Ah, for machine-to-machine the eKYC/IA spec is not relevant - as it requires an interactive session (an authenticated user). But the Rich Authorization Spec (authorization_details) describes how to express more information related to a grant, so that would be fitting I would think. We use the structure for accountability purposes, legal basis and legitimate interest - and reflect certain claims in the access token (JWT).
man. 4. apr. 2022 kl. 18:02 skrev Roberto Polli <robipo...@gmail.com>: > Thanks Noem, > > Il giorno lun 4 apr 2022 alle ore 16:32 Steinar Noem <stei...@udelt.no> > ha scritto: > >> I'm looking for a standard way to express data processing purposes in > access token/requests. > >>E.g an access token request/response should provide an identifier linked > to the reason that motivates > > Maybe you’ll find the work on RAR and identity assurance in OIDF > interesting? > > RAR could be used for indicating a “legitimate interest”, and IA could > cater for accountability. > > You mean the authorization_details and verified_claims ? > Interesting! Is was wondering whether there was something more concise, > but I will investigate if that's viable for a machine-to-machine > interaction like the one > I'm working on. > > Thanks again, > R: > > -- Vennlig hilsen Steinar Noem Partner Udelt AS Systemutvikler | stei...@udelt.no | h...@udelt.no | +47 955 21 620 | www.udelt.no |
_______________________________________________ OAuth mailing list OAuth@ietf.org https://www.ietf.org/mailman/listinfo/oauth