Re: [GNAP] About the use case called "Self sovereign identity (SSI)"
Francis Pouatcha <fpo@adorsys.de> Fri, 21 August 2020 13:14 UTC
Return-Path: <fpo@adorsys.de>
X-Original-To: txauth@ietfa.amsl.com
Delivered-To: txauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id CF7F63A0805 for <txauth@ietfa.amsl.com>; Fri, 21 Aug 2020 06:14:42 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.098
X-Spam-Level:
X-Spam-Status: No, score=-2.098 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=adorsys.de
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id JFSZ5axn1Hxi for <txauth@ietfa.amsl.com>; Fri, 21 Aug 2020 06:14:41 -0700 (PDT)
Received: from mail-wm1-x32c.google.com (mail-wm1-x32c.google.com [IPv6:2a00:1450:4864:20::32c]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id E6EA83A040F for <txauth@ietf.org>; Fri, 21 Aug 2020 06:14:40 -0700 (PDT)
Received: by mail-wm1-x32c.google.com with SMTP id t14so1788429wmi.3 for <txauth@ietf.org>; Fri, 21 Aug 2020 06:14:40 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=adorsys.de; s=google; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=c+BU8IRUTIr5Bws7aWOasJ0KbB8epbQXri6xnzLX8XY=; b=RHPUVFTdQ687sBYr8Pa00ezHY2DHM/gsu6juYZrGsv1T2FbEtSj262wR3GqeQM7CN2 jpSxnmMBFKqge2kujn4HI3LYE0/VO/C9HBDmtLTu3rg8FVwCljRhpkmRwUNpQpBgQroB hJV+nMN67Uf4l9VJC74sadECAlFfew0JQHQc4=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=c+BU8IRUTIr5Bws7aWOasJ0KbB8epbQXri6xnzLX8XY=; b=QH32JELQyJsot4FY3ItCNt5qciiRl/NZBItqlY8avaxjfZf1d2+2mEMvxLSFIe9FOK aZkFisVR+1idt6jaWhilvzs/2CwzgKbTZnNtRX23/KFz26PpxHNa1Ap5Z6ssrkn++L+B ez0qds8pr5CfAxpS1/hb/yk0jbsnVClY9nQGwOPZaNW1dISNUi2FH+87agFaXh8a36Q8 +UtTCy3AMPXTgYGxpIVRP9xowZWOffLa5S3hTouOLe6vmQTRT69L0I4gyTzDIfvB9YgC MxCN7OqZj3Zye7n/tlpP8lpHqondcQ2IonZ/kOlWPKlVQKLFa0QYpPUHRlKoKIOnX+Nl QD3g==
X-Gm-Message-State: AOAM5307CvDDc2ifxbcELjkqV7EvUMOPsi3CbxmuePTUk0VvMUlse60H c5DYKEvUCU0iLM7UQFh5u+rZf2hOJsmA7XScrj6K6g==
X-Google-Smtp-Source: ABdhPJyJlQXWTFNyGWWKUA8QSVZYR3kXfhz+9lOaA3uRcnQSbBOvBi4kcuHnL90dcyLHnOlfEz1mOeov9kn49GadeBk=
X-Received: by 2002:a7b:c3d4:: with SMTP id t20mr3721939wmj.8.1598015678910; Fri, 21 Aug 2020 06:14:38 -0700 (PDT)
MIME-Version: 1.0
References: <84df3d97-841d-5dea-477b-465866bcffaa@free.fr> <F07775DA-58ED-4C3E-A780-3D8864DD8DF7@mit.edu>
In-Reply-To: <F07775DA-58ED-4C3E-A780-3D8864DD8DF7@mit.edu>
From: Francis Pouatcha <fpo@adorsys.de>
Date: Fri, 21 Aug 2020 09:14:27 -0400
Message-ID: <CAOW4vyPV-S7O2UtZGM1NXi1a-Mx5QRPAgi9fbEa=d4A1jxTDPQ@mail.gmail.com>
To: Justin Richer <jricher@mit.edu>
Cc: Denis <denis.ietf@free.fr>, "txauth@ietf.org" <txauth@ietf.org>
Content-Type: multipart/alternative; boundary="000000000000e36ede05ad63043e"
Archived-At: <https://mailarchive.ietf.org/arch/msg/txauth/7qYNJb9pqGa9inJaE_IOw2j7dC4>
Subject: Re: [GNAP] About the use case called "Self sovereign identity (SSI)"
X-BeenThere: txauth@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: <txauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/txauth>, <mailto:txauth-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/txauth/>
List-Post: <mailto:txauth@ietf.org>
List-Help: <mailto:txauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/txauth>, <mailto:txauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 21 Aug 2020 13:14:43 -0000
