-
Notifications
You must be signed in to change notification settings - Fork 11
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add Age Verification to KnowYourCustomer SP's Scope in README #81
Comments
hi @ToshiWakayama-KDDI, how could we link this issue with the interesting discussion started in issue #46 and the code proposition in #50 ? thanks a lot |
Hi @GillesInnov35 ,
I do not know how to do that, but we could modify the text, so that it can be aligned with Issue #46/ PR #50. Why don' t we leave this issue for a while? BR |
Hi @GillesInnov35 , Thanks.
Generally yes, but I have commented to Issue #46, as:
Many thanks, |
hi @ToshiWakayama-KDDI and all, I've tried to summarized the current discussion with all contributors in PR #50 and issue #46
The request contains
The response
What might be the next steps
What do you think about that ? BR |
@GillesInnov35 @ToshiWakayama-KDDI Sounds like a good summary to me. Note that the score with age verification should indeed be the aggregate score, because you don't want to disclose the match on the individual attributes (for that we have the KYC Match api). |
Hi @GillesInnov35 , @HuubAppelboom , all, Let me confirm the understanding of 'ageVerified' values, please. My understanding is:
Many thanks, |
Hi @GillesInnov35 , @HuubAppelboom , all, In addition to the above, I feel the parameter name 'age' is a bit vague. It may be better to change it to something like 'specifiedAge', 'checkedAge', 'verifiedAge', 'ageThreshold'. What do you think? Best regards, |
Hi @ToshiWakayama-KDDI @GillesInnov35 @KevScarr , all, The "unverified" response was originally proposed for those cases where users may have recorded their date of birth in the telco CRM system (prepaid was mentionned as an example), but the telco never has verified whether this is valid or not. |
@ToshiWakayama-KDDI @GillesInnov35 @KevScarr , all, In the list of possible answers we may be overlooking the scenario where there is a clear mismatch between the optional pararmeters provided (for example in givenName, familyName). This means the end user is not the contract owner. For this case, I see 2 options
What do you prefer ? The 2nd option may be a better choice in terms of privacy, |
@ToshiWakayama-KDDI @GillesInnov35 @KevScarr , all, We have been discussing Age Verification with quite a few customers recently in the Netherlands, and we see demand for 2 versions of the API, depending on what data the developer has collected One is a very simple one, in which the developer simply wants to check the DoB a customer has entered (without checking any additional info). This is a simple dressed down version of the KYC Match api, where only Date of Birth is verified. If the DoB can not be verified, these customers typically use a different verification method (with more friction). The assurance level here is typically not that relevant, and for cases where there is a mismatch between end user and contract owner they simply switch to the 2nd verification method. The reason we need a separate API here (next to KYC Match) is primarily a commercial one, for just age verification we typically see a need for a much lower price point as compared to a full scale identy product, at a different positioning. The other API is the one we have been discussing so far, where the input is usually the phone number (and optionally additional personal data to see whether end users are contract owners), and where you provide the result as discussed above. For these cases, customers typically did not acquire the date of birth. |
Hi @ToshiWakayama-KDDI @GillesInnov35 @KevScarr , all, Regarding the aggregated score we have been discussing so far, I think we should be providing it slightly different than with KYC Match. What I would propose is to let the aggregated score by an estimate in how many cases the Age Verification is correct. For example, if the developer does not provide any additional data to see whether the contract owner is the end user, you simply return an estimate of for example 82%, in case you know from KYC match statistics that on average, in 82% of cases the end user and the contract owner is the same. And if the developer provides more data (like first name, last name etc), you adjust the estimate accordingly (tkaing into account also the scores that these individual attributes have). Since this is a different method than with KYC Match (you give an estimate how reliable the Age Verification is), it may be better to give this indicator a different name than "score". Perhaps "reliability_indicator" would be a beter word for it. |
@HuubAppelboom You may need to be careful using statistics built on KYC match success rates; when we first launched in UK we had a Bank that would do a KYC check using the current details on the account and the new details being printed onto the account. In this scenario we saw our match rate degrade quickly. At most, we'd be reporting a success 50% of the time :( as at least one lookup will always be wrong. |
@KevScarr Hi Kevin, it's not the idea that you provide match rates for any use cases, I don't think this a good idea. In stead, you use an as good as possible estimate what the percentage of users is where the contract owner is the end user, as an idication how reliable the age verification is. This percentage will climb ofcourse when the developer provides more details about the end user. This will only work when you have sufficient statistics on your base. When the target group is not your average base (for example students) it will not be very precise, and will deviate. But at least you have some indication how reliable the age verification is. And if you provide all the necessary detail (like first name and last name), it can still be very reliable. |
the Thanks @HuubAppelboom , @KevScarr , very interesting comments on how to see Age verification. My comments on:
The simplier way would be to use an unique string result not_available but in this case we do not distinguish the result of identity control with the age verification.
it is very close to kyc-match offer (used with only 1 attribute), isn't it ? coudl it be confusing ?
