IDBB Status Meeting 13th October 2023
Attendees
@Vishwanath V
@Jaume DUBOIS
@smita.selot
Agenda
Follow-up discussion on Credential and Subscription Management APIs
Minutes of the meeting
MOSIP provides preliminary consent management via e-signet implementation.
Consent given by the user on the Resident Service Portal is stored in MOSIP, and when the user logs in to the Resident Services again, the previously agreed consent is used by default.
It is possible to store and manage consent in e-Signet for a combination of Relying Party applications and users.
Further consent management can be implemented in e-Signet.
No explicit consent is taken for Physical Card Printing (Printing Service Partner) in MOSIP.
GovStack will recommend the standard-driven interfaces for subscription management such as WebSub and WebHooks.
The relying Party must not have continuous access to user identity credentials. Every time the application needs the credentials, it must involve the user. For example, a banking application can ask users to update addresses every 6 months.
The relying party applications can request user credentials using two methods:
The user logs in using MOSIP UIN/VID. The user does not enter OTP for sharing credentials with the relying party application, and the access token shared at the time of login is used. The user credentials can be shared with the application based on the consent.
If the user logs in using Relying Party login details, then the application has to authenticate the user using OTP and take the consent. This is a cumbersome workflow for the user and the first method is preferred.