Re: [SPICE] Revised Charter
Denis <denis.ietf@free.fr> Wed, 07 February 2024 15:22 UTC
Return-Path: <denis.ietf@free.fr>
X-Original-To: spice@ietfa.amsl.com
Delivered-To: spice@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id CE842C15109C for <spice@ietfa.amsl.com>; Wed, 7 Feb 2024 07:22:52 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.975
X-Spam-Level:
X-Spam-Status: No, score=-6.975 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, NICE_REPLY_A=-0.091, RCVD_IN_DNSWL_HI=-5, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, T_KAM_HTML_FONT_INVALID=0.01, T_SCC_BODY_TEXT_LINE=-0.01, T_SPF_TEMPERROR=0.01, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id rsUkuI9bKoz0 for <spice@ietfa.amsl.com>; Wed, 7 Feb 2024 07:22:47 -0800 (PST)
Received: from smtp6-g21.free.fr (smtp6-g21.free.fr [IPv6:2a01:e0c:1:1599::15]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 1B886C15154A for <spice@ietf.org>; Wed, 7 Feb 2024 07:22:47 -0800 (PST)
Received: from [192.168.1.11] (unknown [90.91.46.145]) (Authenticated sender: pinkas@free.fr) by smtp6-g21.free.fr (Postfix) with ESMTPSA id 410BD780514; Wed, 7 Feb 2024 16:22:44 +0100 (CET)
Content-Type: multipart/alternative; boundary="------------qj3J2qyAdA6f66UAMm2FaxHT"
Message-ID: <9594556a-5cc4-f924-8955-f516cfe87bd3@free.fr>
Date: Wed, 07 Feb 2024 16:22:45 +0100
MIME-Version: 1.0
User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:102.0) Gecko/20100101 Thunderbird/102.15.1
Content-Language: en-GB
To: spice@ietf.org
References: <CAN8C-_+_uWRwgden4DhfOG4kxbExhMk3vgL_9thjt9M4y=Q7CA@mail.gmail.com> <BN2P110MB1107422AB87BB4AFED71A751DC71A@BN2P110MB1107.NAMP110.PROD.OUTLOOK.COM> <CAN8C-_LuOZ6yGLQ6XmuKTpCJCMW+sVMsrtgnCaHZmSDoctYjiA@mail.gmail.com> <BN2P110MB1107BE3E49B8612EBF11A383DC46A@BN2P110MB1107.NAMP110.PROD.OUTLOOK.COM> <CAGJKSNQ+NiHpFFBLFdFPg-1t-CSU+GVui5LrddNyXiUa2PAw=Q@mail.gmail.com> <CAGJKSNSrRwtTsMe1kjqfX47xqXJpDJ=boFS3yd_7Jd_G7guzzA@mail.gmail.com> <CAN8C-_+pd8WCKVDQFAhiiyxEUETxba+K-EFupeXu6bdrLW=jfQ@mail.gmail.com>
Cc: Roman Danyliw <rdd@cert.org>
From: Denis <denis.ietf@free.fr>
In-Reply-To: <CAN8C-_+pd8WCKVDQFAhiiyxEUETxba+K-EFupeXu6bdrLW=jfQ@mail.gmail.com>
Archived-At: <https://mailarchive.ietf.org/arch/msg/spice/eIGGoOtV1npF__sPsN0YChjrpnk>
Subject: Re: [SPICE] Revised Charter
X-BeenThere: spice@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: Secure Patterns for Internet CrEdentials <spice.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/spice>, <mailto:spice-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/spice/>
List-Post: <mailto:spice@ietf.org>
List-Help: <mailto:spice-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/spice>, <mailto:spice-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 07 Feb 2024 15:22:52 -0000
Hi Orie,
A quick feedback:
"holder", an entity (person, device, organization, or software
agent) that controls the disclosure of credentials.
A "Holder" is NOT a "person, device, organization": it is
an*application* *running in a* *trusted environment *
(able to securely store and appropriately use cryptographic keys).
A person or an organization is unable to store (i.e. remember) and use
the cryptographic keys
(i.e. because a brain is not capable to perform the necessary
mathematical computations).
The same consideration applies for both an Issuer and a Verifier.
However, a Holder (application) is usually under the control of a person
or of an organization.
In order to build a secure system, the Holder (application) MUST support
some specific characteristics,
that MUST be verified by the Issuer, before the issuance of a digital
credential.
_Remainder_: The fist sentence is still useless and should be removed:
Digital credentials are essential to identity, authorization,
licenses, certificates and *digitization use cases*
that are part of modernization efforts targeting *efficiency*, and
*transparency*, such as digital licenses or *certificates of origin*.
