IETF Logo Mail Archive

[OAUTH-WG] Re: Alternative text for sd-jwt privacy considerations.

Brian Campbell <bcampbell@pingidentity.com> Fri, 27 December 2024 14:17 UTC

Return-Path: <bcampbell@pingidentity.com>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 6249AC14F6A5 for <oauth@ietfa.amsl.com>; Fri, 27 Dec 2024 06:17:49 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.102
X-Spam-Level:
X-Spam-Status: No, score=-2.102 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_FONT_FACE_BAD=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_NONE=0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=pingidentity.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id v9fP2BJAhA-h for <oauth@ietfa.amsl.com>; Fri, 27 Dec 2024 06:17:45 -0800 (PST)
Received: from mail-vs1-xe2f.google.com (mail-vs1-xe2f.google.com [IPv6:2607:f8b0:4864:20::e2f]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature ECDSA (P-256) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 607B1C14F6A1 for <oauth@ietf.org>; Fri, 27 Dec 2024 06:17:45 -0800 (PST)
Received: by mail-vs1-xe2f.google.com with SMTP id ada2fe7eead31-4b11a110e4eso2009638137.1 for <oauth@ietf.org>; Fri, 27 Dec 2024 06:17:45 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=pingidentity.com; s=google; t=1735309064; x=1735913864; darn=ietf.org; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:from:to:cc:subject:date:message-id:reply-to; bh=tavWCQ2lty8HS3j5V0dukyRdSjbyLa/OKu2ug6s8AaM=; b=EdmZAkbrdfCKUxf09BWOcTU4hEymPEiPVUXMzpmMpQyBc4I0bDvGD9MA1/qkk8rW2n 4o8FJM3IxE63v5oWm8S/w3dySuiSc3yGn0cE86qn8FspwPZkaFlip3bZX+VYEn2+Jz/v F1C7G8Tp5xxA2Qzuy9Jugy+jsluYGh74K0tb/rnkTXQEBlJMNzuECn2lNtNYc/tk0tm8 oAuxu8rbeDOvG4CMfLOU9nQhR2LcchJNQ74wMHBEM8TJ3Td18BQ7GT+8L4d82hKV35uN YCQnHHCUw4YsFAHGSt1DEAaQuMVBjBgoQd2yVl56O0mk9htjLWRL10PULPqp+sb+MM5j s9Vw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1735309064; x=1735913864; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=tavWCQ2lty8HS3j5V0dukyRdSjbyLa/OKu2ug6s8AaM=; b=MDXKdiFte/Lgde/AjKUHVw9+cDTH35Z71jUUuv200HK6/eAHtSUiFYU3eAaOTiL/By PKL1ii8t8YVCOz3I6DbxcWRVUNMKWfQ0yjks3wzlv1kcWirOADRI4CPpsVU9ocgOHbF6 cINihT0h+ukSTY3YdRDP91aS1UJn3qsvUq14ys/ntHhuaR1aAu1DSLsSOR8K2jVkrD0x teRRJk1Is5KTdCsXKiLPSvfqNvuUf+V7tUWJ9/RL4HBaMSKvzAo/SYVusTqLewnXI0+9 rShy0YRryHMlvsWm+/hnJEt2t8OG2PRQjuJ75u0eRtbvzGi/WUnevWdDn7wV+q22GdWL MLaw==
X-Forwarded-Encrypted: i=1; AJvYcCX17mETsenlj7RTuQ7uMX4iN1FNXKQiwNlmSz2LlkM1w0sK67hs7oa3qziukK1/dsL+C9sLGw==@ietf.org
X-Gm-Message-State: AOJu0Ywmx6f4mAAkGpmbyLhiotm3HHejwM3MIcZ0ombOrfKbl/wzY8ms /QVm/iIXuVQ1qN1G++taFhoiLIjQBXuotXazrW+XIG07NrP2zhPURMq38/0TTIjZP0u1JdxlxZG EujeSMJvqcVHaU279w6TbTliAOF8Fy+qzrdEZgdr0FiOn6w9dm62/yg7xJ4AwKbTsSp8eulVD6j Lr1/ADJloUtQbbj534jTqyO5c=
X-Gm-Gg: ASbGncvYbOOANT1/tl96StnPr09YMyXEDXGOWn6boPOWVbyaSaASZNeb1iJpV0rjCUX GTL4RaVdh3ynWM1dWuSsw+QEcnKxZmfGvV8E/iZZ3pMnIGmUgL5PM9mesQhwFuGLpP05LDEw=
X-Google-Smtp-Source: AGHT+IHPVSR6kWhxC4BkAbV8GKnAuKkxkuDFiWR+Q/eAYkPeRRsws/RpkjvSFbv7AMwYon9baAUgI7rvKSq0SvX8mWg=
X-Received: by 2002:a05:6122:2519:b0:515:e446:b9f9 with SMTP id 71dfb90a1353d-51b75d661f1mr15474151e0c.12.1735309064017; Fri, 27 Dec 2024 06:17:44 -0800 (PST)
MIME-Version: 1.0
References: <CACsn0cnEJKamSSJH4-pKg1xNZ3X+__B4UwZ3P5enxP5tQ4AqzA@mail.gmail.com> <CAK2Cwb5cf9uHJBNZp2rZ+BQcUNPpC7-GfPPhu4ben1N6ZyEa9w@mail.gmail.com> <005A4346-84CE-47CD-BCCC-9EE236F569F1@alkaline-solutions.com> <CAK2Cwb6oVha8wM9+ERet8vXJT=+LeaL3Ju1ePq-6e+ye9_evrA@mail.gmail.com>
In-Reply-To: <CAK2Cwb6oVha8wM9+ERet8vXJT=+LeaL3Ju1ePq-6e+ye9_evrA@mail.gmail.com>
From: Brian Campbell <bcampbell@pingidentity.com>
Date: Fri, 27 Dec 2024 07:17:18 -0700
Message-ID: <CA+k3eCTv91QyX1tNCRQ8fransbacOCUnnAq0wthbQA20WvTMdw@mail.gmail.com>
To: peace@acm.org
Content-Type: multipart/alternative; boundary="000000000000563f54062a412000"
Message-ID-Hash: YUWVSZVR4LVEDIT5C56QGC7D7HARF3Q7
X-Message-ID-Hash: YUWVSZVR4LVEDIT5C56QGC7D7HARF3Q7
X-MailFrom: bcampbell@pingidentity.com
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-oauth.ietf.org-0; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
CC: pemc kantara <Wg-pemc@kantarainitiative.org>, IETF oauth WG <oauth@ietf.org>
X-Mailman-Version: 3.3.9rc6
Precedence: list
Subject: [OAUTH-WG] Re: Alternative text for sd-jwt privacy considerations.
List-Id: OAUTH WG <oauth.ietf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/oauth/v6tb-7l_9lT5ZJd4wecwWcE7h-Q>
List-Archive: <https://mailarchive.ietf.org/arch/browse/oauth>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Owner: <mailto:oauth-owner@ietf.org>
List-Post: <mailto:oauth@ietf.org>
List-Subscribe: <mailto:oauth-join@ietf.org>
List-Unsubscribe: <mailto:oauth-leave@ietf.org>

