« All Articles
Talk @ Identiverse 2020

Identity Assurance with OpenID Connect

OpenID Connect has become a leading standard for providing relying parties with identity information. With a growing global adoption, OpenID Connect faces new use cases, like eGovernment, telecommunications, and health applications, where just providing identity information is not enough. Instead, the identity provider (IDP) needs to explicitly attest the verification status of the claims delivered. More precisely, it must distinguish verified from unverified claims and provide information about the verification itself: What data was verified? How was that checked and according to which rules? When was it checked and by whom? What evidence was used in the process? This information facilitates mapping between regulatory/legal contexts and provides a basis for dispute resolution and auditing. OpenID Connect for Identity Assurance aims to solve this problem: The standard defines a robust and unambiguous representation of verified claims and verification metadata. Based on global collaboration, it includes identifiers for various international trust frameworks, identity documents, and verification methods. Fine-grained data minimization controls ensure user privacy and compliance. This talk gives an introduction to the current status of OpenID Connect for Identity Assurance: From the design objectives to the data structures.