Denis
> Roman,
>
> Henk, Mike and Orie have addressed your feedback, the current charter,
> reflecting our changes based on your feedback can be found here:
>
> https://github.com/transmute-industries/ietf-spice-charter/blob/main/charter.md
>
> We think the charter is ready for community review, but less us know
> if you have further changes to suggest.
>
> Regards,
>
> OS
>
>
> On Wed, Feb 7, 2024 at 8:34 AM Michael Prorock <mprorock@mesur.io> wrote:
>
> I have pulled those suggestions into a PR here:
> https://github.com/transmute-industries/ietf-spice-charter/pull/23
>
> Mike Prorock
> CTO, Founder
> https://mesur.io/
>
>
>
> On Tue, Feb 6, 2024 at 12:20 PM Michael Prorock
> <mprorock@mesur.io> wrote:
>
> Thanks Roman,
> That google doc is extremely helpful.
>
> Orie (and list) I will take a stab at a PR that reflects this
> feedback.
>
> Mike Prorock
> CTO, Founder
> https://mesur.io/
>
>
>
> On Tue, Feb 6, 2024 at 11:52 AM Roman Danyliw <rdd@cert.org>
> wrote:
>
> Hi!
>
> Thanks so much for this PR and the related discussion. I
> have a bit more feedback:
>
> (1) Editorially, this overall charter text is too long and
> includes things that I don’t believe help constrain the
> scope. I wanted to be constructive with a proposal but I
> didn’t know how to best convey proposed editorial changes
> on a PR with an explanation. I made a GDoc with track
> changes/suggestions,
> https://docs.google.com/document/d/1mmaB4Ll8jEpgmuoGNLwks51Set5yxLX7Cc3btq4q_9k/edit?usp=sharing.
> If this is not usable, I can find a different way to pass
> along the changes.
>
> A few motivating ideas include reducing the background and
> reducing the number of times parts of the architecture
> defined. I also proposed the removal of all individual
> documents as I wasn’t sure how “related documents” helped
> narrow the scope.
>
> (2) The “Goals” section includes a long list of “topics
> will be considered in the milestones”. While I can see
> how these would be important properties of digital
> credentials, it wasn’t clear to me who they constrain the
> future solution. For example:
>
> -- What does "consider" mean? Using a dictionary
> definition, "consider" means the solution wouldn't have to
> deliver any of these properties.
>
> -- Are these properties going to be provided by unique
> specifications produced by the WG?
>
> -- These topics are described in a level of detail that
> would make it challenging to assess whether the property
> was realized. For example, "Confidentiality (ensuring
> information is protected from unauthorized access" is the
> textbook definition of confidentiality. What is
> "unauthorized" in the context of the architecture framed
> above? "Availability (efficiently information processing,
> minimizing data in flight ...", what's "efficient enough",
> how many bits "in flight" is too many or few?
>
> I wonder if this list could be much shorter? Perhaps some
> reduced set of properties can be woven in the text to
> describe the desired framework.
>
> (3) Per the “Meta Discovery”:
>
> -- As design guidance or constraining the solution space,
> the current text would benefit from refinement. It
> doesn't commit to HTTP; or define or commit to supporting
> constrained device
>
> -- Per the link draft-ietf-oauth-sd-jwt-vc, my
> superficial read of the abstract suggests that it is a
> “data format”. Is that work that will be done here too?
> I’m confused primarily because the current charter text
> talks about HTTP and device types but the OAuth document
> seems more concrete on the support token type, omits the
> protocol and device types
>
> -- Per the “not limited to JSON”, what ecosystem does this
> text intend to support? Is it only the artifact described
> in the “selective disclosure of claims” program of work?
>
> (4) Per the “Selective Disclosure of Claims”, I had
> trouble understanding what kind of solution is being
> described. Specifically, I wasn’t sure what underlying
> technologies were being built on.
>
> -- JOSE/COSE was mentioned in the “Goals/In Scope”
> section. Is that a dependency?
>
> -- Is this deliverable defining new token format?
> Augmenting the CWT claim registry? Adding claims into the
> COSE registries? CBOR tags?
>
> -- The existing JOSE charter
> (https://datatracker.ietf.org/wg/jose/about/) already has
> in scope:
>
> -- "Standards Track document(s) specifying
> representation(s) of JSON-based claims and/or proofs
> enabling selective disclosure of these claims and/or
> proofs, and that also aims to prevent the ability to
> correlate by different verifiers."
>
> -- Standards Track document(s) defining CBOR-based
> representations corresponding to all the above, building
> upon the COSE and CWT specifications in the same way that
> the above build on JOSE and JWT.