BR |
@KevScarr @GillesInnov35 In any case, we should somehow find a way to communicate towards developers that providing extra identification data to distinguish contract owners from end users results in a more reliable age verification. That is omething we should at least include in the documentation , otherwise you run the risk that an unspecting developer (who is not familiar with the issue contract-owner vs end user) may be submitting just a phone number, and expect that this always very reliable. The more personal data you provide, the more reliable the result will be. |
Hi @HuubAppelboom , @KevScarr , @GillesInnov35 , So, is it OK for us to continue the currently proposed Age Verification API proposal and to complete the initial version of it? This is my (KDDI's) preference, and, if the supbroject/any of you need another version or feature, let's discuss it separately. Just to review the Gilles' summary, below is 'What might be the next steps':
I think it is better for us to close the issue #46, if you guys agree. Best regards, |
Hi @HuubAppelboom , @KevScarr , @GillesInnov35 , In addition, regarding extra identification data to distinguish contract owners from end users, I could agree to include something in the documentation. However, actually for KDDI, it seems a bit different from your situation, but our customrs want to just do age-verify without scoring feature, and we KDDI do not have any need of scoring. So, as we have proposed before, we would like to keep identification information input optional as well as keep implementation of scoring feature optional (same as KYC Match Scoring feature). Best regards, |
Hi @ToshiWakayama-KDDI @KevScarr @GillesInnov35 , As far as I am concerned, we can keep both the additional information optional, as well as the scoring and the scoring method used. We can always make local alignment how to do this in the various markets. |
hi, yes I agree with your proposal @ToshiWakayama-KDDI and HuubAppelboom. Aditional identification must be optional, I think that's what we proposed. otherwise if information of user's identity are part of the request body identityMatchScore should be returned I propose to update the draft design in PR #50 with API swagger corrections and updates. BR |
@GillesInnov35 @ToshiWakayama-KDDI @KevScarr One addition I would like to add, and that is that you can also add the Date of Birth to the list of identifiable information. |
Hi @GillesInnov35 , @HuubAppelboom , @KevScarr , Thanks, and sorry for the late response. May I reiterate my (KDDI's) proposal that MNO's/API provider's implementation of the identityMatchScore feature is kept optional, because, for some MNOs/API providers including KDDI, it may not be needed as their services, and it is better to have some flexibility for providing this API/service, e.g. at the beginning, they won't provide Age Verificaiton API/service without scoring feature, and then after some time, some months or some years, they will add scoring feature to their Age Verification API/service. I hope this proposal is acceptable. Assuming it is acceptable, for API specification, if information of user's identity is included in the request body but the scoring feature is not available with the MNO/API provider, there could be quick two options: Option 1: nothing will be returned, and response could be; Or Option 2: something showing unavailability of the scoring feature will be returned, and response could be: What do you think? Best regards, |
@ToshiWakayama-KDDI @KevScarr @GillesInnov35 Hi Toshi, all, Perhaps the best is to do the same as with KYC Match, where the Score returned is also optional, and if it is not calculated, it is not returned. At least we are then consistent within the API family ;-) Regards |
hi @ToshiWakayama-KDDI @HuubAppelboom , as IdentityMatchScore is an integer we should not be able to return a not-available. I'd also prefer not to return any match score if scoring is not available on MNO side. |
Thank you, @GillesInnov35 , @HuubAppelboom , @KevScarr , I think it has been incorporated into the proposed YAML, but I would like to write down what have been agreed as below, if my uderstanding is correct: Input/Output (R:required, O:optional)
ageVerified value (*1)
Opitional identityMatchScore (*2) Thank you. |
Captured from todays call; a proposal to split the response object to include:-
|
Thanks @KevScarr, also proposed to remove ageThreshold from the response body to be compliant with the other API. |
@GillesInnov35 Good shout.... I think ageVerified would be a better name to state if it was verified by the MNO and then use ageCheck to give the true/false/not_available. Do you have a view on what would be a better name to use? |
hi Kevin, I also like your proposition for ageVerified according to discussions we had and the meaning of this returned attribute. |
