[Openid-specs-ab] SIOP call 2022-June-9

Torsten Lodderstedt torsten at lodderstedt.net
Fri Jun 10 09:02:30 UTC 2022 


> Am 10.06.2022 um 10:38 schrieb David Chadwick via Openid-specs-ab <openid-specs-ab at lists.openid.net>:
> 
> I think the latter included the former.
> 
Please explain the privacy implications of the fact that the RP knows that an user uses a wallet provided by provider a.
> If the RP can differentiate between user1 with wallet1 and user2 with wallet2 from a different provider, then the requirement has not been fulfilled. That is my interpretation. So the RP should not be able to distinguish between requests from
> 
> user1 with wallet1
> 
> user1 with wallet2
> 
> user2 with  wallet1
> 
> user2 with wallet2
> 
> They should all look like different requests from different users to the RP. This is how the original SAML worked before persistent IDs were introduced. Personally I think it is a superb privacy protecting feature, and its what we have implemented in our product.
> 
Please explain how this can be implemented. As soon as the RP needs to check the compliance of the wallet using a cert, there is an identifier to identify and distinguish wallet services. 
> Kind regards
> 
> David
> 
> On 10/06/2022 07:53, Kristina Yasuda via Openid-specs-ab wrote:
>> Thank you, David.
>> 
>> +1 to Torsten’s question and interpretation that the text refers to verifier not being able to differentiate two different wallet instances and use that to identify a unique user.
>> 
>> From: Openid-specs-ab <openid-specs-ab-bounces at lists.openid.net> <mailto:openid-specs-ab-bounces at lists.openid.net> on behalf of Torsten Lodderstedt via Openid-specs-ab <openid-specs-ab at lists.openid.net> <mailto:openid-specs-ab at lists.openid.net>
>> Sent: Thursday, June 9, 2022 12:06 PM
>> To: Artifact Binding/Connect Working Group
>> Cc: Torsten Lodderstedt
>> Subject: Re: [Openid-specs-ab] SIOP call 2022-June-9
>>  
>> Thanks for sharing. 
>> 
>> I would like to understand whether "two certified EUDI Wallets“ in this statement refer to two different implementations/service providers or just two different instances for different users. I assume the later since the former does not have privacy implications.
>> 
>> best regards,
>> Torsten. 
>> 
>>> Am 09.06.2022 um 20:36 schrieb David Chadwick via Openid-specs-ab <openid-specs-ab at lists.openid.net <mailto:openid-specs-ab at lists.openid.net>>:
>>> 
>>> During today's call I asserted that the EU Digital Identity Wallet should be able to prove to an RP that it is certified without revealing its identity or who the software provider is. I was asked to find a reference to this. It is on page 26 of "European Digital Identity Architecture and Reference Framework" available here: 
>>> 
>>> https://cloud.eid.as/index.php/s/DQ5aRjyzJDNKXpW <https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fcloud.eid.as%2Findex.php%2Fs%2FDQ5aRjyzJDNKXpW&data=05%7C01%7CKristina.Yasuda%40microsoft.com%7Cdde2e2735d554c67888308da4a4af495%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637903984091677249%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C2000%7C%7C%7C&sdata=AXMbHKj5%2FQ1fHgTGQIhlzNuwaqUTdHxyYNad%2BMHlp2o%3D&reserved=0>
>>> Here is the relevant text
>>> 
>>> "In addition, the mechanism for relying parties to verify whether a EUDI Wallet used is genuine and certified, shall not enable the relying party to distinguish between two certified EUDI Wallets, in order to preserve the privacy of the user when performing pseudonymous authentication." 
>>> 
>>> This could be implemented using traditional asymmetric crypto, in which each EUDI wallet is issued its own VC, stating that it is a certified wallet, issued by the EUDI certification authority, in which the subject ID is the public key of the wallet. There would be no information to indicate who the wallet provider is, or who the wallet holder is. However, this certificate, if long lived, would then be a correlating handle, so by issuing transient short lived VCs to the wallet each time an RP requires assurance, the public key                       would change every time thereby removing the ability to correlate the certifying VCs.
>>> 
>>> Kind regards
>>> 
>>> David
>>> 
>>> In
>>>  addition,
>>> the
>>>  mechanism for
>>> relying
>>>  parties
>>> to
>>>  verify whether
>>> a
>>> EUDI
>>>  Wallet
>>>  used is genuine and
>>> certified,
>>> shall
>>> not
>>>  enable the relying party to distinguish between two certified
>>> EUDI
>>>  Wallets,
>>>  in order to
>>> preserve
>>>  the privacy of the user when performing pseudonymous authentication.
>>> 
>>> _______________________________________________
>>> Openid-specs-ab mailing list
>>> Openid-specs-ab at lists.openid.net <mailto:Openid-specs-ab at lists.openid.net>
>>> https://lists.openid.net/mailman/listinfo/openid-specs-ab <https://lists.openid.net/mailman/listinfo/openid-specs-ab>
>> 
>> 
>> 
>> _______________________________________________
>> Openid-specs-ab mailing list
>> Openid-specs-ab at lists.openid.net <mailto:Openid-specs-ab at lists.openid.net>
>> https://lists.openid.net/mailman/listinfo/openid-specs-ab <https://lists.openid.net/mailman/listinfo/openid-specs-ab>
> _______________________________________________
> Openid-specs-ab mailing list
> Openid-specs-ab at lists.openid.net
> https://lists.openid.net/mailman/listinfo/openid-specs-ab

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-ab/attachments/20220610/aaa3ea3e/attachment.html>

More information about the Openid-specs-ab mailing list