>
> In what way will this selective disclosure document be
> different from a JWP?
>
> -- Is this work going to profile other/existing token
> formats to describe how to extend/augment them into being
> digital credentials? Put into another way, is this
> working going to specify a new “envelope” for selective
> disclosure of claims (e.g., alternative to JWP), or is it
> going to profile/reuse an “envelope” (e.g., JWP) described
> elsewhere and provide guidance on how specific industries
> can add their own claims into it to construct digital
> credential?
>
> (5) Editorial. In whatever way this program of work text
> is refined, that needs to be summarized back in the
> “Goals” section.
>
> Regards,
>
> Roman
>
> *From:* Orie Steele <orie@transmute.industries>
> *Sent:* Friday, January 19, 2024 2:05 PM
> *To:* Roman Danyliw <rdd@cert.org>
> *Cc:* spice@ietf.org
> *Subject:* Re: [SPICE] Revised Charter
>
> Roman,
>
> Thank you for your detailed comments.
>
> I have raised this PR which I believe addresses all of them:
>
> https://github.com/transmute-industries/ietf-spice-charter/pull/22
>
> However, some of your comments are questions, which I feel
> it is better to answer on the list, in case no text change
> is needed to address them.
>
> Inline for the rest:
>
> On Thu, Jan 18, 2024 at 4:44 PM Roman Danyliw
> <rdd@cert.org> wrote:
>
> Hi!
>
> Thanks for all of the iteration to get to this text.
> I have a few questions and comments.
>
> ** Per the “Background” Section:
>
> -- “Some sets of claim names are registered with IANA
> and originate from the IETF, OIDF and other standards
> organizations.”
>
> o Editorially, at no point in the text so far has
> there been any link made between “sets of claims” and
> a “digital credential”. The introductory paragraph
> talks about “values” and “attributes” of claims. I
> recommend some bridging text.
>
> I have added some text to the introduction to address this.
>
> o As a reader, I’m not sure why I am being told this
> detail. No subsequent text in the deliverables
> mentions that claims from other SDOs need to be used
> or that they are being built upon.
>
>
> I added references to the existing registries, and
> highlighted that JWT claims focus on people, whereas many
> of the CWT claims focus on devices.
>
> The background context for this is that we think that
> organizations other than the IETF, will likely need to
> describe claims, because a single global registry won't
> fit all of them... and would likely overwhelm the
> designated experts who might not be able to evaluate if a
> new claim in needed for every element in the periodic
> table, or for every organic chemistry molecule, or for
> claims specific to a regional government.
>
> -- “IETF and IRTF working groups have developed
> foundational building blocks with BBS Signatures, RSA
> Blind Signatures, Verifiable Random Functions, or
> other Selective-Disclosure and collection limitation
> techniques.”
>
> o Editorial nit. IRTF doesn’t have WGs, it has
> research groups. The IESG will flag this.
>
>
> Thanks, I have clarified that IRTF has research groups.
>
> o There are assertions of foundational building blocks
> but the text doesn’t narrative how this work would
> build on them. One can infer that BBS/VRF/etc are the
> crypto that will be used. The IETF WG references of
> “Selective-Disclosure” and “collection limitation
> techniques” is what? Recommend either citing WGs or
> RFC/drafts if this link is important.
>
>
> I have added citations.
>
> o I’m trying to keep the IETF/IRTF lanes clear.
> Coordination with CFRG is noted later. Is there
> coordination, or reuse? What planned activities in
> this WG would alter the course of CFRG?
>
>
> I clarified how we think SPICE will consume work from
> CRFG, and how we might provide comments on use cases, for
> example:
>
> A use case for BBS Blind Signatures is privacy preserving
> credentials, such as proving that a human passed a captcha
> previously and should not be challenged again, like is
> done with privacy pass.
>
> ** Per the “Key Design Properties of Digital
> Credentials” section
>
> -- What is the intended use of this section? In what
> way does this text scope the planned work? For
> example, will the WG deliver some version of those as
> part of the “A document specifying the selective
> disclosure of claims in a secure and privacy-friendly
> manner”? Are those related to the planned architecture
> deliverable?)
>
>
> Yes, these are essentially topics we think the
> architecture will address, and that SOME credential
> formats can support.
>
> There has been a lot of discussion about limiting
> credential formats to just the ones that can do all of
> these (SPICE will only work on BBS
> verifier-verifier unlinkable hardware isolated TEE
> credentials), but that position does not have consensus in
> my opinion.
