[Openid-specs-ab] Multipass Container Proposal

David Waite david at alkaline-solutions.com
Fri Jul 31 02:33:31 UTC 2020

Hello everyone!

As alluded to at the end of the workshop call on Monday, I wanted to share a proposal towards the recent SIOP interest.

The idea is to have a general mechanism to request credentials from an issuer and retrieve a single-use ‘container’ of credentials from the issuer which can be selectively disclosed. The format of credentials is purposely left out of scope, but key is provided with the container for parties to leverage for credential verification. We have already put some thought into some initially proposed credential types.

The goal was to create a container and a request mechanism which would allow for the minimum amount of disclosure when used. Container verification does not mandate a global subject identifier or the use of DIDs, allowing these to instead be selectively disclosed as credentials. It is also meant to support privacy with respect to which parties credentials are disclosed with, up until the verifier and issuer start colluding. Finally, the process of retrieving a single-use container is detached from usage, allowing for them to be cached for disconnected/offline use.

I hope this is useful to the group, and I welcome feedback! The current version is on https://github.com/dwaite/multipass <https://github.com/dwaite/multipass> , with the latest built version of mainline at https://dwaite.github.io/multipass/draft-waite-multipass-retrieval.html <https://dwaite.github.io/multipass/draft-waite-multipass-retrieval.html> .

-DW (David Waite)
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-ab/attachments/20200730/96dd331b/attachment.html>

More information about the Openid-specs-ab mailing list