[ID4me Governance] [Technical_wg] ID4me verified identities framework

Marcos Sanz sanz at denic.de
Wed Aug 28 13:44:47 UTC 2019


Hi Vittorio,

> Well, people doing verification should become data authorities, rather 
than auditors of each operator's practices, but there could
> still be merit in doing both things together. After all, we want to 
define a flexible set of roles, but we do not pose many 
> constraints against someone holding multiple roles at the same time.
> 
> Also I don't know if, in the current OIDC drafts, the same claim can be 
verified by more than one source, but I agree it would be 
> interesting.

this is something we are pursuing at the moment, cf:
https://bitbucket.org/openid/connect/issues/1105/support-multiple-verified_claims-elements

See specially the last remark: "This also means the OP could provide the 
RP with the same end-user claim verified by different claim sources in 
different verified_claims elements"

I guess this is exactly what you'd like to have?

Best,
Marcos


More information about the Governance_wg mailing list