>
> -- I’m a little confused by the framing of this
> section as being able design properties of “digital
> credentials” but the “In-Scope”/”Goal”/”Deliverable”
> sections aren’t linked to digital credentials. Some
> editorial bridging is needed.
>
>
> I hope I have addressed this.
>
> ** Strongly recommend merging “In-Scope” and “Goals”
> sections. Move the text currently in Goals to the end
> of the current “In Scope” text (i.e., reverse the
> order). Editorially, charters typically first say what
> they will do and then describe who they will work with.
>
>
> Done.
>
> ** Per the “Goals”
>
> -- Per the text “Additionally, the SPICE WG will
> coordinate with other SDOs, such as ISO or W3C, on
> data model elements or protocols needed to support
> existing credential use cases”
>
> o what is the thinking behind “support existing
> credential use cases”? Are these new design goals?
>
>
> An example of an existing digital credential could be the
> identity credential based on SD-JWT or ISO mDoc described
> here:
>
> - https://github.com/WICG/identity-credential
>
> If SPICE develops SD-CWT, we would hope that it was
> influenced by the work that it is attempting to improve on.
>
> However, unlike WIMSE, we are not trying to make a
> credential that is "only for workloads" or "only for people".
>
> As an analogy, WIMSE credentials being "only for
> workloads" are inspired by attempts to use "JWT and DPoP"
> which are similarly an "existing credential use case".
>
> o I observe that ISO is a very BIG organization. IETF
> even has multiple liaisons for subsets of ISO. Can
> this text be more specific about the relevant links?
>
>
> I removed direct references to other organizations, which
> I imagine might raise new objections however I will
> counter with this argument:
>
> Unless you are an active member of those organizations,
> and those organizations are building digital credentials,
> and you are contributing to both groups, I don't see a lot
> of value in calling out that the organizations exist.
>
> I think Manu Fontaine has been most vocal on the desire to
> reference TCG and CCC, but I don't understand how he plans
> to coordinate SPICE related deliverables (as described in
> the charter) with those groups, so I will let him argue to
> add this back : )
>
> Similarly Denis has mentioned ISO, I am not aware of
> anyone who is actively contributing to the ISO work on
> mDoc / mobile drivers licenses / covid vaccinations that
> is also planning to contribute to SPICE, but I think they
> are welcome to contribute regardless of if ISO is
> mentioned directly by name.
>
> ** Per the “In-Scope”
>
> -- Per the text “The SPICE WG will consider the use of
> TEEs (Trusted Execution Environments) for managing key
> material and digital credentials.” Can that design be
> made now? Can this be deferred for future charter
> scope? I’m practically asking what “consider” means
> here. It seems like a conditional scope (i.e., “we
> don’t know if we want to deliver this but we want it
> in scope”).
>
>
> I removed this, it's been a recurring point of contention.
> Some folks feel that TEE is essential, others don't. I
> don't see the sentence adding any value to the charter,
> and I do see it continuing to cause confusion.
>
> I did move some references to it to the "design
> considerations" of the digital credentials section.
>
> -- Per the text “Focusing on crisp technical
> specifications and producing separate informative
> guidance documents helps to keep technical interested
> parties involved”, I observe that the planned
> deliverables only include a single informative
> architecture. Is that sufficient?
>
>
> I think so.
>
> Perhaps that is the lesson learned?
>
>
> Much of the charter debate has reinforced this point.
>
> It is easy to talk about the "philosophical value" of
> digital credentials, or even "desirable privacy
> properties", without discussing how to build anything that
> can be implemented.
>
> I would say that this will remain the primary risk of the
> architecture deliverable.
>
> ** Per the Deliverables?
>
> -- Will the meta-discovery document describe a single
> protocol? multiple protocols for discovery? Does it
> build on any prior work protocol work (e.g., is it an
> HTTP API? COAP?)
>
>
> Short answer is we don't know.
>
> It seems very likely that HTTP will be a component, but we
> don't want to preclude other transports such as QR Codes,
> NFC, Bluetooth, etc...
>
> The point of this document is not to address all of these,
> but to provide a concrete way to discover the optionality
> that exists in the wild today.
>
> I added some related drafts that we have worked on trying
> to characterize this challenge.
>
> -- Per a “document specifying the selective disclosure
> of claims in a secure and privacy-friendly manner”:
>
> o What is the relation between this document and
> digital credential (the substance of the front
> matter)? Is this providing a framework/set of claims
> to let others produce their own digital credentials
> with particular security properties?
>
>
> Yes, I added some references, and extra text to try to
> make this clearer.
>
> o What is the relationship between the “security” and
> “privacy-friendly” properties and the more detailed
> key design properties?
