirements such as Anti-Money Laundering laws or access to health data, risk mitigation, or fraud prevention.
Terminology
[SOURCE: ISO/IEC 24760-1:2011, 3.1.2, modified – entity has been replaced by subject, added mapping of attribute to claim]
identity information verification
process of checking identity information and credentials against issuers, data sources, or other internal or external resources with respect to authenticity, validity, correctness, and binding to the entity
verification
process of checking information by comparing the provided information with previously corroborated information
verifier
actor that corroborates identity information
person
human being
subject
person whose identity is being proofed
identity
set of attributes related to a subject
identifying attribute
attribute that contributes to uniquely identifying a subject within a context
Note: in the context of OpenID Connect designated as “Claim”.
supporting attribute
attribute that is used in identity proofing but not as an identifying attribute
identity information
set of values of attributes optionally with any associated metadata in an identity
evidence of identity (EOI)
evidence that provides a degree of confidence that a subject is represented by the identity being claimed
authoritative evidence
holds identifying attribute(s) that are managed by an authoritative party
Note: A point in time copy of the identifying attribute(s) is liable to become out of date and therefore becomes corroborative evidence.
Note: This is one type of evidence of identity.
authoritative party
entity that has the right to create and responsibility to own and directly manage an identifying attribute
Note: Law sometimes nominates a party as authoritative. It is possible that such a party is subject to legal controls.
corroborative evidence
holds identifying attribute(s) that are not managed by an authoritative party
Note: The identifying attributes in corroborative evidence may not be as up-to-date or accurate as authoritative evidence.
Note: This is one type of evidence of identity.
proofing information
information collected for identity proofing
proofing party
party that performs identity proofing of a subject
3) Scope
- Representation of verified claims and respective metadata about the identity verification that can be used in JSON objects and JWTs
- A mechanism to request and provide verified claims about both natural and legal persons
- Specification of additional claims as required for the objectives of this working group
- Not making breaking changes to existing OpenID Connect specifications
Out of Scope:
Legal or regulatory advice, Identity Proofing, identity information verification
4) Proposed specifications
OpenID Connect for Identity Assurance 1.0
5) Anticipated audience or users
- Identity Verifiers
- Application Developers (acting as RPs)
- Identity Providers (IDPs) or Claims Providers
- Trust Framework operators
6) Language
English.
7) Method of work
Mailing list and telephone/internet conference calls combined with F2F (where needed) and
information sharing/collaborative working via online tools.
8) Basis for determining when the work is completed
Rough consensus and running code. The work will be completed once it is apparent that
maximal consensus on the draft has been achieved, consistent with the purpose and scope.
Related works
OpenID Connect specifications
Proposers
- Marcos Sanz Grossón, DENIC eG
- Maciej Machulak, Independent
- Michael B. Jones, Microsoft
- Steinar Noem, Udelt AS
- Naohiro Fujie, Independent
- Azusa Kikuchi, TRUSTDOCK
- Torsten Lodderstedt, yes.com AG
- Adam Cooper, ID Crowd
- David Skyberg, Capital One N.A.
- Nat Sakimura, NRI
- Bjorn Hjelm, Verizon