[Openid-specs-ab] Issue #1255: Trust in Self-Issued Identifiers (openid/connect)

tomcjones issues-reply at bitbucket.org
Thu Jul 1 14:00:53 UTC 2021


New issue 1255: Trust in Self-Issued Identifiers
https://bitbucket.org/openid/connect/issues/1255/trust-in-self-issued-identifiers

Tom Jones:

The discussion about federation evolved into a discussion about trust. Here are the trust vectors i have so far discovered.

1. The user trusts the RP to be telling the truth about its intent to honor the user's intentions wrt the user's data.
2. The user trusts the SIOP to be fairly representing the RP.
3. The user trusts the SIOP to protect the user's secrets \(private keys and other credentials.\)
4. The user trusts the SIOP to faithfully present user intent to the RP.
5. The RP trusts the SIOP to assist in the user authentication process \(including user secrets and possibly user liveness.\)
6. The users trusts the TTP \(aka claims provider\) to avoid releasing any information about them.
7. The RP trusts the TTP to validate claims \(offline proofs preferred over online verification of current state. Currently a huge debate within mDL/eID efforts.\)
8. Once a relationship is established the user trusts the VRM \(chooser\) to provide "refresh tokens" to quickly re-establish trust.

i have more thought and will be tracking on this post [https://tcwiki.azurewebsites.net/index.php?title=Self-issued\_Trust](https://tcwiki.azurewebsites.net/index.php?title=Self-issued_Trust)




More information about the Openid-specs-ab mailing list