[Openid-specs-ab] Issue #1229: Adoption of the "OpenID Connect for W3C Verifiable Credential Objects" (openid/connect)

Nat Sakimura nat at nat.consulting
Mon May 10 22:56:24 UTC 2021


Thanks, Alen.

Yes, "credential" is another defined term in OIDC.

On Tue, May 11, 2021 at 3:26 AM Alen Horvat via Openid-specs-ab <
openid-specs-ab at lists.openid.net> wrote:

> Dear.
>
> Below, I summarize definitions of "claim" from different sources (identity
> and/or authentication documents).
>
> >> NIST - Claim https://csrc.nist.gov/glossary/term/claim
>
> Definition(s):
>
>   A true-false statement about the limitations on the values of an
> unambiguously defined property called the claim’s property; and limitations
> on the uncertainty of the property’s values falling within these
> limitations during the claim’s duration of applicability under stated
> conditions.
>
> >> NIST - Claimant https://csrc.nist.gov/glossary/term/claimant
> A party whose identity is to be verified using an authentication protocol.
> A subject whose identity is to be verified using one or more
> authentication protocols.
> The person who is asserting his or her identity
>
>
> >> NIST - Credential https://csrc.nist.gov/glossary/term/credential
>    2. 2. Evidence attesting to one’s right to credit or authority.
>    1. 1. Evidence or testimonials that support a claim of identity or
> assertion of an attribute and usually are intended to be used more than
> once.
>
> >> OIDC Core
> Claim
>     Piece of information asserted about an Entity.
> Credential
>     Data presented as evidence of the right to use an identity or other
> resources.
>
> >> IdM Glossary of Terms: (
> https://spaces.at.internet2.edu/download/attachments/1540598/CMU-identity-glossary.pdf
> )
> Claim (Assertion) is a statement of the value of one or more identity
> attributes; e.g. if Ben is currently a
> CIT freshman, the Identity Management system could create a credential
> containing the claim: “Ben’s
> affiliation is student”.
> Credential is an object that is verified when presented during an
> authentication transaction. Credentials
> consist of one or two elements:
> 1. Identity Attributes (required): most often just a single identifier
> (e.g. username) associated with
> the entity being authenticated. However, in many circumstances, other
> identity attributes may
> be required (e.g. assertion of a right to use license for a particular
> resource)
> 2. Verifier (optional as part of the credential
>
> >> https://www.gsma.com/identity/glossary
> A claim made by an actor stating its identity. Without validation, no
> assumptions can be made regarding the actor’s identity. An Identity Claim
> is usually made by a User towards a Service Provider.
>
> >> https://www.w3.org/TR/vc-data-model/#dfn-claims
>
> claim An assertion made about a subject
> <https://www.w3.org/TR/vc-data-model/#dfn-subjects>.
>
>
>
> BR, Alen
>
>
> On Monday, 10 May 2021, 19:55:18 CEST, David Chadwick via Openid-specs-ab <
> openid-specs-ab at lists.openid.net> wrote:
>
>
>
> On 10/05/2021 17:29, Tom Jones wrote:
>
> I have a problem when using ccg definitions with the existing standards.
> This is openID not ccg.
>
> I don't believe that your definition of claim matches the existing use in
> computer security or in common language.  Per m-w
>
> But doesn't it match your (ie. OpenID's) definition of a claim?
>
>
> a: a right to somethingspecifically : a title to a debt, privilege, or
> other thing in the possession of anotherThe bank has a claim on their
> house.
> b: an assertion *open to challenge*a claim of authenticityadvertisers'
> extravagant claims
>
> Be the change you want to see in the world ..tom
>
>
> On Mon, May 10, 2021 at 9:00 AM David Chadwick via Openid-specs-ab <
> openid-specs-ab at lists.openid.net> wrote:
>
> We do not need to provide definitions as they already exist in the W3C VC
> Data Model Recommendation, so we can simply reference them. They are:
>
>
> claim An assertion made about a subject
> <https://www.w3.org/TR/vc-data-model/#dfn-subjects>.
> credential A set of one or more claims
> <https://www.w3.org/TR/vc-data-model/#dfn-claims> made by an issuer
