Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

slides: https://cvs.data.kit.edu/talks/2404-gn-di-cred-flow/

SD-JWT

  • JWT for Selective Disclosure. https://www.ietf.org/archive/id/draft-fett-oauth-selective-disclosure-jwt-02.html
  • Flow:
    • Issuer passes two objects to the holder:
      • SD-JWT (signed JWT, contains CLAIMs, HASHES OF VALUES, and a signature)
      • SD-JWT-SVC (Salt Value Container, contains CLAIMs, SALTS, and JSON-Encoded VALUES)
    • Holder
      • creates SD-JWT-R (unsigned subset of the SD-JWT-SVC) i.e. holder can see the values of the claims that are released.
      • passes SD-JWT and SD-JWT-R to the verifier
    • Verifier
      • Uses salts to verify hashes
      • Can then trust the SD-JWT
  • Extensions allow for "holder binding" to eliminate replay attacks.
  • Pros:
    • User sees values that are passed on
    • User is in charge of the selection of claims
  • Cons:
    • Breaks existing JWT flows

JSON-LD

  • JSON for Linked Data https://json-ld.org/
  • Extension of JSON with "@-Claims" that point to external resources
  • Most prominent: "@context" which links to a schema that describes the JSON at hand
  • Why is this relevant?: (I think) it provides a way to pass around arbitrary JSONs from Issuer via Holder to Verifier.
    • The wallet software does not need to understand the JSON a-priori (e.g. at development time)

ELM-V3

...

  • Nice read: https://medium.com/@leifj/trust-does-not-scale-94bab5b67f5c
  • eduGAIN
  • EBSI
  • OID-Fed
  • ToIP Whitepaper
    • Apparently not more than a whitepaperIntermediaries (as in Federated Identities) are bad: "Trust Gap" from scaling up
    • Intermediaries (as in DI) are good
    • Describes the trust between Issuer and Verifier
      • Pretty much a "cloudy" kind of thing => This is where (IMO) eduGAIN and OID-Fed have strongest points
  • New concept: Holder Binding

...