Transaction data also in SIOP? #24
Comments
|
is there a reason why you want to combine transaction data with SIOP and not lower assurance EAAs presentation in OpenID4VP? Sounds like you have in mind a mechanism that is not payments nor QES and information in self-issued ID Token (which is pretty much self-attested data + identifier) is enough..? |
|
Sometimes you don't need EEAs... Just stable ID is enough. |
|
So why not still use OID4VP then? You can use it for self-asserted EAAs/credentials as well. The benefit of that is that you would still be able to leverage the credential query (PE) capabilities as a RP |
|
@nklomp That's something we can do, of course, I just see it as a hack to overcome meaningless limitation... |
Hi, I believe having transaction data in SIOPv4 authentication flow, similarly to OID4VP, can greatly improve user experience. There are implementation when SIOPv2 is used as passwordless authentication mechanism into a cloud service. However, the consent (to data processing, T&C etc) needs to be handled separately. This can improve the trustworthiness of such a consent, as well as improve user experience. Other possible use cases: questionnaire/form submissions, where a more robust data verification is required, but PID is a bit too much (such as online shop orders), performing sensitive operations on a cloud service ("do you really wanna delete this account?") etc.
The text was updated successfully, but these errors were encountered: