Re: [OAUTH-WG] Call for adoption - SD-JWT
Warren Parad <wparad@rhosys.ch> Tue, 02 August 2022 09:06 UTC
Return-Path: <wparad@rhosys.ch>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 19404C15C529 for <oauth@ietfa.amsl.com>; Tue, 2 Aug 2022 02:06:56 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.005
X-Spam-Level:
X-Spam-Status: No, score=-2.005 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, HTTPS_HTTP_MISMATCH=0.1, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=rhosys.ch
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 3AZc9ck7znNz for <oauth@ietfa.amsl.com>; Tue, 2 Aug 2022 02:06:52 -0700 (PDT)
Received: from mail-yw1-x112d.google.com (mail-yw1-x112d.google.com [IPv6:2607:f8b0:4864:20::112d]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 0FFA2C14CF09 for <oauth@ietf.org>; Tue, 2 Aug 2022 02:06:52 -0700 (PDT)
Received: by mail-yw1-x112d.google.com with SMTP id 00721157ae682-31f443e276fso134158017b3.1 for <oauth@ietf.org>; Tue, 02 Aug 2022 02:06:52 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=rhosys.ch; s=google; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:from:to:cc; bh=sJzrJH40pGbf44geV6vcMBOabo9Ebb8wV67bbJ1TttM=; b=FYhA8Q6b4y4Saz0EXewQEKBVbKJTLXrP++MxQvdFDtTW0pq/3P7v6tt707LqdgmVOS lW4bMfF0CNpiYvI9pUd0aBu0ClGJqM96gHvAiqMUxu8O/tbsYGEwYEdYaJv2i2boXynS EiW3S2i6j49Re8z6GSpkRdYPNZxxZR4W0oMraGl+gHp3IVjUGRtSXx3Wt/Ik3mGcUolu L18G0kFPaLGOEhYJY7N8uZoNZOWMjaIAzCJ83WjcuPBaB+NaY8d9F6YjPBsWv4Be3VEF PXByiA+NuJfbfEM4uIoWj1oQvXq8uVI69w2b6ZcEdy+rXsx7ZPR+aKyu2PgmcjYByWTm CPFA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:x-gm-message-state:from:to:cc; bh=sJzrJH40pGbf44geV6vcMBOabo9Ebb8wV67bbJ1TttM=; b=LGGMSD1NVDAy+PK1o5/i5m+rSxAQNdKtSd077p3dq0FY8mNxjF22SEvG2GYt3gCe8G 1I28TmcENxvDZTqHtObIUPX+62ftf/Jbq9EX0JAiTVgahqYVk1Q1HgHkj9HZ87b1DVIN qGI9VQ1PqQjDMGMejf7azysX2bvRu+BsYTlqHE4zBG6VhkdlmHfx+n4w8WHPoavma0Vi aONVkWY9B9nz0MfAEqa2bkcKFx0B/DpLOccwz8SjQdoqQP48BrVcvwSsWhDJnHqFIjIu DwGxgOLkfRlBHKPLo7C59g2ETZFfGL5VCJihUacR0fnfIT84K881CHKsQXepsIQfUFrW vmtQ==
X-Gm-Message-State: ACgBeo1u0d4Sgw5MaNVrXbPwgd2K2EqOa+z4WJMm0k+aIr0LUrbB0xX/ lF/98mwtw4UEqe1KUZRw9Vjt5PxtRSFSqPd3Odhq
X-Google-Smtp-Source: AA6agR7MdLhN7RD4vnxs8AuvKo6VuzEs8XMMh7M2aar1YDzG0IzSCZG1/0pIBn44hlT57l8zTxVk153WHJk58x65BB8=
X-Received: by 2002:a81:63c6:0:b0:324:928:c672 with SMTP id x189-20020a8163c6000000b003240928c672mr16144607ywb.329.1659431211225; Tue, 02 Aug 2022 02:06:51 -0700 (PDT)
MIME-Version: 1.0
References: <CAJot-L3jUMBteKK-PfMqJK95wCCvS0e5q2BWhK7acn16sHmA8g@mail.gmail.com> <C938FD28-CDDB-4E5A-BB68-363D312A0025@lodderstedt.net>
In-Reply-To: <C938FD28-CDDB-4E5A-BB68-363D312A0025@lodderstedt.net>
From: Warren Parad <wparad@rhosys.ch>
Date: Tue, 02 Aug 2022 11:06:40 +0200
Message-ID: <CAJot-L16wwDeqcvZVxNy0Jzu+D7DCP5-75DZcSVFfYJB+x6QMw@mail.gmail.com>
To: Torsten Lodderstedt <torsten=40lodderstedt.net@dmarc.ietf.org>
Cc: Torsten Lodderstedt <torsten@lodderstedt.net>, Kristina Yasuda <kristina.yasuda@microsoft.com>, oauth <oauth@ietf.org>
Content-Type: multipart/alternative; boundary="000000000000dfec2805e53e6ff9"
Archived-At: <https://mailarchive.ietf.org/arch/msg/oauth/u1kvWoAbm8cseU9wreTGF3FOIH4>
Subject: Re: [OAUTH-WG] Call for adoption - SD-JWT
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/oauth/>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 02 Aug 2022 09:06:56 -0000
I was following your train of thought, let me paste that here for transparency, you specifically said: > In an OAuth scenario, the user‘s wallet would act as AS and issue access > tokens (those could be short lived) that effectively are verifiable > presentations (based on a verifiable credential) audience restricted for a > certain RS. The client wouldn’t even know it’s a verifiable presentation > since the access token is opaque to the client. Which I replied: > If the user's wallet acts as the AS issuing tokens, then there is zero > need for this draft because we could pass the *scopes* that relate to the > claims directly to the AS, and have the AS return a limited JWT, and we > would actually do that every time because: > > 1. we can > 2. because the tokens have short lifetime > > So that isn't a valid argument, unless there's a reason why the AS > wouldn't be able to do this. In this conversation, I'm still not able to parse what you are saying. Yes, of course the user having a physical device (as the AS) to issue tokens is privacy enhancing, but then we don't need this draft as I just proved. Or are you talking about a different point? On Tue, Aug 2, 2022 at 10:54 AM Torsten Lodderstedt <torsten= 40lodderstedt.net@dmarc.ietf.org> wrote: > > > Am 02.08.2022 um 10:48 schrieb Warren Parad <wparad= > 40rhosys.ch@dmarc.ietf.org>: > > > Can you please reread what you wrote and rephrase it differently? Telling > us to look at the OAuth JWT RFC isn't helpful here. > > > You say the AS can issue an access token every time and I say the wallet > can issue access tokens on its own without the need to go back to the AS > every time again. That’s privacy enhancing and helps scalability. > > Also it isn't clear which part of your statement you are trying to > clarify. What does "original AS" mean? Are you suggesting a "multi AS" > configuration? What does that look like? > > On Tue, Aug 2, 2022 at 10:44 AM Torsten Lodderstedt <torsten= > 40lodderstedt.net@dmarc.ietf.org> wrote: > >> >> >> Am 02.08.2022 um 10:35 schrieb Warren Parad <wparad= >> 40rhosys.ch@dmarc.ietf.org>: >> >> >> Why would we not include those seemingly critical details in the draft >> then? >> >> 1. Let's define what a *verifiable presentation *is (is that already >> defined somewhere? I didn't see it in the draft) >> 2. Require the JWTs to be signed with a private key from a >> certificate chain, and include the whole certificate chain in the body. (I >> don't think there is already a RFC for this, but I could be wrong) >> >> Let's also talk about this comment: >> >>> In an OAuth scenario, the user‘s wallet would act as AS and issue access >>> tokens (those could be short lived) that effectively are verifiable >>> presentations (based on a verifiable credential) audience restricted for a >>> certain RS. The client wouldn’t even know it’s a verifiable presentation >>> since the access token is opaque to the client. >> >> >> If the user's wallet acts as the AS issuing tokens, then there is zero >> need for this draft because we could pass the *scopes* that relate to >> the claims directly to the AS, and have the AS return a limited JWT, and we >> would actually do that every time because: >> >> 1. we can >> 2. because the tokens have short lifetime >> >> So that isn't a valid argument, unless there's a reason why the AS >> wouldn't be able to do this. >> >> >> Well, how many access tokens have you seen in the wild that only contain >> an access token? I haven’t, any of the carriers some for of user claims, >> e.g. a sub, in most cases some privileges/roles. Please take a look at >> https://www.rfc-editor.org/rfc/rfc9068.html for best current practice. >> >> Using a VC in the way I described means the original AS doesn’t need to >> be involved in the >> >> >> On Tue, Aug 2, 2022 at 10:14 AM Torsten Lodderstedt <torsten= >> 40lodderstedt.net@dmarc.ietf.org> wrote: >> >>> >>> >>> Am 02.08.2022 um 09:53 schrieb Warren Parad <wparad= >>> 40rhosys.ch@dmarc.ietf.org>: >>> >>> >>> If we are in a offline scenario how does the verifier got ahold of the >>> public key associated with the id token? >>> >>> >>> Why id token? I would assume we are talking