[OJFord]

I'm not sure if I don't understand your comment, or you're misunderstanding 'zero trust':

> implemented by establishing identity verification, validating device compliance prior to granting access, and ensuring least privilege access to only explicitly-authorized resources.

https://en.wikipedia.org/wiki/Zero_trust_architecture

[Almondsetat]

I was thinking about zero trust in the context of simply confirming if a user is 18+, where the identity provider only returns a true or false withour exposing more info. For a dating app you'd want the identity provider to confirm a whole lot more, which might not even be present in the ID