*About disclosures for Array Elements versus disclosures of name/value pair*
1) The draft of Annex - Ares(2024)5786783 "laying down rules for the
application of Regulation (EU) No 910/2014
of the European Parliament and of the Council as regards person
identification data and electronic attestations
of attributes issued to European Digital Identity Wallets" identifies on
page 1 in Table 1: Mandatory attributes, the following attribute:
*Attribute identifier*
*Definition*
*Presence*
*Encoding format*
nationality
One or more Alpha-2 country codes as specified in ISO 3166-1,
representing the nationality of the person identification data user.
Mandatory
tstr
Section 5.2.6 from draft-ietf-oauth-selective-disclosure-jwt-12
(Recursive Disclosures) describes an example
which is much better than the current**Mandatory attribute "nationality"
described in the draft of Annex - Ares(2024)5786783.
*When the *End-User* has multiple nationalities, the issuer may wish to
conceal the presence of any statement regarding nationalities while
also allowing the holder to reveal each of those nationalities
individually.This can be accomplished by first making the entries
within the "nationalities" array selectively disclosable, and then
making the whole "nationalities" field selectively disclosable.
*
The structure from section 5.26 should be recommended as a replacement.
Maybe such a recommendation has already been done to the EC. If it is
not the case, this should be done.
2) In the same way, the draft of Annex - Ares(2024)5786783 "laying down
rules for the application of Regulation (EU) No 910/2014
of the European Parliament and of the Council as regards person
identification data and electronic attestations
of attributes issued to European Digital Identity Wallets" identifies on
page 3 in Table 2: Optional attributes, the following two attributes:
Attribute identifier
Definition
Presence
Encoding format
age_over_18
Confirming whether the person identification data user is currently an
adult (true) or a minor (false)
Optional
bool
age_over_13
Confirming whether the person identification data user is currently over
13 years of age (false)
Optional
bool
Some countries have additional needs for "age_over_15," and "age_over_25"
as well as for age_under_25 (for social networks).
Some organizations have needs for "age_over_60" and "age_over_65".
Rather than defining new attributes names each time there will be a new
need,
the approach used for nationality (i.e. "nationalities") should be
followed.
This leads to define two fields:
- "age_over", and
- "age_under".
The issuer may wish to make the whole "age_over" and/or "age_under"
field selectively disclosable and allow the holder to make
the entries within the "age_over" and/or "age_under" array selectively
disclosable. Such an example should be added into the draft.
Maybe such a recommendation has already been done to the EC. If it is
not the case, this should be done.
Denis
_______________________________________________
OAuth mailing list -- oauth@ietf.org
To unsubscribe send an email to oauth-le...@ietf.org
