During the issuance of a PID, the user must authenticate using national eID schemes. In our case, we have multiple Identity Providers and the users must select which Identity Provider they want to use. In the Issuance Protocol, this choice is made when the User Agent redirects the users to the Issuer. Some UX optimization could be achieved, allowing Users to select the IdP in the Wallet Instance. In this case, the information regarding the IdP should be given to the Issuer.
An option could be adding an optional parameter (idphinting) to the Authorization Request as follows:
GET /authorize?client_id=<...>&request_uri=<...>&idphinting=<...>HTTP/1.1
Host: pid-provider.example.org
During the issuance of a PID, the user must authenticate using national eID schemes. In our case, we have multiple Identity Providers and the users must select which Identity Provider they want to use. In the Issuance Protocol, this choice is made when the User Agent redirects the users to the Issuer. Some UX optimization could be achieved, allowing Users to select the IdP in the Wallet Instance. In this case, the information regarding the IdP should be given to the Issuer.
An option could be adding an optional parameter (
idphinting) to the Authorization Request as follows:Ref: AARC-G049 - A specification for IdP hinting. (https://aarc-project.eu/wp-content/uploads/2019/04/AARC-G049-A_specification_for_IdP_hinting-v6.pdf)