> <https://www.w3.org/TR/vc-data-model/#dfn-issuers>.A verifiable credential
> is a tamper-evident credential that has authorship that can be
> cryptographically verified.
>
> You will note that the W3C recommendation does not say anything about what
> the assertion may be, but if you look it up in a dictionary you will get
> something like
>
> Assertion - a positive statement or declaration, often without support or
> reason
>
> Please tell me what is unclear about the above
>
> Kind regards
>
> David
>
>
> On 10/05/2021 16:36, Tom Jones via Openid-specs-ab wrote:
>
> And I find the lack of clarity to be extremely rude and disrespectful of
> any sort of meaningful conversation about the issues. If you have a better
> definition of claim, please let us hear it.
>
> thx ..Tom (mobile)
>
> On Mon, May 10, 2021, 8:28 AM Oliver Terbu via Openid-specs-ab <
> openid-specs-ab at lists.openid.net> wrote:
>
> This is another example of an extremely rude and disrespectful tone by the
> same person:
>
> "I want clarity of language. Right now we just have a claim = some crap
> and credential = a pile of crap."
> http://lists.openid.net/pipermail/openid-specs-ab/2021-May/008233.html
>
> Oliver
>
> On Mon, 10 May 2021 at 14:39, Kristina Yasuda via Openid-specs-ab <
> openid-specs-ab at lists.openid.net> wrote:
>
> Thank you, Nat.
>
> As promised, I wanted to outline the relationship between "OpenID Connect
> for W3C Verifiable Credential Objects" (OIDC4VCO) draft and other existing
> drafts. (point 2 in this issue)
> ※ Note that there was a proposal to rename the draft  "OpenID Connect for
> W3C Verifiable Presentations", but I will use OIDC4VCO abbreviation for
> now.
>
>
>    - Relationship with OpenID Connect Core: OIDC4VCO uses mechanisms
>    already defined in OIDC Core, and does not introduce any breaking changes.
>    - Relationship with SIOP V2 draft: SIOP V2 draft will refer to the
>    OIDC4VCO draft wrt how W3C verifiable presentations (VPs) can be
>    transported using SIOP model, since OIDC4VCO draft defines a generic way
>    how W3C VPs can be used with various OIDC flows including SIOP V2.
>    - Relationship with Claims Aggregation draft (and Credential Provider
>    draft once contributed): these drafts will be used by the OP to receive
>    credentials from the Claims Provider, so that the OP will be able to
>    present received credentials to the RP using OIDC4VCO draft. These drafts
>    should be aligned as much as possible.
>    - Relationship with DIF Presentation Exchange (PE) draft: DIF PE draft
>    could be used as part of the request syntax in OIDC4VCO draf, which can be
>    discussed once OIDC4VCO draft is adopted. DIF PE is a query language that
>    is protocol agnostic, and it does not replace OIDC4VCO draft.
>
> This is an initial summary and additional input from the editors/working
> group is very welcome.
>
> A work item to enable transporting W3C VPs using OpenID Connect, will most
> likely not be successful outside OpenID Foundation AB/C Working Group,
> because that is where the collective OpenID Connect expertise resides.
>
> Best,
> Kristina
>
>
> ------------------------------
> *差出人:* Openid-specs-ab <openid-specs-ab-bounces at lists.openid.net> が Nat
> via Openid-specs-ab <openid-specs-ab at lists.openid.net> の代理で送信
> *送信日時:* 2021年5月7日 0:55
> *宛先:* openid-specs-ab at lists.openid.net <openid-specs-ab at lists.openid.net>
> *CC:* Nat <issues-reply at bitbucket.org>
> *件名:* [Openid-specs-ab] Issue #1229: Adoption of the "OpenID Connect for
> W3C Verifiable Credential Objects" (openid/connect)
>
> New issue 1229: Adoption of the "OpenID Connect for W3C Verifiable
> Credential Objects"
>
> https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fbitbucket.org%2Fopenid%2Fconnect%2Fissues%2F1229%2Fadoption-of-the-openid-connect-for-w3c&data=04%7C01%7CKristina.Yasuda%40microsoft.com%7C546f6f574aa946624ea408d910a766d3%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637559134036105710%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=v8JUcUVcU4A%2FlkpyB43J2%2B9DB9axNOyOGjmQAe5GU58%3D&reserved=0
>
> Nat Sakimura:
>
