NIST IAL2 Journeys with OAuth2!
New NIST IAL2 Journeys with OAuth2.
With this release, 1Kosmos is able to trigger an identity verification journey via OAuth2 “acr” type claims! We previously released a NIST compliant IAL2 proofing journey for end users to proof themselves using a government issued identity, such as Driver’s License.
We described previously how a user can follow the NIST guidelines to achieve IAL2 with 1Kosmos:
Step 1: Email & Phone Verification
Step 2: Govt ID Verification
Step 3: Biometric Verification
Step 4: Generate Reusable IAL2 Credential
OAuth2 ACR claims to trigger IAL2 Proofing
Relying parties can trigger an identity verification using OAuth 2.0 ACR Claim with the desired IAL level. When the “acr” claim is received by 1Kosmos, the platform triggers a journey to elevate the user’s identity assurance level. A response is returned letting the relying party know if the user passed identity verification and the IAL of the user embedded in the “amr” claim.
Here is how the “acr” claim can be sent in the claims request parameter:
- Relying Party will present a list of ACRs is by including the “acr” claim in the value of the claims request parameter
- 1Kosmos will fulfill the request by interpreting the “acr”: {“essential”: true, “value”: [“/assurance/ial/2/”] } value to imply a MANDATORY request to step up the user’s IAL to 2
- Note: “acr”: {“essential”: true, “value”: [“/assurance/ial/2/”] } requests the /assurance/ial/2/ claim, i.e., asks for an assertion of IAL value of 2.