As discussed in last weeks meeting, there was a request to discuss how to calculate the identityMatchScore. Here is a proposal on how to do it. This is just one proposal, there may be other alternatives, very much depending on the quality of the data that is available or local market conditions The main issue that you'll need to think about is how to work with identifiers for which users may have multiple valid data points, and how to deal with that. For example, in the Netherlands we accept ID Cards, Passports, Driver Licenses (and a couple more) as proof of identity. These all have different document numbers. Also, one party may have a document number of a passport which has expired, and the other party may have the document number of the new document, which would result in a mismatch. The same issue may occur with email addresses, where users may have more than one address. WHen there is a mismatch, it does not mean that the end user and the contract owner are different persons. However, you can still use this information in calculating the identityMatchScore, and below is one proposal how to do it. For KPN, I would propose the following steps to calculate identiyMatchScore
So, for each possible combination of provided inputs, you decide what to do with it. Depending on local market conditions, you may choose a diferrent approach (for example when the ID Document number is always the same), or you decide that the email must always match before giving any result back etc. |
Hi @GillesInnov35 , @KevScarr , @HuubAppelboom , all, As we have had some updates, let me write down Request and Response attributes as below for common understanding. Request body
Response
Please let us know anything wrong. BR |
@ToshiWakayama-KDDI I would describe the PhoneNumber in the request body as "Only required in case a 2 legged flow has been agreed between API Provider and API Consumer." The not_available answer should also be returned in case birthdate provided with the optional extra identification info does not match (you can not provide a solid true / false answer in this case). IdentityMatchSCore should indeed be an integer, as with KYC Match. |
thanks @ToshiWakayama-KDDI , @HuubAppelboom. PhoneNumber as an optional parameter is also a requirement in others CAMARA APIs. Do you mean this rule (2-Legged mode) should be also specified for the others to be consistent ? |
For ageCheck response parameter
We should also specify that not_available should also be returned when the user phone number (from token) doesn't match with the contract owner number. |
@GillesInnov35 We don't agree with this approach, because of privacy and commercial reasons. The only thing that needs to be verified is the age of the user; by integrating Number Verification into the API for the authorization code flow, you provide a mechanism for API Consumers to check the phone number as well (and perhaps they have no business in knowing the phone number of the user). Also, this would force us to charge extra for the authorization code flow, or accept a revenue leak, which is another complicating factor. That is why we think combining API's is a very bad idea. When the user phone number is present in the body request with the authorization code flow, we should always return an error code. |
Please check and review the proposed guidelines related to API misuse in camaraproject/Commonalities#324 |
Hi @GillesInnov35 , @HuubAppelboom , @KevScarr , @rartych Sorry for the late response. As discussed at 2024/10/29 Meeting, I have discussed internally and for this API, Age is only the focused information, so it is OK to remove phoneNumber from request body and the phone number associated with a 3-legged Access Token is used for identity of the targeted contract. I understand this is what others want. |
So, I updated Summary; Italic parts have been modified: ===== Request body
Response ageCheck: true | false | not_available [Required] -true: if Contract Owner's age derived from the contract information is larger than (>=) ageThreshold verifiedStatus: true | false [Optional] -true: to indicate that the ageCheck response provided was checked against another form of official identification identityMatchScore: an integer score [Optional] -0-100 integer score: calculated by identification information provided by the request body ===== Hope we could conclude the API specifications base as above, except for how to calculate the aggregated score. Best regards, |
Thanks @ToshiWakayama-KDDI , I'd prefer to remove Required and to let BR |
Thanks @GillesInnov35 . I updated my previous comment. ( #81 (comment) ) Thanks. |
hi @HuubAppelboom, thanks a lot for your detailed and intereting proposition for match score calculation. Is it a experience feedback from what you've implemented ? For information as the idDocument is not used at Orange, we won't be concerned by most of the cases. But for the others it could work. BR |
@GillesInnov35 This is mostly based on the experience we have had so far with Match and other identity propositions, and several pocs that have been done with different customer groups. We do have the iDdocument, but the API Consumers that have it probably have the DoB as well form the ID Document, so probably you will not see it that much in requests. |
Hi @GillesInnov35 , @HuubAppelboom , @KevScarr , @rartych , I have another proposal to the current YAML, in addition to the proposals shared in PR #50. As we have decided to make phoneNumber 'not included in the request' for Age Verification API, I think we need to modify the Error handling part of the API Description, becuase current text is not applicable. (I think it is ok because Guidlielines is just a guideline.) The following is an idea for modification. ---Current--- Identifying a device from the access tokenThis specification defines the Handling of device information:Optional phoneNumber for 3-legged tokens:
