IETF Logo Mail Archive

Re: [GNAP] DID as sub_id or assertion?

Adrian Gropper <agropper@healthurl.com> Wed, 17 March 2021 20:55 UTC

Return-Path: <agropper@gmail.com>
X-Original-To: txauth@ietfa.amsl.com
Delivered-To: txauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id DBCD33A1491 for <txauth@ietfa.amsl.com>; Wed, 17 Mar 2021 13:55:44 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.399
X-Spam-Level:
X-Spam-Status: No, score=-1.399 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, FREEMAIL_FORGED_FROMDOMAIN=0.249, FREEMAIL_FROM=0.001, HEADER_FROM_DIFFERENT_DOMAINS=0.25, HTML_MESSAGE=0.001, RCVD_IN_MSPIKE_H2=-0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=no autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Wl6uFZiv-rbr for <txauth@ietfa.amsl.com>; Wed, 17 Mar 2021 13:55:43 -0700 (PDT)
Received: from mail-vs1-f46.google.com (mail-vs1-f46.google.com [209.85.217.46]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 829493A1490 for <txauth@ietf.org>; Wed, 17 Mar 2021 13:55:43 -0700 (PDT)
Received: by mail-vs1-f46.google.com with SMTP id 124so365488vsg.12 for <txauth@ietf.org>; Wed, 17 Mar 2021 13:55:43 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=nRKkyyJhhIsuLoH86LYrbLGMO++iLQzRpK+Ds+zjRg0=; b=Up0ILKyJXt8XdAoPrb2xKoCnWP70+yfvLKLXeUaofIfd2kdUf1uBgJ0YkvkFqMBYAU XUNCNfMzVZJwW9pafNRDmY2Jfkfw3cVYwgW45nFXHPKcXy9vosVYztYRRaetZU3mBvSF I9wXcbYK5bHlvFYLUmJu2FNqPAwyD9BmanGtA88Mq8g2RUUbDftWzKO/7KXANu9ExpYv 1Z9QdxkBohmaUlcSMRrYM2Cw+kZK+BH4el1AmgeN9kxxqAoAdQ1YviFBBE8TVO5k/SRO uLoWQS/LiJp6HyxS7MWQTv1zNSqex1J6gCLyl7GHlOyYXWEfZusXKci1LvASLskHkbrY rAuw==
X-Gm-Message-State: AOAM531VnYIu2VG9fxxA7AKWeUNIguzdLCYJJq+2bPOf3jPEP2U5RzYa Z3SsbEBMfBZE6UCFsNZM6yf9873lDhKCamtqvtY=
X-Google-Smtp-Source: ABdhPJxFjhhzLJSPwCMYxTJ5DHVUqMgsA2jV2ZjNhDTHW4CgXo6LciENUMp1rAVKQHLfpn/DVZRZe8etsA3uIRNoXR4=
X-Received: by 2002:a05:6102:24a:: with SMTP id a10mr4723069vsq.39.1616014542298; Wed, 17 Mar 2021 13:55:42 -0700 (PDT)
MIME-Version: 1.0
References: <CAM8feuQ5Q1LrGtniCH3WN5gyf6QhBa-9e+2kzaV0fxzA5D5m7w@mail.gmail.com> <B3A02C1B-5DF6-46AE-B806-8DBBF5F6B701@mit.edu> <CAM8feuRuCyKGCDNYXP_gwc=wk986q6m_-DDOcXR8T9k+LdoX9g@mail.gmail.com> <CAM8feuRHQJF6sWGBcvt41kH6V6fwXK0-O15aUgvRRiK9q8vefA@mail.gmail.com> <CAJmmfSSY03c1nn3qtQDhY+Zk490d++zftyftSWPOGPdgPOnkag@mail.gmail.com> <CAM8feuTSWko8q+Agn+0+tLmSAOG6NYH_dMCV697NLna1U-Sxew@mail.gmail.com> <CANYRo8immAFJ08pvd00U6zT6-zRsrHkJ28NuKyC28Fdx=F=USQ@mail.gmail.com> <CAM8feuQbDJfPqym-2VAb4VyDuL8rm_Yk-sGyrb8_qAapUBtEuw@mail.gmail.com> <CAM8feuS332Ng_Bi=doXzq0WEgLc7_+tOmB4uE71+bpJ_g4P-aw@mail.gmail.com> <CANYRo8jG+ZutU6Bhy7zSrKcgnVxjMze7i-y_UpU3+PWvsWfLvA@mail.gmail.com> <CAM8feuSixNA2oFTtYR0Y3vngc+3UbsOSqSBCA6RUEEByB25eNA@mail.gmail.com> <CANYRo8hts6P_4QNjjcUr-H9B9wGJeVckWw+3V3N9hdPHf_idLQ@mail.gmail.com> <CAM8feuQEQyCEOErds8rpcipaqyPm3L3XMdrbQ6X2t3y9xcO4dQ@mail.gmail.com> <CAJmmfSQKZWm=YsjBVV8O+vU9zzC+eka0CCaQO-xFP-GcWzEigw@mail.gmail.com>
In-Reply-To: <CAJmmfSQKZWm=YsjBVV8O+vU9zzC+eka0CCaQO-xFP-GcWzEigw@mail.gmail.com>
From: Adrian Gropper <agropper@healthurl.com>
Date: Wed, 17 Mar 2021 16:55:31 -0400
Message-ID: <CANYRo8jw9gHQESDk__aKM3jK-C9FvYTFYOzb-8iYzbc_hVjMPA@mail.gmail.com>
To: Tobias Looker <tobias.looker@mattr.global>
Cc: Fabien Imbault <fabien.imbault@gmail.com>, GNAP Mailing List <txauth@ietf.org>, Justin Richer <jricher@mit.edu>
Content-Type: multipart/alternative; boundary="000000000000bee15005bdc1b406"
Archived-At: <https://mailarchive.ietf.org/arch/msg/txauth/gApYO-JGVt0Xtzv2gVVnFwMdWYo>
Subject: Re: [GNAP] DID as sub_id or assertion?
X-BeenThere: txauth@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: GNAP <txauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/txauth>, <mailto:txauth-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/txauth/>
List-Post: <mailto:txauth@ietf.org>
List-Help: <mailto:txauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/txauth>, <mailto:txauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 17 Mar 2021 20:55:45 -0000

On Wed, Mar 17, 2021 at 4:23 PM Tobias Looker <tobias.looker@mattr.global>
wrote:

> <snip>
> > A client might not have a DID but it could have a VC as a certificate of
> authenticity linked to some audit mechanism.
>
> To me a VC would come under the assertions umbrella (that is to say a VC
> could be one type of valid assertion). The client may possess or been
> presented with a VC that it could include in its request to the AS as a way
> to identify the subject and perhaps prove authentication and authorization.
>

I do not assume that the client that interacts with the AS to make a
request and receive a token is the same as the client that will present the
token to the RS. In the US HIPAA use-case, for example, the root of trust
is a contract between the patient-subject and the doctor-requesting party
but the doctor workflow is expected to delegate the token to some other
end-user that may be using a totally different client such as an EHR.

Adrian

v2.23.0 | Report a Bug | By Email