Re: [GNAP] About the use case called "Self sovereign identity (SSI)"
Francis Pouatcha <fpo@adorsys.de> Fri, 21 August 2020 13:09 UTC
Return-Path: <fpo@adorsys.de>
X-Original-To: txauth@ietfa.amsl.com
Delivered-To: txauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 851D83A07FF for <txauth@ietfa.amsl.com>; Fri, 21 Aug 2020 06:09:14 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.098
X-Spam-Level:
X-Spam-Status: No, score=-2.098 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=adorsys.de
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id rQWu2HYiMH6c for <txauth@ietfa.amsl.com>; Fri, 21 Aug 2020 06:09:12 -0700 (PDT)
Received: from mail-wr1-x42a.google.com (mail-wr1-x42a.google.com [IPv6:2a00:1450:4864:20::42a]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 5B8E63A058F for <txauth@ietf.org>; Fri, 21 Aug 2020 06:09:12 -0700 (PDT)
Received: by mail-wr1-x42a.google.com with SMTP id a5so1886542wrm.6 for <txauth@ietf.org>; Fri, 21 Aug 2020 06:09:12 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=adorsys.de; s=google; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=0IxexUXFix9Np6rnhex4RQWiSrceT4V173Mz+dPEmqw=; b=ECXldXq/rbcou8Ilib9eMSBI9k9r60kPjtD95skenrL3RRedNsKUurRog1ONZxOMDw 3pz0TVgA/8QFnf6Fb85ExLQ6YpS5gG7sFEIdXPkawbluZmnUI1Le6IRFHsrDDV7rwFWC PnZx5AHP6kbe06LPn1dRv5zAaNcgxfEzNaXBw=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=0IxexUXFix9Np6rnhex4RQWiSrceT4V173Mz+dPEmqw=; b=t04FeKlKiW8Kxo2olGD8YWCinHUeL/eFW/bEWmbxlzW+xS58WnDWKZ2mR9P2xY9I/W TMoT8HlItr/d94x8Dp42Y7bzK3nmjNzPzDnO7AiMTpPmaIK1DGw4Ie35gixVqQsNC9Xq y0crY7OBso0V91QNEa5to96yu/nv/Xytnt593XgoVbjufv5seqVU1Y38LwJ/0ZwDvdFc aNesMi9O12VyyqpxtscPTIHr4tmek6bF+A1ati4UlLOfSlijAuGJaG5L8WQOWOi41Cfq 5qREf6OTDqQF/RSUVBLdcYiXij88ezVop16NUhbzhlPMCt3jkQqk9eRa671g/8Do4cNz RXpA==
X-Gm-Message-State: AOAM5301Aq8yXdqOeuonbeiqLArKQoyo/B1waYqxdUNRt/ZvUmEuBCTv 9pG7ZZiS/cq9vyZTuXnyWC9oYUbeF1abeN0zNFBWwA==
X-Google-Smtp-Source: ABdhPJyE/DsESti79kgRnLwiWCOJsAC6Pv6ceDJ0iT0VtgFZSiih9BHPJmP6iaoq/uBVbYgYi7Odu2W8U2wzxiqmGe8=
X-Received: by 2002:adf:cc88:: with SMTP id p8mr2646787wrj.70.1598015350325; Fri, 21 Aug 2020 06:09:10 -0700 (PDT)
MIME-Version: 1.0
References: <84df3d97-841d-5dea-477b-465866bcffaa@free.fr>
In-Reply-To: <84df3d97-841d-5dea-477b-465866bcffaa@free.fr>
From: Francis Pouatcha <fpo@adorsys.de>
Date: Fri, 21 Aug 2020 09:08:59 -0400
Message-ID: <CAOW4vyOEvK+YJ8OZ95834tYTRi+xiOEZpgJmgaz52-emaY+e2A@mail.gmail.com>
To: Denis <denis.ietf@free.fr>
Cc: "txauth@ietf.org" <txauth@ietf.org>
Content-Type: multipart/alternative; boundary="0000000000004d5e7605ad62f1fb"
Archived-At: <https://mailarchive.ietf.org/arch/msg/txauth/1rcAFsqRcwUh25JqAbt7qEW3tlI>
Subject: Re: [GNAP] About the use case called "Self sovereign identity (SSI)"
X-BeenThere: txauth@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: <txauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/txauth>, <mailto:txauth-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/txauth/>
List-Post: <mailto:txauth@ietf.org>
List-Help: <mailto:txauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/txauth>, <mailto:txauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 21 Aug 2020 13:09:15 -0000
