I think this should work like OpenID connect but with just a true/false. PS = pr0n site AV ...

almosthere • yesterday at 6:26 PM • 1 reply • view on HN

I think this should work like OpenID connect but with just a true/false.

PS = pr0n site

AV = age verification site (conforming to age-1 spec and certified)

  PS: Send user to AV with generated token
  AV: Browser arrives with POST data from PS with generated token
  AV: AV specific flow to verify age - may capturing images/token in a database. May be instant or take days

  AV: Confirms age, provides link back to original PS
  PS: Requests AV/status response payload:

  {
    "age": 21,
    "status": "final"
  }

No other details need to be disclosed to PS.

I don't know if this is already the flow, but I suspect AV is sending name, address, etc... All stuff that isn't needed if AV is a certified vendor.

Replies

EmbarrassedHelp • yesterday at 6:52 PM

That solution still violates user privacy.

A better solution would be a simple "minor" flag that is only included on the devices of minors. No third party verification required for adults.

➕ show 1 reply

alt Hacker News

Replies