Re: [GNAP] About the use case called "Self sovereign identity (SSI)"
Andrew Hindle <andrew@hindleconsulting.com> Fri, 21 August 2020 13:44 UTC
Return-Path: <andrew@hindleconsulting.com>
X-Original-To: txauth@ietfa.amsl.com
Delivered-To: txauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 295CB3A045B for <txauth@ietfa.amsl.com>; Fri, 21 Aug 2020 06:44:47 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.098
X-Spam-Level:
X-Spam-Status: No, score=-2.098 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=unavailable autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=hindleconsulting.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 6HwT5yMV5VFe for <txauth@ietfa.amsl.com>; Fri, 21 Aug 2020 06:44:44 -0700 (PDT)
Received: from mail-ot1-x330.google.com (mail-ot1-x330.google.com [IPv6:2607:f8b0:4864:20::330]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 215223A0406 for <txauth@ietf.org>; Fri, 21 Aug 2020 06:44:43 -0700 (PDT)
Received: by mail-ot1-x330.google.com with SMTP id q9so1592973oth.5 for <txauth@ietf.org>; Fri, 21 Aug 2020 06:44:43 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=hindleconsulting.com; s=google; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=sgunhW3dcNvh+DuyJGgmLqyH+AlchT61ta4ZtDJFVDg=; b=U3m+4M36AgeY6b3wCNItCYyDMvdnw3Li850WOJqFg5zQ9gTimO64iMR4zchc8W6hbs UcUYii16v6OTOfIspKX7/55SBQoW/SbCguuKLEIFZqHZaStLtZW8/NBuYTk7qa47ogNx npwgDhMAnOrXHSDClqkeP+kgIZwNvw85e+xQA=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=sgunhW3dcNvh+DuyJGgmLqyH+AlchT61ta4ZtDJFVDg=; b=EcczmlKheWyT0RZI0uG1L4/sysAb1eZPDfEsu7p3ExjOffrS4T3f+OPjQPhI49K6XF x9r3Js6cIjQU775zkBDZL+DIkVDLyOftmmbtfo1hNHKGiIZicIOalPQnDFWIlrwW5Yeq JyVJ8V8ylviqD927aWukJWBAxQjOHzmzGJ47Rnvr11axBdW6wtVJKnvMKhEu0ZmhyEUH pkJimz3Nsa2oo/RZh2qtNhbp5MSXC3XwDOFSAHv9g8WNBqkcaxbc3BPGAcIToXUJZqYf ndC1YY2qcG0OrhlrGBr1IIKj1qVwcY2UoZMUih8wwiRxkct4kLgwcKT/rxeeSDb1gZG0 FQiA==
X-Gm-Message-State: AOAM532I5OtFpjteafJmskdgyUAJjVlZphbnwHrdcMqQHa0Z7W9eKJ3G eUdLikjtVWzSBOO1sGyNICv0AhbrXUPaCull5LemM4BHh9vLIkzroU4vpJvzNmvChrhET5n3Lxq LDr83glAzvOF0JIDH
X-Google-Smtp-Source: ABdhPJyejDRC/l4lmsLXaKWVJmnVhvRvHS5zjnb8FUaCEsjhG8MfQ9jCDzeCWBKYUCZZWK9Iqay5tlP5AYjwF327hXU=
X-Received: by 2002:a9d:73ce:: with SMTP id m14mr1906661otk.265.1598017482904; Fri, 21 Aug 2020 06:44:42 -0700 (PDT)
MIME-Version: 1.0
References: <84df3d97-841d-5dea-477b-465866bcffaa@free.fr> <F07775DA-58ED-4C3E-A780-3D8864DD8DF7@mit.edu> <CAOW4vyPV-S7O2UtZGM1NXi1a-Mx5QRPAgi9fbEa=d4A1jxTDPQ@mail.gmail.com>
In-Reply-To: <CAOW4vyPV-S7O2UtZGM1NXi1a-Mx5QRPAgi9fbEa=d4A1jxTDPQ@mail.gmail.com>
From: Andrew Hindle <andrew@hindleconsulting.com>
Date: Fri, 21 Aug 2020 14:44:31 +0100
Message-ID: <CAELuUW+i3eymzu2Q4mS-KT_Bg0LHvwAaOG3UWS7+3CZ9P0gH_g@mail.gmail.com>
To: Francis Pouatcha <fpo=40adorsys.de@dmarc.ietf.org>
Cc: Justin Richer <jricher@mit.edu>, Denis <denis.ietf@free.fr>, "txauth@ietf.org" <txauth@ietf.org>
Content-Type: multipart/alternative; boundary="00000000000069e9f505ad6370a3"
Archived-At: <https://mailarchive.ietf.org/arch/msg/txauth/C2hD0hAUl7w5JVgA4LB993QlyjM>
Subject: Re: [GNAP] About the use case called "Self sovereign identity (SSI)"
X-BeenThere: txauth@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: <txauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/txauth>, <mailto:txauth-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/txauth/>
List-Post: <mailto:txauth@ietf.org>
List-Help: <mailto:txauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/txauth>, <mailto:txauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 21 Aug 2020 13:44:47 -0000
FWIW, in the UMA WG some time ago we explored (at a conceptual level) how the concept of SSI could/should intersect with the UMA protocol flow. It's an important consideration, exactly for the reasons that Francis outlines. There are plenty of use-cases that are well solved without SSI (and, indeed, without any need for 'verified' or 'attested' attributes per se). But there are also some very important use-cases where this kind of integration will be important. I think it's smart to consider this in the GNAP specification design. --&e On Fri, 21 Aug 2020 at 14:14, Francis Pouatcha <fpo= 40adorsys.de@dmarc.ietf.org> wrote: > > On Fri, Aug 21, 2020 at 9:02 AM Justin Richer <jricher@mit.edu> wrote: > >> The SSI trick is not the ticket — the SSI