Hello Denis, in your use case description, - the RS ist the concert gateman - now AS/GS is AC-Tickets - AS/GS issue a conditioned token (Please allow Alice to this concert only if she is older than 18 and a resident of Bamberg) - Human RS is given an "option" to check these claims at the gate (or not). - Check is negative: Alice is younger than 18, but has bought a concert ticket from the ticket website (legal contract). Who is liable? Best regards /Francis On Fri, Aug 21, 2020 at 8:48 AM Denis <denis.ietf@free.fr> wrote: > Hello Francis, > > This WG has not been formed to address SSI (Self sovereign identity). This > use case can be solved without using an AS and a RS > and without using a "Self Sovereign Identity (SSI)" approach. > > - Alice visits the website of AC-Tickets. > > - Alice looks up and finds "Bamberg Symphony", the concert she > wants to attend. > > - Alice is informed that she can get a discount price if she is > a resident of Bamberg. > > - Alice fills a form and enters the requested information. > She indicates that she is a resident of Bamberg and so she gets the > discounted price. > > - Alice makes the payment using 3D secure. > > - Alice gets back a QR code on her phone that will be scanned > when entering the concert hall. > > - Alice goes to the concert at Bamberg Symphony. > > - At the entrance gate, Alice presents her QR code which > includes a unique identifier for this concert, the date and time of the > concert, > her seat number reservation, her family name and her first name and the > fact that the ticket price is a discounted price available only > for the residents of Bamberg. > > - If the person controlling the QR-codes at the gate has some > doubt that Alice is indeed a resident of Bamberg, > she asks Alice to present her ID card or her passport which includes her > home address and even more important her picture. > ("On the Internet, nobody knows you're a dog". Peter Steiner's cartoon, > as published in The New Yorker on July 5, 1993). > > This is simple, efficient and easy to implement right now. > > This is roughly how train reservations are working on the French web site > oui.sncf. Some one over 60 can request a discounted railway ticket . > If the train controller has some doubt that the bearer of the discounted > railway ticket is really over 60 after scanning the QR code, he will ask > the person to show an identity card or a passport at the platform entrance > or while in the train. Not only the year of birth will allow to make sure > that the individual is indeed over 60 but in addition the name on the identity > card or the passport will be checked against the name on the railway > ticket and that picture matches with the face of the person in front of > the train controller. > > Anyway, IMHO, I don't believe that this use case should be solved using > GNAP. > > Denis > > PS. This use case has been posted here: > > https://github.com/ietf-wg-gnap/general/wiki/SSI-integration#alice-purchasing-a-concert-ticket-without-disclosing-her-identity > > -- Francis Pouatcha Co-Founder and Technical Lead adorsys GmbH & Co. KG https://adorsys-platform.de/solutions/
- [GNAP] About the use case called "Self sovereign … Denis
- Re: [GNAP] About the use case called "Self sovere… Justin Richer
- Re: [GNAP] About the use case called "Self sovere… Francis Pouatcha
- Re: [GNAP] About the use case called "Self sovere… Francis Pouatcha
- Re: [GNAP] About the use case called "Self sovere… Fabien Imbault
- Re: [GNAP] About the use case called "Self sovere… Andrew Hindle