IETF Logo Mail Archive

Re: [GNAP] About the use case called "Self sovereign identity (SSI)"

Justin Richer <jricher@mit.edu> Fri, 21 August 2020 13:02 UTC

Return-Path: <jricher@mit.edu>
X-Original-To: txauth@ietfa.amsl.com
Delivered-To: txauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B5DB03A0962 for <txauth@ietfa.amsl.com>; Fri, 21 Aug 2020 06:02:11 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.896
X-Spam-Level:
X-Spam-Status: No, score=-1.896 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, RCVD_IN_MSPIKE_H4=0.001, RCVD_IN_MSPIKE_WL=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id UZpUBvhtQJLH for <txauth@ietfa.amsl.com>; Fri, 21 Aug 2020 06:02:09 -0700 (PDT)
Received: from outgoing.mit.edu (outgoing-auth-1.mit.edu [18.9.28.11]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 854303A095E for <txauth@ietf.org>; Fri, 21 Aug 2020 06:02:09 -0700 (PDT)
Received: from [192.168.1.11] (static-71-174-62-56.bstnma.fios.verizon.net [71.174.62.56]) (authenticated bits=0) (User authenticated as jricher@ATHENA.MIT.EDU) by outgoing.mit.edu (8.14.7/8.12.4) with ESMTP id 07LD23Xi004284 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Fri, 21 Aug 2020 09:02:04 -0400
From: Justin Richer <jricher@mit.edu>
Message-Id: <F07775DA-58ED-4C3E-A780-3D8864DD8DF7@mit.edu>
Content-Type: multipart/alternative; boundary="Apple-Mail=_9734F5B3-020A-4C26-A01C-B0EE9620401E"
Mime-Version: 1.0 (Mac OS X Mail 13.4 \(3608.120.23.2.1\))
Date: Fri, 21 Aug 2020 09:02:03 -0400
In-Reply-To: <84df3d97-841d-5dea-477b-465866bcffaa@free.fr>
Cc: Francis Pouatcha <fpo@adorsys.de>, "txauth@ietf.org" <txauth@ietf.org>
To: Denis <denis.ietf@free.fr>
References: <84df3d97-841d-5dea-477b-465866bcffaa@free.fr>
X-Mailer: Apple Mail (2.3608.120.23.2.1)
Archived-At: <https://mailarchive.ietf.org/arch/msg/txauth/zfMtfrlRZwEnx68mseTllVojs_M>
Subject: Re: [GNAP] About the use case called "Self sovereign identity (SSI)"
X-BeenThere: txauth@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: <txauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/txauth>, <mailto:txauth-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/txauth/>
List-Post: <mailto:txauth@ietf.org>
List-Help: <mailto:txauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/txauth>, <mailto:txauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 21 Aug 2020 13:02:12 -0000

The SSI trick is not the ticket — the SSI portion here is "She indicates that she is a resident of Bamberg”. We’d like Alice to be able to do that in a verifiable and programatic way that we can enable in the protocol flow.

 — Justin

> On Aug 21, 2020, at 8:48 AM, Denis <denis.ietf@free.fr> wrote:
> 
> 
> Hello Francis,
> This WG has not been formed to address SSI (Self sovereign identity). This use case can be solved without using an AS and a RS 
> and without using a "Self Sovereign Identity (SSI)" approach.
> 
> -          Alice visits the website of AC-Tickets.
> 
> -          Alice looks up and finds "Bamberg Symphony", the concert she wants to attend.
> 
> -          Alice is informed that she can get a discount price if she is a resident of Bamberg.
> 
> -          Alice fills a form and enters the requested information. 
>  She indicates that she is a resident of Bamberg and so she gets the discounted price.
> 
> -          Alice makes the payment using 3D secure.
> 
> -          Alice gets back a QR code on her phone that will be scanned when entering the concert hall.
> 
> -          Alice goes to the concert at Bamberg Symphony.
> 
> -          At the entrance gate, Alice presents her QR code which includes a unique identifier for this concert, the date and time of the concert, 
>  her seat number reservation, her family name and her first name and the fact that the ticket price is a discounted price available only 
>  for the residents of Bamberg.
> 
> -          If the person controlling the QR-codes at the gate has some doubt that Alice is indeed a resident of Bamberg, 
>  she asks Alice to present her ID card or her passport which includes her home address and even more important her picture.
> ("On the Internet, nobody knows you're a dog". Peter Steiner's cartoon, as published in The New Yorker on July 5, 1993).
> 
> This is simple, efficient and easy to implement right now. 
> 
> This is roughly how train reservations are working on the French web site oui.sncf. Some one over 60 can request a discounted railway ticket . 
> If the train controller has some doubt that the bearer of the discounted railway ticket is really over 60 after scanning the QR code, he will ask 
> the person to show an identity card or a passport at the platform entrance or while in the train. Not only the year of birth will allow to make sure
> that the individual is indeed over 60 but in addition the name on the identity card or the passport will be checked against the name on the railway 
> ticket and that picture matches with the face of the person in front of the train controller.
> 
> Anyway, IMHO, I don't believe that this use case should be solved using GNAP. 
> 
> Denis 
> 
> PS. This use case has been posted here: 
> https://github.com/ietf-wg-gnap/general/wiki/SSI-integration#alice-purchasing-a-concert-ticket-without-disclosing-her-identity <https://github.com/ietf-wg-gnap/general/wiki/SSI-integration#alice-purchasing-a-concert-ticket-without-disclosing-her-identity>
> -- 
> TXAuth mailing list
> TXAuth@ietf.org
> https://www.ietf.org/mailman/listinfo/txauth

v2.23.0 | Report a Bug | By Email