[GNAP] About the use case called "Self sovereign identity (SSI)"
Denis <denis.ietf@free.fr> Fri, 21 August 2020 12:48 UTC
Return-Path: <denis.ietf@free.fr>
X-Original-To: txauth@ietfa.amsl.com
Delivered-To: txauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 5DCAA3A0925 for <txauth@ietfa.amsl.com>; Fri, 21 Aug 2020 05:48:21 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 0.312
X-Spam-Level:
X-Spam-Status: No, score=0.312 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, KHOP_HELO_FCRDNS=0.212, RCVD_IN_MSPIKE_H2=-0.001, SPF_HELO_NONE=0.001, SPF_NONE=0.001, SPOOFED_FREEMAIL=1.997] autolearn=no autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id BT-qsoz2YW9h for <txauth@ietfa.amsl.com>; Fri, 21 Aug 2020 05:48:19 -0700 (PDT)
Received: from smtp.smtpout.orange.fr (smtp04.smtpout.orange.fr [80.12.242.126]) (using TLSv1 with cipher DHE-RSA-AES128-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id CE9E83A0924 for <txauth@ietf.org>; Fri, 21 Aug 2020 05:48:18 -0700 (PDT)
Received: from [192.168.1.11] ([90.79.51.120]) by mwinf5d59 with ME id JCoC230052bcEcA03CoCQJ; Fri, 21 Aug 2020 14:48:16 +0200
X-ME-Helo: [192.168.1.11]
X-ME-Auth: ZGVuaXMucGlua2FzQG9yYW5nZS5mcg==
X-ME-Date: Fri, 21 Aug 2020 14:48:16 +0200
X-ME-IP: 90.79.51.120
To: Francis Pouatcha <fpo@adorsys.de>
Cc: "txauth@ietf.org" <txauth@ietf.org>
From: Denis <denis.ietf@free.fr>
Message-ID: <84df3d97-841d-5dea-477b-465866bcffaa@free.fr>
Date: Fri, 21 Aug 2020 14:48:12 +0200
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:68.0) Gecko/20100101 Thunderbird/68.9.0
MIME-Version: 1.0
Content-Type: multipart/alternative; boundary="------------0AF33B6F985A865F5F831F21"
Content-Language: en-GB
Archived-At: <https://mailarchive.ietf.org/arch/msg/txauth/9E396ODBlZw0YIt9LLmDgrk3X6M>
Subject: [GNAP] About the use case called "Self sovereign identity (SSI)"
X-BeenThere: txauth@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: <txauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/txauth>, <mailto:txauth-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/txauth/>
List-Post: <mailto:txauth@ietf.org>
List-Help: <mailto:txauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/txauth>, <mailto:txauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 21 Aug 2020 12:48:21 -0000
Hello Francis,
This WG has not been formed to address SSI (Self sovereign identity).
This use case can be solved without using an AS and a RS
and without using a "Self Sovereign Identity (SSI)" approach.
-Alice visits the website of AC-Tickets.
-Alice looks up and finds "Bamberg Symphony", the concert she wants to
attend.
-Alice is informed that she can get a discount price if she is a
resident of Bamberg.
-Alice fills a form and enters the requested information.
She indicates that she is a resident of Bamberg and so she gets the
discounted price.
-Alice makes the payment using 3D secure.
-Alice gets back a QR code on her phone that will be scanned when
entering the concert hall.
-Alice goes to the concert at Bamberg Symphony.
-At the entrance gate, Alice presents her QR code which includes a
unique identifier for this concert, the date and time of the concert,
her seat number reservation, her family name and her first name and
the fact that the ticket price is a discounted price available only
for the residents of Bamberg.
-If the person controlling the QR-codes at the gate has some doubt that
Alice is indeed a resident of Bamberg,
she asks Alice to present her ID card or her passport which includes
her home address and even more important her picture.
("On the Internet, nobody knows you're a dog". Peter Steiner's cartoon,
as published in The New Yorker on July 5, 1993).
This is simple, efficient and easy to implement right now.
This is roughly how train reservations are working on the French web
site oui.sncf. Some one over 60 can request a discounted railway ticket .
If the train controller has some doubt that the bearer of the discounted
railway ticket is really over 60 after scanning the QR code, he will ask
the person to show an identity card or a passport at the platform
entrance or while in the train. Not only the year of birth will allow to
make sure
that the individual is indeed over 60 but in addition the name on the
identity card or the passport will be checked against the name on the
railway
ticket and that picture matches with the face of the person in front of
the train controller.
Anyway, IMHO, I don't believe that this use case should be solved using
GNAP.
Denis
PS. This use case has been posted here:
https://github.com/ietf-wg-gnap/general/wiki/SSI-integration#alice-purchasing-a-concert-ticket-without-disclosing-her-identity
- [GNAP] About the use case called "Self sovereign … Denis
- Re: [GNAP] About the use case called "Self sovere… Justin Richer
- Re: [GNAP] About the use case called "Self sovere… Francis Pouatcha
- Re: [GNAP] About the use case called "Self sovere… Francis Pouatcha
- Re: [GNAP] About the use case called "Self sovere… Fabien Imbault
- Re: [GNAP] About the use case called "Self sovere… Andrew Hindle