portion here is "She indicates >> that she is a resident of Bamberg”. We’d like Alice to be able to do >> that in a verifiable and programatic way that we can enable in the protocol >> flow. >> > Yes. > The purpose of SSI in this use case is to illustrate that authz flows will > have many claim origins. Flows will have many situations where GS relies on > claims produced/presented by other ASs for a compound Authz decision. > Best regards > /Francis > >> >> — Justin >> >> On Aug 21, 2020, at 8:48 AM, Denis <denis.ietf@free.fr> wrote: >> >> >> Hello Francis, >> >> This WG has not been formed to address SSI (Self sovereign identity). >> This use case can be solved without using an AS and a RS >> and without using a "Self Sovereign Identity (SSI)" approach. >> >> - Alice visits the website of AC-Tickets. >> >> - Alice looks up and finds "Bamberg Symphony", the concert she >> wants to attend. >> >> - Alice is informed that she can get a discount price if she is >> a resident of Bamberg. >> >> - Alice fills a form and enters the requested information. >> She indicates that she is a resident of Bamberg and so she gets the >> discounted price. >> >> - Alice makes the payment using 3D secure. >> >> - Alice gets back a QR code on her phone that will be scanned >> when entering the concert hall. >> >> - Alice goes to the concert at Bamberg Symphony. >> >> - At the entrance gate, Alice presents her QR code which >> includes a unique identifier for this concert, the date and time of the >> concert, >> her seat number reservation, her family name and her first name and the >> fact that the ticket price is a discounted price available only >> for the residents of Bamberg. >> >> - If the person controlling the QR-codes at the gate has some >> doubt that Alice is indeed a resident of Bamberg, >> she asks Alice to present her ID card or her passport which includes her >> home address and even more important her picture. >> ("On the Internet, nobody knows you're a dog". Peter Steiner's cartoon, >> as published in The New Yorker on July 5, 1993). >> >> This is simple, efficient and easy to implement right now. >> >> This is roughly how train reservations are working on the French web site >> oui.sncf. Some one over 60 can request a discounted railway ticket . >> If the train controller has some doubt that the bearer of the discounted >> railway ticket is really over 60 after scanning the QR code, he will ask >> the person to show an identity card or a passport at the platform >> entrance or while in the train. Not only the year of birth will allow to >> make sure >> that the individual is indeed over 60 but in addition the name on the identity >> card or the passport will be checked against the name on the railway >> ticket and that picture matches with the face of the person in front of >> the train controller. >> >> Anyway, IMHO, I don't believe that this use case should be solved using >> GNAP. >> >> Denis >> >> PS. This use case has been posted here: >> >> https://github.com/ietf-wg-gnap/general/wiki/SSI-integration#alice-purchasing-a-concert-ticket-without-disclosing-her-identity >> >> -- >> TXAuth mailing list >> TXAuth@ietf.org >> https://www.ietf.org/mailman/listinfo/txauth >> >> >> > > -- > Francis Pouatcha > Co-Founder and Technical Lead > adorsys GmbH & Co. KG > https://adorsys-platform.de/solutions/ > -- > TXAuth mailing list > TXAuth@ietf.org > https://www.ietf.org/mailman/listinfo/txauth > -- Andrew Hindle; CIPM <https://www.credential.net/i7iz5rjk>, CIPP/E <https://www.credential.net/q8vel50x>, CIPT <https://www.credential.net/442455d1-23e8-4cc2-aac6-dfcfb9140785> Hindle Consulting Limited +44 7966 136543 Schedule a meeting <https://freebusy.io/andrew@hindleconsulting.com/30min> -- Hindle Consulting Limited is a company registered in England and Wales. Company number: 8888564. Registered office: Claremont House, 1 Market Square, Bicester, Oxfordshire OX26 6AA, UK.
- [GNAP] About the use case called "Self sovereign … Denis
- Re: [GNAP] About the use case called "Self sovere… Justin Richer
- Re: [GNAP] About the use case called "Self sovere… Francis Pouatcha
- Re: [GNAP] About the use case called "Self sovere… Francis Pouatcha
- Re: [GNAP] About the use case called "Self sovere… Fabien Imbault
- Re: [GNAP] About the use case called "Self sovere… Andrew Hindle