Validation mechanism:
Error handling for unidentifiable devices:
Restrictions for tokens without an associated authenticated identifier:
---Proposed change--- Identifying a device from the access tokenThis specification defines the Handling of device information:Optional phoneNumber for 3-legged tokens:
|
The new recommended template for info.description is proposed in camaraproject/Commonalities#324. |
Hi @GillesInnov35 , @HuubAppelboom , @KevScarr , @rartych, all, I think there is one thing missing. We should set a certain range for ageThreshold value, and if an input value is out of the range, a 400 error will be returned for API customers' benefit, although technically ageThreshold can be any integer value. I have no firm idea, but for example: Any thoughts, any practise? Thanks, |
@ToshiWakayama-KDDI You raise a good point and Im wondering rather than a maximum whether there should be a minimum? (Im making the assumption that our privacy teams will set a value that we will not do checks against, ie >12) |
@KevScarr @ToshiWakayama-KDDI In Europe, there is a lower limit of 16 years, below which you need to acquire parental consent for processing personal data. For the details, see https://gdpr-info.eu/art-8-gdpr/ (and you check also loal regulation). In practice, at KPN all contract owners need to be 18+ (because of national legislation), so we can't do anyhting with threshold requests below 18. In case the developer asks for 16 or 17, we propose to return the (exsisting) error 422 with the message Service not supported for this phoneNumber. |
hi @HuubAppelboom, why not 'not_available' returned for ageCheck in this case ? WDYT |
@HuubAppelboom Completely aligned, for the UK launch I would fully expect the same 18+ rule to be in affect; happy to support the use of error:422 for this scenario. |
@GillesInnov35 I would only provide not available in case it is not available for this particular number (but for other numbers it is and can be supported). Very much in line with what we do with Match. For cases where you will never get an answer, use the 422 error. That may trigger people to stop sending the data to you as well, which is better. |
thanks @HuubAppelboom, it seems OK but I've to see with my Production team, 422 Service not supported is already use for eligibility of the concerned phoneNumber. |
Hi @GillesInnov35 , @HuubAppelboom , @KevScarr , Thanks for your comments. Well, I don't think we (Japan) have such restriction. OK, so, how about this kind of description? ageThreshold: interger 0-120 -if ageThreshold input is either below 0, over 120, not interger ->400 Invalid argument or 400 Out of range (Note: chatGPT advised me that 120 is widely used for the max age in this kind of system design. In addition, a 2016 study published in Nature says that 115 would be the maximum human lifecycle, and historically 122 was the highest age for a human who died in 1997 (a French woman) .) WDYT Regards, |
Hi @HuubAppelboom , @GillesInnov35 , @KevScarr , @claraserranosolsona , all, Thank you very much for today's discussion on ageThreshold value range. If I understand correctly, we have agreed that 'ageThreshold' input value must be an interger between 0 and 120, and if any value do not follow this rule, an error is returned. How to handle additional restriction / limitation due to specific rules / regulation is to be discussed further. I thought '400 Out of range' is better than '400 Invalid argument', but it seems '400 Out of range' does not fit 'not integer' error. So, the following is my modified proposal: ageThreshold: interger, 0-120 Hope this would be fine with you all. Thanks, |
@ToshiWakayama-KDDI @GillesInnov35 @KevScarr all, I discussed the legal limit for minors under the GDPR with our privacy officer, and we think we don't need to create an error code for this. The reason is that when the API Consumer is going to process personal data for people under 16, they need to acquire parental consent. If they obtained it, there is no problem, but if they did not, they are already breaking the law, and shouldn't be sending the data anyhow the API Provider. The best solution for the API Provider is to put in the contract with the API Consumer that they are responsible for acquiring parental consent in any case. If you want to play it safe, the API Provider could also generate an error in case a date of birth in present in the API Request is below 16 years of age, but the API Provider does not know whether the API Consumer has acquired parental consent. In any case, we can not put this in the specification, because teh API Consumer may have aquired it (and that would be blocking cases which are perfectly fine). We conclude that the best solution is to not include a lower age limit check in the specification, and leave the 16+ check entirely up to the API Consumer. |
Problem description
Expected action
It provides the API customer with the ability to: check if the owner/user of the line is older than a provided age, in order to provide API customer's age-restricted services, access to its age-restricted website etc.
The text was updated successfully, but these errors were encountered: