Problem description
In Number Verification we have adhered to the use of OIDC security scheme as per commonalities guidelines.
However OIDC as per standard would also entail the use / delivery of identity tokens. In our case (Number Verification) we don't see the need for identity tokens (but see the need for Authorization code grant).
Having checked with commonalities for some recommendation / principle that could be used to both adhere to OIDC but not use / implement identity tokens, they indicated that IdentityAndConsentManagement should be able to provide some guidance (that Number Verification and commonalities) can use.
Expected action
Clarification on the directive to adhere to OIDC - what parts are mandatory, if all parts are not mandatory is for example a compliance statement necessary in each workgroup?
Additional context
Problem description
In Number Verification we have adhered to the use of OIDC security scheme as per commonalities guidelines.
However OIDC as per standard would also entail the use / delivery of identity tokens. In our case (Number Verification) we don't see the need for identity tokens (but see the need for Authorization code grant).
Having checked with commonalities for some recommendation / principle that could be used to both adhere to OIDC but not use / implement identity tokens, they indicated that IdentityAndConsentManagement should be able to provide some guidance (that Number Verification and commonalities) can use.
Expected action
Clarification on the directive to adhere to OIDC - what parts are mandatory, if all parts are not mandatory is for example a compliance statement necessary in each workgroup?
Additional context