Hi N, Il giorno lun 4 apr 2022 alle ore 18:08 Steinar Noem <stei...@udelt.no> ha scritto: > Ah, for machine-to-machine the eKYC/IA spec is not relevant - as it requires > an interactive session (an authenticated user). Ok. Could that information be vouched by a third party though?
> But the Rich Authorization Spec (authorization_details) describes how to > express more information related to a grant, so that would be fitting I would > think. > We use the structure for accountability purposes, legal basis and legitimate > interest - and reflect certain claims in the access token (JWT). If this is related to public sector API, it would be really interesting to discuss that topic and see some examples! Have a nice day, R. > > man. 4. apr. 2022 kl. 18:02 skrev Roberto Polli <robipo...@gmail.com>: >> >> Thanks Noem, >> >> Il giorno lun 4 apr 2022 alle ore 16:32 Steinar Noem <stei...@udelt.no> ha >> scritto: >> >> I'm looking for a standard way to express data processing purposes in >> >> access token/requests. >> >>E.g an access token request/response should provide an identifier linked >> >>to the reason that motivates >> > Maybe you’ll find the work on RAR and identity assurance in OIDF >> > interesting? >> > RAR could be used for indicating a “legitimate interest”, and IA could >> > cater for accountability. >> >> You mean the authorization_details and verified_claims ? >> Interesting! Is was wondering whether there was something more concise, >> but I will investigate if that's viable for a machine-to-machine interaction >> like the one >> I'm working on. >> >> Thanks again, >> R: >> > > > -- > Vennlig hilsen > > Steinar Noem > Partner Udelt AS > Systemutvikler > > | stei...@udelt.no | h...@udelt.no | +47 955 21 620 | www.udelt.no | _______________________________________________ OAuth mailing list OAuth@ietf.org https://www.ietf.org/mailman/listinfo/oauth
