[Openid-specs-ab] SIOP call 2022-June-9

Fri Jun 10 06:53:06 UTC 2022

Thank you, David.

+1 to Torsten’s question and interpretation that the text refers to verifier not being able to differentiate two different wallet instances and use that to identify a unique user.

________________________________
From: Openid-specs-ab <openid-specs-ab-bounces at lists.openid.net> on behalf of Torsten Lodderstedt via Openid-specs-ab <openid-specs-ab at lists.openid.net>
Sent: Thursday, June 9, 2022 12:06 PM
To: Artifact Binding/Connect Working Group
Cc: Torsten Lodderstedt
Subject: Re: [Openid-specs-ab] SIOP call 2022-June-9

Thanks for sharing.

I would like to understand whether "two certified EUDI Wallets“ in this statement refer to two different implementations/service providers or just two different instances for different users. I assume the later since the former does not have privacy implications.

best regards,
Torsten.

Am 09.06.2022 um 20:36 schrieb David Chadwick via Openid-specs-ab <openid-specs-ab at lists.openid.net<mailto:openid-specs-ab at lists.openid.net>>:

During today's call I asserted that the EU Digital Identity Wallet should be able to prove to an RP that it is certified without revealing its identity or who the software provider is. I was asked to find a reference to this. It is on page 26 of "European Digital Identity Architecture and Reference Framework" available here:

https://cloud.eid.as/index.php/s/DQ5aRjyzJDNKXpW<https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fcloud.eid.as%2Findex.php%2Fs%2FDQ5aRjyzJDNKXpW&data=05%7C01%7CKristina.Yasuda%40microsoft.com%7Cdde2e2735d554c67888308da4a4af495%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637903984091677249%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C2000%7C%7C%7C&sdata=AXMbHKj5%2FQ1fHgTGQIhlzNuwaqUTdHxyYNad%2BMHlp2o%3D&reserved=0>

Here is the relevant text

"In addition, the mechanism for relying parties to verify whether a EUDI Wallet used is genuine and certified, shall not enable the relying party to distinguish between two certified EUDI Wallets, in order to preserve the privacy of the user when performing pseudonymous authentication."

This could be implemented using traditional asymmetric crypto, in which each EUDI wallet is issued its own VC, stating that it is a certified wallet, issued by the EUDI certification authority, in which the subject ID is the public key of the wallet. There would be no information to indicate who the wallet provider is, or who the wallet holder is. However, this certificate, if long lived, would then be a correlating handle, so by issuing transient short lived VCs to the wallet each time an RP requires assurance, the public key would change every time thereby removing the ability to correlate the certifying VCs.

Kind regards

David

In addition, the mechanism for relying parties to verify whether a EUDI Wallet used is genuine and

certified, shall not enable the relying party to distinguish between two certified EUDI Wallets, in order to
preserve the privacy of the user when performing pseudonymous authentication.

_______________________________________________
Openid-specs-ab mailing list
Openid-specs-ab at lists.openid.net<mailto:Openid-specs-ab at lists.openid.net>
https://lists.openid.net/mailman/listinfo/openid-specs-ab

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-ab/attachments/20220610/c8652eb3/attachment.html>