about verifiable >>> presentations, right? >>> >>> There are a couple of ways to provide the verifier with the public key >>> needed to verify. The (raw) key could be contained in the credential or the >>> presentation. If a trust chain is required, a x.509 certificate could serve >>> the same purpose. >>> >>> Beside that offline has different facets. In a Point of Sales scenario, >>> even though the wallet would be offline the checkout counter would most >>> likely have connectivity. That would also allow to resolve the public key >>> on demand. >>> >>> >>> They would need to be online, that defeats any benefit this could >>> provide. >>> >>> Or what if the token you have expires. Many providers issue tokens only >>> good for 1 hour. If that expires, the user has to go through the online >>> flow again. >>> >>> Unless we can add some provisions to ensure long lived token validity, I >>> think in practice we're cripling the usefulness. >>> >>> >>> Absolutely. That’s the reason a verifiable credential has a much longer >>> lifetime simply because the user should be able to use it in a sensible >>> way. As this makes replay more likely, all verifiable credentials formats >>> utilize holder binding for reply detection. The public key mentioned above >>> is part of the cryptographic holder binding that only the legitimate user >>> is able to execute. >>> >>> In an OAuth scenario, the user‘s wallet would act as AS and issue access >>> tokens (those could be short lived) that effectively are verifiable >>> presentations (based on a verifiable credential) audience restricted for a >>> certain RS. The client wouldn’t even know it’s a verifiable presentation >>> since the access token is opaque to the client. >>> >>> >>> >>> On Tue, Aug 2, 2022, 04:21 Kristina Yasuda <Kristina.Yasuda= >>> 40microsoft.com@dmarc.ietf.org> wrote: >>> >>>> I support adoption. >>>> >>>> >>>> >>>> To add some color. >>>> >>>> >>>> >>>> One of the use-cases is a flow where issuance of a user credential >>>> (collection of user claims) is decoupled from presentation (where both >>>> issuance and presentation of a user credential are done using extensions of >>>> OAuth flows). The goal of this decoupling is to avoid “issuer call home”, >>>> where the user can send a user credential directly to the RP, without RP >>>> needing to contact the Issuer directly. So the motivations are not limited >>>> to offline scenarios, but are applicable to the scenarios that want to >>>> recreate in the online environment, the user experience of presenting >>>> credentials in-person. >>>> >>>> >>>> >>>> Driver’s Licence just happens to be an example familiar to many, and >>>> there is no reason it cannot be a diploma, or an employee card, or a >>>> training certificate, etc. But it is worth highlighting that SD-JWT work >>>> becomes critical if we are to enable ISO-compliant mobile Driver Licences >>>> expressed in JSON to enable online scenarios and make life of the Web >>>> developers easier (as opposed processing data encoded as CBOR and signed as >>>> a COSE message). Selective disclosure is a requirement in many government >>>> issued credentials, while the usage of advanced cryptography is not always >>>> encouraged by the national cybersecurity agencies. >>>> >>>> >>>> >>>> >>>> >>>> Regarding an approach where issuer issues multiple JWTs of a same type >>>> but with different subset of claims, it is not an ideal way to do selective >>>> disclosure with JWTs (type as a way to differentiate credential with one >>>> data structure/syntax from another). It complicates implementations that >>>> try to provide RP-U unlinkability (RPs cannot collude to track the user). >>>> The simplest way to achieve unlinkability with JWTs without using advanced >>>> cryptography is to issue multiple credentials of the same type but with >>>> varying use identifiers and enable pairwise identifiers per RP. Now there >>>> are multiple copies of each JWT with subset of claims of the same type. >>>> This greatly complicates presentation of these credentials too – since >>>> credentials are of the same type, now wallet needs to manage the >>>> combination of a subset of claims + pairwise identifier… >>>> >>>> >>>> >>>> What if the implementation also wants predicates property, where >>>> age_over_XX boolean is sent instead of a birthdate string? The simplest way >>>> to do predicates with JWTs without using advanced cryptography is to have >>>> issuers to issue multiple age_over_xx booleans so that an appropriate one >>>> can be selectively disclosed to the RP. How many “JWTs with subset of >>>> claims” does the issuer needs to issue to account for all possible age >>>> requirements? Note that it’s not just age_over_21 to start gambling, it’s >>>> also age_over_65 to get pension benefits. >>>> >>>> >>>> >>>> Managing the combinatorial explosion of sets of claims in speculatively >>>> issued JWTs, many of which will never be used, seems unwieldy, to say the >>>> least. "A conventional JWT with a subset of claims" approach could be taken >>>> in some implementations, but it should not prevent a simpler, extensible >>>> alternative of SD-JWT. >>>> >>>> >>>> >>>> >>>> >>>> Finally, as Giuseppe pointed out, an option to blind claim names is on >>>> the table. As discussed on this list previously, we should analyze privacy >>>> properties of the mechanism and decide if we want to mandate it – which can >>>> be discussed after the adoption. >>>> >>>> >>>> >>>> Best, >>>> >>>> Kristina >>>> >>>> >>>> >>>> >>>> >>>> *From:* OAuth <oauth-bounces@ietf.org> *On Behalf Of * Rifaat >>>> Shekh-Yusef >>>> *Sent:* Thursday, July 28, 2022 8:17 PM >>>> *To:* oauth <oauth@ietf.org> >>>> *Subject:* [OAUTH-WG] Call for adoption - SD-JWT >>>> >>>> >>>> >>>> All, >>>> >>>> >>>> >>>> This is a call for adoption for the *SD-JWT* document >>>> >>>> >>>> https://datatracker.ietf.org/doc/draft-fett-oauth-selective-disclosure-jwt/ >>>> <https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fdatatracker.ietf.org%2Fdoc%2Fdraft-fett-oauth-selective-disclosure-jwt%2F&data=05%7C01%7CKristina.Yasuda%40microsoft.com%7Ca2d72420ea2c40f2d7c908da70f7b388%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637946506426392735%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=d1EoHuRcBi40%2B1h1p5yZ28O7l8oq%2FibDewlJObT1Gwc%3D&reserved=0> >>>> >>>> >>>> >>>> Please, provide your feedback on the mailing list by *August 12th*. >>>> >>>> >>>> >>>> Regards, >>>> >>>> Rifaat & Hannes >>>> >>>> >>>> _______________________________________________ >>>> OAuth mailing list >>>> OAuth@ietf.org >>>> https://www.ietf.org/mailman/listinfo/oauth >>>> >>> _______________________________________________ >>> OAuth mailing list >>> OAuth@ietf.org >>> https://www.ietf.org/mailman/listinfo/oauth >>> >>> _______________________________________________ > OAuth mailing list > OAuth@ietf.org > https://www.ietf.org/mailman/listinfo/oauth > >
- [OAUTH-WG] Call for adoption - SD-JWT Rifaat Shekh-Yusef
- Re: [OAUTH-WG] Call for adoption - SD-JWT Dick Hardt
- Re: [OAUTH-WG] Call for adoption - SD-JWT Brian Campbell
- Re: [OAUTH-WG] Call for adoption - SD-JWT Jaimandeep Singh
- Re: [OAUTH-WG] Call for adoption - SD-JWT Warren Parad
- Re: [OAUTH-WG] Call for adoption - SD-JWT Torsten Lodderstedt
- Re: [OAUTH-WG] Call for adoption - SD-JWT Daniel Fett
- Re: [OAUTH-WG] Call for adoption - SD-JWT Steinar Noem
- Re: [OAUTH-WG] Call for adoption - SD-JWT Leif Johansson
- Re: [OAUTH-WG] Call for adoption - SD-JWT Jaromir Talir
