[OAUTH-WG] Re: Alternative text for sd-jwt privacy considerations.
Watson Ladd <watsonbladd@gmail.com> Fri, 27 December 2024 16:03 UTC
Return-Path: <watsonbladd@gmail.com>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C8065C14F5F4 for <oauth@ietfa.amsl.com>; Fri, 27 Dec 2024 08:03:22 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.107
X-Spam-Level:
X-Spam-Status: No, score=-2.107 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id NXqAeNch_-qU for <oauth@ietfa.amsl.com>; Fri, 27 Dec 2024 08:03:22 -0800 (PST)
Received: from mail-wr1-x436.google.com (mail-wr1-x436.google.com [IPv6:2a00:1450:4864:20::436]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature ECDSA (P-256) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 3FEA8C14F5E9 for <oauth@ietf.org>; Fri, 27 Dec 2024 08:03:22 -0800 (PST)
Received: by mail-wr1-x436.google.com with SMTP id ffacd0b85a97d-38633b5dbcfso7082465f8f.2 for <oauth@ietf.org>; Fri, 27 Dec 2024 08:03:22 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1735315400; x=1735920200; darn=ietf.org; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:from:to:cc:subject:date:message-id:reply-to; bh=fGm/cX6MV1Ok4fcoW2c+QbeMmAqfQYOcYlT3XBNocew=; b=KDlET0kA0Cu5hBiDJ2k+3coOhIBpD0ZeGRBnULGeqz6Em01ov1tkCsxSj5s/orU0nr 4OkK2giaN7ogO/ee43jJKBI1KZFk311P/enukExxLBwpT35+duVSv9m4ooyvvWu3RdWY +kkanXTEocxLam+BZrlxbQE7tKf0+txwuBIK9O5SDZauqidpOHT9o0INQLFw9FLe+4vV vAGQlvFsHOlF/ZnCQN/LOz0yTi+n9Ly+H0SvAbkqJx1YXDZiYI5evvL+XfiTNk9ldbD6 F2a4+goPZZAxNxvEax74yIQL9ueIVd8ntcKoMGkokiUBBwM6MMY7w5FGkwoLzZFa24du uPUw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1735315400; x=1735920200; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=fGm/cX6MV1Ok4fcoW2c+QbeMmAqfQYOcYlT3XBNocew=; b=s9SFEvl3nmfJmBoEAd0RtqO2ylZ/dxQkM/bn8lJfc16GOA5zC13XiX7aC+VVJMIXwZ Oq4UDbwcif1EeoXxn5I/FWcaOzMfa9NrhwK5BjvycnQUZ3IMM/Tbi7TTlj25FlUuBKti k4tZfvAnoqmVU2bbaz3CSg7W9nkzgrKcTVhPVVDwwFzZHWmoIyq+gVbxxYHokWYLQc9j Fc8uOh9DBb2qtrK6CPvojWFLwEJAc7I5aZDkvsUPqnxZzseGxOYJvKHi23ffICKXAkqn LWtNV1C/dVabJtUyKtnx3H/BkKhZywRl1i0LrvhlIveBFD4QLfkrvEMzb+auQgqDNtiI MtTg==
X-Forwarded-Encrypted: i=1; AJvYcCXq7LYDuXHjBc4N/T/8+cVbwQnnQNdYyt4q3ZeMTAFZ9UK/bPUwXfm16VaiXhQHq2hslz5nJQ==@ietf.org
X-Gm-Message-State: AOJu0YyUBdbNL25qqpExJEnZweObaYxsOJSMrePdAbZ3wdTpKnCKz1Da OS+Gg5EptjySidDajuHC0bRkKOSadlQQyCbpHXVVHuLeEWg1B9Mxb3GynZ7HV2b1G07sU9SsRoG a4GZM4lgrxJp6xkmkdkeg7Fs4fWU=
X-Gm-Gg: ASbGncv6zVOFoScllbwLYHxId76XX1rvcLomJEryqkxNi7EyfESigo51Pig719gizsc 73JKT/KbThnNEx7pKPsm+OOwRpLcvlHF957jdqPZu/ogL88D2qldjnBGtkys0ZRjGWr3DVw==
X-Google-Smtp-Source: AGHT+IFYFtcQVcJVnUv00FvAMvEWeKOQHjBjO7HrNPFK+MTRIZJn/6sg00L5sKiZQRX8KESSuJVTnzT5i3zv4LErSKA=
X-Received: by 2002:a5d:6481:0:b0:385:e2d5:cdf2 with SMTP id ffacd0b85a97d-38a221eaba2mr22105947f8f.19.1735315398512; Fri, 27 Dec 2024 08:03:18 -0800 (PST)
MIME-Version: 1.0
References: <CACsn0cnEJKamSSJH4-pKg1xNZ3X+__B4UwZ3P5enxP5tQ4AqzA@mail.gmail.com> <CAK2Cwb5cf9uHJBNZp2rZ+BQcUNPpC7-GfPPhu4ben1N6ZyEa9w@mail.gmail.com> <005A4346-84CE-47CD-BCCC-9EE236F569F1@alkaline-solutions.com>
In-Reply-To: <005A4346-84CE-47CD-BCCC-9EE236F569F1@alkaline-solutions.com>
From: Watson Ladd <watsonbladd@gmail.com>
Date: Fri, 27 Dec 2024 11:03:07 -0500
Message-ID: <CACsn0cmSRd4kxcEiSAW+gzVPatFy=NnkHoxEMuq2sy3kZC7yVA@mail.gmail.com>
To: David Waite <david@alkaline-solutions.com>
Content-Type: multipart/alternative; boundary="000000000000e6d971062a4299e6"
Message-ID-Hash: KVJEI3ESVYYRD3NUF3RXXXC335MQOAIH
X-Message-ID-Hash: KVJEI3ESVYYRD3NUF3RXXXC335MQOAIH
X-MailFrom: watsonbladd@gmail.com
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-oauth.ietf.org-0; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
CC: peace@acm.org, IETF oauth WG <oauth@ietf.org>
X-Mailman-Version: 3.3.9rc6
Precedence: list
Subject: [OAUTH-WG] Re: Alternative text for sd-jwt privacy considerations.