I feel like this thread has strayed a bit from its origin, which was some
text Watson proposed for the privacy considerations
https://mailarchive.ietf.org/arch/msg/oauth/ugVBj2O0hw-nuWNVTFpt0JH3yVY

>From my perspective, it wouldn't be a wholesale replacement for anything
but, assuming the co-authors and WG in general are okay with it, something
along those lines could be incorporated into the existing considerations.

On Thu, Dec 26, 2024 at 6:28 PM Tom Jones <thomasclinganjones@gmail.com>
wrote:

> I am appalled!
>
> All humans must adapt to the consent plans of this small standards group!
> I for one do not plan to adapt - sorry about that!
>
> Peace ..tom jones
>
>
> On Thu, Dec 26, 2024 at 4:15 PM David Waite <david@alkaline-solutions.com>
> wrote:
>
>>
>>
>> > On Dec 26, 2024, at 10:38 AM, Tom Jones <thomasclinganjones@gmail.com>
>> wrote:
>> >
>> > This problem was clearly demonstrated by the California mDL hackathon
>> where the default presentation was ALL DATA. That is the easiest path, so
>> it remains the one most taken. We have known since standards were first
>> introduced that they immediately create a drive to the bottom. This will be
>> the fate of this standard as well. The most permissive interpretation will
>> be the most common. The user's desires will not be met.
>> >
>>
>> The consequence of splitting out the policy for controlling data release
>> from the issuing authority is that the complexity that was the business
>> logic for handling requests, determining if they are appropriate for the
>> use case, prompting the user for consent, etc. is now all complexity pushed
>> into the (likely third party) user agent.
>>
>> Architectures like PRIVACYPASS create individual solutions to release a
>> particular type of information in the most privacy-preserving manner they
>> are capable of. This sort of business logic is baked into the protocol, and
>> the scope of implementation is thus boxed to solve that particular problem.
>> The user agent can only work per the spec if it intends to work properly,
>> and following the specification (hopefully) leads to a complete
>> implementation.
>>
>> The majority of verifiable credentials systems proposed have no such
>> bounds - which is one reason you are likely to see credentials often scoped
>> to be issued only to specific, qualified wallets in production. Those
>> specific user agents will enforce the required security and privacy
>> requirements the issuer has for their credential. That is both their own
>> policy logic to be enforced (such as a credential being bound to hardware),
>> as well as their own requirements for appropriate user behavior (such as
>> mandatory authentication and mandatory disclosure before the credential is
>> released). That could include verifier authentication and having the holder
>> agent confirm the verifier is authorized by the issuer to make the sort of
>> request they are making - before a user consent prompt ever enters the
>> picture.
>>
>> You could say that the captcha usage of privacy pass and AAMVA mDL usage
>> are the same in that they develop trust frameworks that define the network
>> of acceptable participants. I suspect however that the requirements for the
>> latter contain significantly more requirements and potentially new
>> technical works.
>>
>> A mDL hackathon has likely not set such policy or mandated that mDL and
>> readers abide by it. They may not even have wanted to limit participants to
>> having support for specifying complex queries (especially with the
>> OpenID4VP query language changes which occurred recently). I’m not
>> surprised a hackathon defaulted to a wide-open attribute policy.
>>
>> -DW
>
> _______________________________________________
> OAuth mailing list -- oauth@ietf.org
> To unsubscribe send an email to oauth-leave@ietf.org
>

-- 
_CONFIDENTIALITY NOTICE: This email may contain confidential and privileged 
material for the sole use of the intended recipient(s). Any review, use, 
distribution or disclosure by others is strictly prohibited.  If you have 
received this communication in error, please notify the sender immediately 
by e-mail and delete the message and any file attachments from your 
computer. Thank you._

v2.39.1 | Report a Bug | By Email | System Status