- Re: [OAUTH-WG] Call for adoption - SD-JWT David Waite
- Re: [OAUTH-WG] Call for adoption - SD-JWT Mike Jones
- Re: [OAUTH-WG] Call for adoption - SD-JWT Giuseppe De Marco
- Re: [OAUTH-WG] Call for adoption - SD-JWT Wayne Chang
- Re: [OAUTH-WG] Call for adoption - SD-JWT Joseph Heenan
- Re: [OAUTH-WG] Call for adoption - SD-JWT Neil Madden
- Re: [OAUTH-WG] Call for adoption - SD-JWT David Chadwick
- Re: [OAUTH-WG] Call for adoption - SD-JWT Warren Parad
- Re: [OAUTH-WG] Call for adoption - SD-JWT David Chadwick
- Re: [OAUTH-WG] Call for adoption - SD-JWT Giuseppe De Marco
- Re: [OAUTH-WG] Call for adoption - SD-JWT David Chadwick
- Re: [OAUTH-WG] Call for adoption - SD-JWT Aaron Parecki
- Re: [OAUTH-WG] Call for adoption - SD-JWT David Chadwick
- Re: [OAUTH-WG] Call for adoption - SD-JWT Warren Parad
- Re: [OAUTH-WG] Call for adoption - SD-JWT Neil Madden
- Re: [OAUTH-WG] Call for adoption - SD-JWT Warren Parad
- Re: [OAUTH-WG] Call for adoption - SD-JWT Vittorio Bertocci
- Re: [OAUTH-WG] Call for adoption - SD-JWT Kristina Yasuda
- Re: [OAUTH-WG] Call for adoption - SD-JWT Warren Parad
- Re: [OAUTH-WG] Call for adoption - SD-JWT Torsten Lodderstedt
- Re: [OAUTH-WG] Call for adoption - SD-JWT Warren Parad
- Re: [OAUTH-WG] Call for adoption - SD-JWT Torsten Lodderstedt
- Re: [OAUTH-WG] Call for adoption - SD-JWT Torsten Lodderstedt
- Re: [OAUTH-WG] Call for adoption - SD-JWT Warren Parad
- Re: [OAUTH-WG] Call for adoption - SD-JWT Torsten Lodderstedt
- Re: [OAUTH-WG] Call for adoption - SD-JWT Warren Parad
- Re: [OAUTH-WG] Call for adoption - SD-JWT Neil Madden
- Re: [OAUTH-WG] Call for adoption - SD-JWT David Chadwick
- Re: [OAUTH-WG] Call for adoption - SD-JWT Torsten Lodderstedt
- Re: [OAUTH-WG] Call for adoption - SD-JWT Warren Parad
- Re: [OAUTH-WG] Call for adoption - SD-JWT Torsten Lodderstedt
- Re: [OAUTH-WG] Call for adoption - SD-JWT Pieter Kasselman
- Re: [OAUTH-WG] Call for adoption - SD-JWT Jaromir Talir
- Re: [OAUTH-WG] Call for adoption - SD-JWT David Chadwick
- Re: [OAUTH-WG] Call for adoption - SD-JWT Warren Parad
- Re: [OAUTH-WG] Call for adoption - SD-JWT Kristina Yasuda
- Re: [OAUTH-WG] Call for adoption - SD-JWT David Chadwick
- Re: [OAUTH-WG] Call for adoption - SD-JWT David Chadwick
- Re: [OAUTH-WG] Call for adoption - SD-JWT David Chadwick
- Re: [OAUTH-WG] Call for adoption - SD-JWT Mike Jones
- Re: [OAUTH-WG] Call for adoption - SD-JWT Neil Madden
- Re: [OAUTH-WG] Call for adoption - SD-JWT Giuseppe De Marco
- Re: [OAUTH-WG] Call for adoption - SD-JWT David Chadwick
- Re: [OAUTH-WG] Call for adoption - SD-JWT Torsten Lodderstedt
- Re: [OAUTH-WG] Call for adoption - SD-JWT David Chadwick
- Re: [OAUTH-WG] Call for adoption - SD-JWT Jaimandeep Singh
- Re: [OAUTH-WG] Call for adoption - SD-JWT Daniel Fett
- Re: [OAUTH-WG] Call for adoption - SD-JWT Warren Parad
- Re: [OAUTH-WG] Call for adoption - SD-JWT Daniel Fett
- Re: [OAUTH-WG] Call for adoption - SD-JWT Warren Parad
- Re: [OAUTH-WG] Call for adoption - SD-JWT Daniel Fett
- Re: [OAUTH-WG] Call for adoption - SD-JWT Warren Parad
- Re: [OAUTH-WG] Call for adoption - SD-JWT Kristina Yasuda
- Re: [OAUTH-WG] Call for adoption - SD-JWT David Waite
- Re: [OAUTH-WG] Call for adoption - SD-JWT Warren Parad
- Re: [OAUTH-WG] Call for adoption - SD-JWT Warren Parad
- Re: [OAUTH-WG] Call for adoption - SD-JWT Kristina Yasuda
- Re: [OAUTH-WG] Call for adoption - SD-JWT Kushal Das
- Re: [OAUTH-WG] Call for adoption - SD-JWT Nat Sakimura
- Re: [OAUTH-WG] Call for adoption - SD-JWT Christian Paquin
- Re: [OAUTH-WG] Call for adoption - SD-JWT Brian Campbell
- Re: [OAUTH-WG] Call for adoption - SD-JWT Rifaat Shekh-Yusef
- Re: [OAUTH-WG] Call for adoption - SD-JWT Jaimandeep Singh
- Re: [OAUTH-WG] Call for adoption - SD-JWT Kristina Yasuda