List-Id: OAUTH WG <oauth.ietf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/oauth/Gn_T9m5mRu1FzVuDBxi3ZQCxo_w>
List-Archive: <https://mailarchive.ietf.org/arch/browse/oauth>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Owner: <mailto:oauth-owner@ietf.org>
List-Post: <mailto:oauth@ietf.org>
List-Subscribe: <mailto:oauth-join@ietf.org>
List-Unsubscribe: <mailto:oauth-leave@ietf.org>
On Thu, Dec 26, 2024 at 7:14 PM David Waite <david@alkaline-solutions.com> wrote: > > > > > On Dec 26, 2024, at 10:38 AM, Tom Jones <thomasclinganjones@gmail.com> wrote: > > > > This problem was clearly demonstrated by the California mDL hackathon where the default presentation was ALL DATA. That is the easiest path, so it remains the one most taken. We have known since standards were first introduced that they immediately create a drive to the bottom. This will be the fate of this standard as well. The most permissive interpretation will be the most common. The user's desires will not be met. > > > > The consequence of splitting out the policy for controlling data release from the issuing authority is that the complexity that was the business logic for handling requests, determining if they are appropriate for the use case, prompting the user for consent, etc. is now all complexity pushed into the (likely third party) user agent. > > Architectures like PRIVACYPASS create individual solutions to release a particular type of information in the most privacy-preserving manner they are capable of. This sort of business logic is baked into the protocol, and the scope of implementation is thus boxed to solve that particular problem. The user agent can only work per the spec if it intends to work properly, and following the specification (hopefully) leads to a complete implementation. > > The majority of verifiable credentials systems proposed have no such bounds - which is one reason you are likely to see credentials often scoped to be issued only to specific, qualified wallets in production. Those specific user agents will enforce the required security and privacy requirements the issuer has for their credential. It's not the issuer's credential: it's about where the *user* wants their information to be sent. > That is both their own policy logic to be enforced (such as a credential being bound to hardware), as well as their own requirements for appropriate user behavior (such as mandatory authentication and mandatory disclosure before the credential is released). That could include verifier authentication and having the holder agent confirm the verifier is authorized by the issuer to make the sort of request they are making - before a user consent prompt ever enters the picture. This is not going to work. You don't need permission from the DMV to look at someone's license. Any sort of commerce related application (looking at you EU digital wallet) is going to have so many entities involved it won't really enforce anything consistently. Furthermore, what is enforced may be less protective than users would want. > > You could say that the captcha usage of privacy pass and AAMVA mDL usage are the same in that they develop trust frameworks that define the network of acceptable participants. I suspect however that the requirements for the latter contain significantly more requirements and potentially new technical works. > > A mDL hackathon has likely not set such policy or mandated that mDL and readers abide by it. They may not even have wanted to limit participants to having support for specifying complex queries (especially with the OpenID4VP query language changes which occurred recently). I’m not surprised a hackathon defaulted to a wide-open attribute policy. > > -DW Sincerely, Watson Ladd -- Astra mortemque praestare gradatim
- [OAUTH-WG] Alternative text for sd-jwt privacy co… Watson Ladd
- [OAUTH-WG] Re: Alternative text for sd-jwt privac… Tom Jones
- [OAUTH-WG] Re: Alternative text for sd-jwt privac… Wayne Chang
- [OAUTH-WG] Re: Alternative text for sd-jwt privac… Tom Jones
- [OAUTH-WG] Re: Alternative text for sd-jwt privac… Wayne Chang
- [OAUTH-WG] Re: Alternative text for sd-jwt privac… Tom Jones
- [OAUTH-WG] Re: Alternative text for sd-jwt privac… Wayne Chang
- [OAUTH-WG] Re: Alternative text for sd-jwt privac… Pierce Gorman
- [OAUTH-WG] Re: Alternative text for sd-jwt privac… Tom Jones
- [OAUTH-WG] Re: Alternative text for sd-jwt privac… Tom Jones
- [OAUTH-WG] Re: Alternative text for sd-jwt privac… David Waite
- [OAUTH-WG] Re: Alternative text for sd-jwt privac… Tom Jones
- [OAUTH-WG] Re: Alternative text for sd-jwt privac… Brian Campbell
- [OAUTH-WG] Re: [External Sender] Re: Alternative … George Fletcher
- [OAUTH-WG] Re: [External Sender] Re: Alternative … Watson Ladd
- [OAUTH-WG] Re: Alternative text for sd-jwt privac… Watson Ladd