Re: [jose] JWP
Anders Rundgren <anders.rundgren.net@gmail.com> Thu, 28 July 2022 07:41 UTC
Return-Path: <anders.rundgren.net@gmail.com>
X-Original-To: jose@ietfa.amsl.com
Delivered-To: jose@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 666D4C13C212 for <jose@ietfa.amsl.com>; Thu, 28 Jul 2022 00:41:22 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.109
X-Spam-Level:
X-Spam-Status: No, score=-2.109 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, NICE_REPLY_A=-0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001] autolearn=unavailable autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id hpsFUUqWfE02 for <jose@ietfa.amsl.com>; Thu, 28 Jul 2022 00:41:17 -0700 (PDT)
Received: from mail-wm1-x332.google.com (mail-wm1-x332.google.com [IPv6:2a00:1450:4864:20::332]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 9FF5CC13C506 for <jose@ietf.org>; Thu, 28 Jul 2022 00:41:10 -0700 (PDT)
Received: by mail-wm1-x332.google.com with SMTP id v67-20020a1cac46000000b003a1888b9d36so2109399wme.0 for <jose@ietf.org>; Thu, 28 Jul 2022 00:41:10 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=message-id:date:mime-version:user-agent:subject:content-language:to :cc:references:from:in-reply-to:content-transfer-encoding; bh=XkZV5gy4Zo2e2ID1xQCSYGqEThi7ZXOZCsKluGATw/I=; b=hLoYVwzYkTRNKrxsjDPzc0R+vEWs2eyH+v7Ze8KW516ri5QNj9BJwwtBLA0J5Qznfu XeiXN5NVx+cIwGM6W3Em5Go8wKGPL5xFTLUQBfDlbiYhHMFCLiIzytpbAMzd7y9ohdaC tCvyV+Zdm7a5lERIWvg7iTAjaguipI17sk706QvqZEiaLZ7bb7sr3EKgNFNChXvRfNL1 WZp8xxxB9YFpDIlXOmiHsuStx+z5W3Bmqy17oxDp54+e9Oh9Le2IqkdGe0V7dG5BmjKe dVo/ZbxtUw9/BQtHJwCEAbcOmkYpuPCRqSAodtDV+/Ld04zlbriAmh59UVeg0F/k4oN6 RS+A==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:message-id:date:mime-version:user-agent:subject :content-language:to:cc:references:from:in-reply-to :content-transfer-encoding; bh=XkZV5gy4Zo2e2ID1xQCSYGqEThi7ZXOZCsKluGATw/I=; b=shwcO27/tqX5TWWsc/CsDStU4yNS9qlJKFeByssD0ZLb4848+/woipn9Dz01zSNG+2 unLRs40nLRqjUeVIRG1SZjZ1SJ4+66mTSW9rWUbL4y559LQJOjaO+0btWmK2hlQgQuni VgnZc/rH+OrGYeg8U+pFPtYNDfeWVRlOgM92aonBfB+keenjRe6ECZiHM8Cyee1voi1H IZojmzkaDG1kCVMGmb3g11xivihM49TlE61oQxpQx3i4vIJxBfBoEQDQXPblhKL27GcR puMJ3ZHteqvbMuiFJO5IMedN2yQLXlyjXTzw0eeN8C8Y8D1hLIgx0np2hWgPpqviDXjY R+pQ==
X-Gm-Message-State: AJIora9ELDUnjRAkshqmGBTU8RckedJCS3820mo6s7dpdv+JnXh6MS5J hiB/PitBtR9Hjj4lFhXz4GU=
X-Google-Smtp-Source: AGRyM1u6StThb7kv32QG/C1BtReIRJJdsfbJEFRa3S/KPHP9hTcMyMtJXsw9HAs8DxaL2cfUb2XdCQ==
X-Received: by 2002:a1c:7c07:0:b0:3a2:fef0:f999 with SMTP id x7-20020a1c7c07000000b003a2fef0f999mr5538426wmc.62.1658994069021; Thu, 28 Jul 2022 00:41:09 -0700 (PDT)
Received: from ?IPV6:2a01:e34:ec4e:5670:b0d5:55d1:2701:5d5a? ([2a01:e34:ec4e:5670:b0d5:55d1:2701:5d5a]) by smtp.googlemail.com with ESMTPSA id v11-20020a5d43cb000000b0021ec76a0c36sm113825wrr.106.2022.07.28.00.41.08 (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Thu, 28 Jul 2022 00:41:08 -0700 (PDT)
Message-ID: <6ee48f9b-5526-3f70-032b-b4e9ca42628c@gmail.com>
Date: Thu, 28 Jul 2022 09:41:06 +0200
MIME-Version: 1.0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Thunderbird/91.11.0
Content-Language: en-US
