The following guide offers a high-level overview of how an ID.me integration for attribute matching functions.
a. ID.me provides a public key for the encryption of the JSON Web Encryption (JWE) token
b. Customer provides ID.me with the certificate used for signing which enables ID.me to validate the signature
The ID.me policy will be configured to:
ID.me must receive a JWE in the request URL parameter within the initial ./oauth/authorize call”
If the JWE is invalid (e.g. missing, encryption, signature, payload), the user will be returned to the customer and presented with an error message
ID.me will compare the attributes in the JWE with the user properties and store the matching results
The user will be asked to consent to providing the customer with their:
Customers send matching attributes as a JWE object in the initial OAuth request.
Attribute keys in the payload are configured during integration setup. The payload contains the attribute keys and values (in JSON) that will be used for matching.
The JWE will be created by:
When decrypted, the JWE will contain a JWS with a valid signature that can be verified by the public certificate provided by the customer.
The above contains the following JSON payload:
Decoding the JWE/JWS using code or another tool will show the parameters used in this example.
ID.me uses two well-established algorithms which are used by software systems to compare two strings for matching purposes.
The Jaro-Winkler distance algorithm to compare text values, such as names, and determine whether they are likely a match.
Match scores can be configured per policy and attribute, so if you want to set a threshold higher or lower than the standard configuration, that can be supported
The NYSIIS algorithm (New York State Identification and Intelligence System) to match names that sound alike but may be spelled differently.