On Fri, Aug 21, 2020 at 9:02 AM Justin Richer <jricher@mit.edu> wrote: > The SSI trick is not the ticket — the SSI portion here is "She indicates > that she is a resident of Bamberg”. We’d like Alice to be able to do that > in a verifiable and programatic way that we can enable in the protocol flow. > Yes. The purpose of SSI in this use case is to illustrate that authz flows will have many claim origins. Flows will have many situations where GS relies on claims produced/presented by other ASs for a compound Authz decision. Best regards /Francis > > — Justin > > On Aug 21, 2020, at 8:48 AM, Denis <denis.ietf@free.fr> wrote: > > > Hello Francis, > > This WG has not been formed to address SSI (Self sovereign identity). This > use case can be solved without using an AS and a RS > and without using a "Self Sovereign Identity (SSI)" approach. > > - Alice visits the website of AC-Tickets. > > - Alice looks up and finds "Bamberg Symphony", the concert she > wants to attend. > > - Alice is informed that she can get a discount price if she is > a resident of Bamberg. > > - Alice fills a form and enters the requested information. > She indicates that she is a resident of Bamberg and so she gets the > discounted price. > > - Alice makes the payment using 3D secure. > > - Alice gets back a QR code on her phone that will be scanned > when entering the concert hall. > > - Alice goes to the concert at Bamberg Symphony. > > - At the entrance gate, Alice presents her QR code which > includes a unique identifier for this concert, the date and time of the > concert, > her seat number reservation, her family name and her first name and the > fact that the ticket price is a discounted price available only > for the residents of Bamberg. > > - If the person controlling the QR-codes at the gate has some > doubt that Alice is indeed a resident of Bamberg, > she asks Alice to present her ID card or her passport which includes her > home address and even more important her picture. > ("On the Internet, nobody knows you're a dog". Peter Steiner's cartoon, > as published in The New Yorker on July 5, 1993). > > This is simple, efficient and easy to implement right now. > > This is roughly how train reservations are working on the French web site > oui.sncf. Some one over 60 can request a discounted railway ticket . > If the train controller has some doubt that the bearer of the discounted > railway ticket is really over 60 after scanning the QR code, he will ask > the person to show an identity card or a passport at the platform entrance > or while in the train. Not only the year of birth will allow to make sure > that the individual is indeed over 60 but in addition the name on the identity > card or the passport will be checked against the name on the railway > ticket and that picture matches with the face of the person in front of > the train controller. > > Anyway, IMHO, I don't believe that this use case should be solved using > GNAP. > > Denis > > PS. This use case has been posted here: > > https://github.com/ietf-wg-gnap/general/wiki/SSI-integration#alice-purchasing-a-concert-ticket-without-disclosing-her-identity > > -- > TXAuth mailing list > TXAuth@ietf.org > https://www.ietf.org/mailman/listinfo/txauth > > > -- Francis Pouatcha Co-Founder and Technical Lead adorsys GmbH & Co. KG https://adorsys-platform.de/solutions/
- [GNAP] About the use case called "Self sovereign … Denis
- Re: [GNAP] About the use case called "Self sovere… Justin Richer
- Re: [GNAP] About the use case called "Self sovere… Francis Pouatcha
- Re: [GNAP] About the use case called "Self sovere… Francis Pouatcha
- Re: [GNAP] About the use case called "Self sovere… Fabien Imbault
- Re: [GNAP] About the use case called "Self sovere… Andrew Hindle