> SIOP SC recommended the adoption of “[OpenID Connect for W3C Verifiable
> Credential Objects](
> https://nam06.safelinks.protection.outlook.com/?url=http%3A%2F%2Flists.openid.net%2Fpipermail%2Fopenid-specs-ab%2Fattachments%2F20210505%2Fa198527a%2Fattachment-0001.pdf&data=04%7C01%7CKristina.Yasuda%40microsoft.com%7C546f6f574aa946624ea408d910a766d3%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637559134036105710%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=LdCCcQ1tptJ290hqLdPsJdDWACLjeswgOwEKvhBi%2FyM%3D&reserved=0)”
> \[1\] as a working group item.
>
> \[1\] [
> https://nam06.safelinks.protection.outlook.com/?url=http%3A%2F%2Flists.openid.net%2Fpipermail%2Fopenid-specs-ab%2Fattachments%2F20210505%2Fa198527a%2Fattachment-0001.pdf&data=04%7C01%7CKristina.Yasuda%40microsoft.com%7C546f6f574aa946624ea408d910a766d3%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637559134036115666%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=38hwxalY%2FRk1ypItq%2Bnxnhd26OE4uUJ79XUm1T8DVNw%3D&reserved=0](https://nam06.safelinks.protection.outlook.com/?url=http%3A%2F%2Flists.openid.net%2Fpipermail%2Fopenid-specs-ab%2Fattachments%2F20210505%2Fa198527a%2Fattachment-0001.pdf&data=04%7C01%7CKristina.Yasuda%40microsoft.com%7C546f6f574aa946624ea408d910a766d3%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637559134036115666%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=38hwxalY%2FRk1ypItq%2Bnxnhd26OE4uUJ79XUm1T8DVNw%3D&reserved=0
> )
>
> Some concerns were expressed by a few WG members.
>
> This ticket is to give an opportunity for those members to express their
> concerns and proposers to reply to them.
>
> There are a few criteria for non-adoption of documents: namely
>
> 1. If the draft does not fall into the scope of the WG.
> 2. If the draft is overlapping with existing drafts, the technical content
> should be raised as an issue and eventually result in PR rather than
> starting a new draft.
>
>     1. NOTE: A non-overlapping portion can be made as an independent
> document so proposers should consider creating such.
>
> 3. If there is a legal or reputational risk for the OIDF in adopting the
> document. \(The board may intervene on this ground.\)
>
> If the issues are only on the technical nature of the proposed draft that
> does not fall into the above criteria, then, it should be dealt with during
> and after the adoption of the document.
>
>>
> _______________________________________________
> Openid-specs-ab mailing list
> Openid-specs-ab at lists.openid.net
>
> https://nam06.safelinks.protection.outlook.com/?url=http%3A%2F%2Flists.openid.net%2Fmailman%2Flistinfo%2Fopenid-specs-ab&data=04%7C01%7CKristina.Yasuda%40microsoft.com%7C546f6f574aa946624ea408d910a766d3%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637559134036115666%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=zj60E0N480Cv0Pqtne%2FbRk%2FOu8%2BJ8toFtZ6kNncNnHY%3D&reserved=0
> _______________________________________________
> Openid-specs-ab mailing list
> Openid-specs-ab at lists.openid.net
> http://lists.openid.net/mailman/listinfo/openid-specs-ab
>
> _______________________________________________
> Openid-specs-ab mailing list
> Openid-specs-ab at lists.openid.net
> http://lists.openid.net/mailman/listinfo/openid-specs-ab
>
>
> _______________________________________________
> Openid-specs-ab mailing listOpenid-specs-ab at lists.openid.nethttp://lists.openid.net/mailman/listinfo/openid-specs-ab
>
> _______________________________________________
> Openid-specs-ab mailing list
> Openid-specs-ab at lists.openid.net
> http://lists.openid.net/mailman/listinfo/openid-specs-ab
>
> _______________________________________________
> Openid-specs-ab mailing list
> Openid-specs-ab at lists.openid.net
> http://lists.openid.net/mailman/listinfo/openid-specs-ab
> _______________________________________________
> Openid-specs-ab mailing list
> Openid-specs-ab at lists.openid.net
> http://lists.openid.net/mailman/listinfo/openid-specs-ab
>


-- 
Nat Sakimura
NAT.Consulting LLC
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-ab/attachments/20210511/8bb8ba7c/attachment-0001.html>


More information about the Openid-specs-ab mailing list