To: Torsten Lodderstedt <torsten=40lodderstedt.net@dmarc.ietf.org>, Neil Madden <neil.madden@forgerock.com>
Cc: Tobias Looker <tplooker@gmail.com>, jose@ietf.org
References: <CAGum7cFFUg2qzom1Vu8wsNJapeOkWFoqe_aD4FyGcxr6nwcCgQ@mail.gmail.com> <A6F210BB-1F6F-4235-A213-2E274561D5F6@forgerock.com> <124E4FB5-F8E2-4C3B-8413-12CDE31D5621@lodderstedt.net>
From: Anders Rundgren <anders.rundgren.net@gmail.com>
In-Reply-To: <124E4FB5-F8E2-4C3B-8413-12CDE31D5621@lodderstedt.net>
Content-Type: text/plain; charset="UTF-8"; format="flowed"
Content-Transfer-Encoding: 8bit
Archived-At: <https://mailarchive.ietf.org/arch/msg/jose/VUWQk1vPosfEffdwAwnjWQQ_FRs>
Subject: Re: [jose] JWP
X-BeenThere: jose@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: Javascript Object Signing and Encryption <jose.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/jose>, <mailto:jose-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/jose/>
List-Post: <mailto:jose@ietf.org>
List-Help: <mailto:jose-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/jose>, <mailto:jose-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 28 Jul 2022 07:41:22 -0000
On 2022-07-28 9:30, Torsten Lodderstedt wrote: > > >> Am 28.07.2022 um 08:57 schrieb Neil Madden <neil.madden@forgerock.com <mailto:neil.madden@forgerock.com>>: >> >> { >> “iss”: “gov.uk <http://gov.uk/>”, >> “over_18”: true >> } >> >> If this is signed using a deterministic signature algorithm (eg EdDSA) then the token will be identical for everyone that is over 18 and so naturally unlinkable. > > Such a credential needs to be bound to the legit holder, which is typically achieved by adding a public key (reference) to it (which is missing in your example). The holder must then create a presentation signed with the corresponding private key to proof possession and with that legitimate holdership. That key results in likability. Indeed. A challenge-response solution may be a more logical way dealing with this kind of application. That is, - the RP create a challenge and sends it to the Holder - the Holder authenticates to Issuer and includes the challenge - the Issuer returns an assertion including the challenge - the Holder shows the assertion to the RP Some 10Y+ back MSFT launched the UPROV system. I know very little about it but it would be interesting to know the pros and cons of that compared to JWP. Cheers, Anders > > > > > _______________________________________________ > jose mailing list > jose@ietf.org > https://www.ietf.org/mailman/listinfo/jose
- [jose] JWP Richard Barnes
- Re: [jose] JWP Tobias Looker
- Re: [jose] JWP Neil Madden
- Re: [jose] JWP Tobias Looker
- [jose] Fwd: JWP Orie Steele
- Re: [jose] JWP Mike Prorock
- Re: [jose] JWP David Waite
- Re: [jose] JWP Jeremie Miller
- Re: [jose] JWP Neil Madden
- Re: [jose] JWP Torsten Lodderstedt
- Re: [jose] JWP Anders Rundgren
- Re: [jose] JWP Neil Madden
- Re: [jose] JWP Tobias Looker
- Re: [jose] JWP Zundel, Brent
- Re: [jose] JWP Jeremie Miller
- Re: [jose] JWP Neil Madden
- Re: [jose] JWP Jeremie Miller
- Re: [jose] JWP Neil Madden
- Re: [jose] JWP Mike Jones
- Re: [jose] JWP Zundel, Brent
- Re: [jose] JWP Richard Barnes
- Re: [jose] [EXTERNAL] Re: JWP Christian Paquin