[Openid-specs-mobile-profile] Account porting: how to encrypt

Manger, James James.H.Manger at team.telstra.com
Tue Sep 20 04:27:19 UTC 2016

The current idea for account porting is for the Old OP to provide a single token (which I’ll call port_token_plain) to the New OP; the New OP encrypts it (for the Old OP) before passing the ciphertext (port_token) to an RP; the RP passes it onto the Old OP; the Old OP decrypts it to retrieve the original token and returns the RP-specific subscriber id to the RP.

The per-RP (actually per-sector-id) encryption is necessary to preserve the privacy of pairwise subs.

An open question is how to do the encryption.

Option 1: public key and algorithm from Old OP metadata.
The port_token seen by an RP could be a JWE (compact encoding?).
One downside is that the encryption does not authenticate that is was done by the New OP.

Option 2: symmetric encryption with secret shared by the New OP and Old OP (such as the New OP’s client_secret used in calls to Old OP).
The port_token seen by an RP would be the ciphertext from an AEAD algorithm, keyed with the client_secret, using the iss and sector_id in the additional authenticated data.
This approach saves a few bytes, avoids some public key crypto, and avoids a metadata lookup to get a public key. A downside is that client_secret is not designed to be used as an AEAD secret key.

Any preferences?

James Manger

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-mobile-profile/attachments/20160920/c6f29c7e/attachment.html>

More information about the Openid-specs-mobile-profile mailing list