>
>
> I think it's mostly just repeating the design properties,
> I think the new text addresses this.
>
> o What is the encoding of the claims for this
> document? JSON and CBOR are noted in the lesson
> learned but not in the explicit scoping.
>
>
> At this point, we don't seem to be able to agree to pick
> just one, but there does seem to be consensus to pull the
> useful digital credential parts from each, and harmonize them.
>
> As an example, SCITT built "receipts" which SD-JWT does
> not support, OAuth built SD-JWT which COSE does not
> support, so SCITT cannot use it.
>
> Both rely on the `iss` , `sub` and `cnf` claims, which are
> supported in JOSE and COSE, and are essential to the "3
> roles", issuer (AS), holder (client) (of credentials,
> maker of presentations) and verifier (RP)...
>
> Another example would be how JWT supported claims in
> headers, but CWT did not until recently, and when that
> feature was added, we learned that kccs had already ported
> part of it... for those who want the details:
>
> - https://datatracker.ietf.org/doc/draft-ietf-lake-edhoc/22/
> -
> https://datatracker.ietf.org/doc/draft-ietf-cose-cwt-claims-in-headers/10/
>
> in
> https://www.iana.org/assignments/cose/cose.xhtml#header-parameters
>
> The claims disclosure document, will address this kind of
> challenge, when deploying credentials based on CWT and
> JWT, in a similar way to how EAT attempted to address this in:
>
> https://datatracker.ietf.org/doc/html/draft-ietf-rats-eat-25#name-the-claims
>
> Hopefully these comments are helpful, if you like I can
> merge the PR or I can leave it open and make adjustments
> in case you have further comments.
>
> Regards,
>
> OS
>
> Roman
>
> *From:* Orie Steele <orie@transmute.industries>
> *Sent:* Thursday, January 18, 2024 1:19 PM
> *To:* spice@ietf.org
> *Subject:* [SPICE] Revised Charter
>
> Hello Spice Enthusiasts,
>
> Our revised draft charter can be found here:
>
> -
> https://github.com/transmute-industries/ietf-spice-charter/blob/8f140a014ed13a21ff308b4d48d745ead67d8c54/charter.md
>
> Thanks to everyone who contributed text on github and
> through the mailing list.
>
> As mentioned on our calls, I will submit a bof request
> with the draft charter text as of today.
>
> If anyone has objections to the current charter text,
> please provide NEW and OLD suggestions through the
> mailing list (on a seperate thread), so we can
> finalize any remaining gaps.
>
> If you support the current draft charter text, please
> reply to this email indicating that you support the
> current text.
>
> I support the current charter text.
>
> Regards,
>
> OS
>
> --
>
> *ORIE STEELE
> *Chief Technology Officer
> www.transmute.industries
>
> Image removed by sender. <https://transmute.industries/>
>
>
> --
>
> *ORIE STEELE
> *Chief Technology Officer
> www.transmute.industries
>
> Image removed by sender. <https://transmute.industries/>
>
> --
> SPICE mailing list
> SPICE@ietf.org
> https://www.ietf.org/mailman/listinfo/spice
>
>
>
> --
>
>
> ORIE STEELEChief Technology Officerwww.transmute.industries
>
> <https://transmute.industries>
>
>
- [SPICE] Revised Charter Orie Steele
- Re: [SPICE] Revised Charter Mahmoud Alkhraishi
- Re: [SPICE] Revised Charter Brent Zundel
- Re: [SPICE] Revised Charter Orie Steele
- Re: [SPICE] Revised Charter Michael Prorock
- Re: [SPICE] Revised Charter Manu Fontaine
- Re: [SPICE] Revised Charter Orie Steele
- Re: [SPICE] Revised Charter Manu Fontaine
- Re: [SPICE] Revised Charter Roman Danyliw
- Re: [SPICE] Revised Charter Orie Steele
- Re: [SPICE] Revised Charter Manu Fontaine
- Re: [SPICE] Revised Charter Denis
- Re: [SPICE] Revised Charter Orie Steele
- Re: [SPICE] Revised Charter Denis
- Re: [SPICE] Revised Charter Michael Prorock
- Re: [SPICE] Revised Charter Roman Danyliw
- Re: [SPICE] Revised Charter Brent Zundel
- Re: [SPICE] Revised Charter Michael Prorock
- Re: [SPICE] Revised Charter Orie Steele
- Re: [SPICE] Revised Charter Michael Prorock
- Re: [SPICE] Revised Charter Orie Steele
- Re: [SPICE] Revised Charter Denis
- Re: [SPICE] Revised Charter Denis