[Openid-specs-ab] SIOP call 2022-June-9
Tom Jones
thomasclinganjones at gmail.com
Thu Jun 9 19:49:50 UTC 2022
There is a lot of difference between the words should and could.
While it certainly is possible to build such an infrastructure, the cost
and performance make this a non-starter.
The EU seems to be great at bold statements that have little reality. Take
the GDPR as a good example.
..tom
On Thu, Jun 9, 2022 at 11:36 AM David Chadwick via Openid-specs-ab <
openid-specs-ab at lists.openid.net> wrote:
> During today's call I asserted that the EU Digital Identity Wallet should
> be able to prove to an RP that it is certified without revealing its
> identity or who the software provider is. I was asked to find a reference
> to this. It is on page 26 of "European Digital Identity Architecture and
> Reference Framework" available here:
>
> https://cloud.eid.as/index.php/s/DQ5aRjyzJDNKXpW
>
> Here is the relevant text
>
> "In addition, the mechanism for relying parties to verify whether a EUDI
> Wallet used is genuine and certified, shall not enable the relying party to
> distinguish between two certified EUDI Wallets, in order to preserve the
> privacy of the user when performing pseudonymous authentication."
>
> This could be implemented using traditional asymmetric crypto, in which
> each EUDI wallet is issued its own VC, stating that it is a certified
> wallet, issued by the EUDI certification authority, in which the subject ID
> is the public key of the wallet. There would be no information to indicate
> who the wallet provider is, or who the wallet holder is. However, this
> certificate, if long lived, would then be a correlating handle, so by
> issuing transient short lived VCs to the wallet each time an RP requires
> assurance, the public key would change every time thereby removing the
> ability to correlate the certifying VCs.
>
> Kind regards
>
> David
> In addition, the mechanism for relying parties to verify whether a EUDI Wallet
> used is genuine and
>
> certified, shall not enable the relying party to distinguish between two
> certified EUDI Wallets, in order to
> preserve the privacy of the user when performing pseudonymous
> authentication.
> _______________________________________________
> Openid-specs-ab mailing list
> Openid-specs-ab at lists.openid.net
> https://lists.openid.net/mailman/listinfo/openid-specs-ab
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-ab/attachments/20220609/5ae93dfb/attachment.html>
More information about the Openid-specs-ab
mailing list