[Openid-specs-ab] SIOP and webauthn

Sat Mar 11 23:44:45 UTC 2023

I’ve read entire windows cardspace book to be able to respond to these kind of conversations.

Cardspace/infocards did a great job setting out principles including user centricity. But in terms of technology, these are few important differences. One is cryptographic holder binding - holder being able to sign a presentation using a key signed over by the issuer. Infocards were either only self signed or sent to the issuer to be signed real-time (ie no direct presentation of issuer signed cards from the holder to the verifier).

Also infocards were before smartphones were even invented/became mainstream ;)

If we are talking about similarities, Verifiable credentials are much more similar to cnf claim RFC7800 than infocards.

Best,
Kristina

________________________________
From: Openid-specs-ab <openid-specs-ab-bounces at lists.openid.net> on behalf of Nikos Fotiou via Openid-specs-ab <openid-specs-ab at lists.openid.net>
Sent: Saturday, March 11, 2023 2:56 PM
To: 'Vittorio Bertocci' <vittorio.bertocci at okta.com>; 'Artifact Binding/Connect Working Group' <openid-specs-ab at lists.openid.net>
Cc: Nikos Fotiou <fotiou at aueb.gr>
Subject: Re: [Openid-specs-ab] SIOP and webauthn

I read Vittorio’s description and I came up with the attached meme. Probably inaccurate but the resemblance in terminology cannot be ignored.

From: Vittorio Bertocci <vittorio.bertocci at okta.com>
Sent: Sunday, March 12, 2023 12:03 AM
To: Artifact Binding/Connect Working Group <openid-specs-ab at lists.openid.net>
Cc: Nikos Fotiou <fotiou at aueb.gr>
Subject: Re: [Openid-specs-ab] SIOP and webauthn

Thank you :)
Information cards were an interoperable format representing the ability of a user to obtain a certain set of claims form a given issuer. The self issued cards mentioned above were cards sourcing claims from the client itself rather than an external issuer.
Cardspace was the Windows client that was capable of working with information cards.
HTH

On Sat, Mar 11, 2023 at 13:59 Nikos Fotiou via Openid-specs-ab <openid-specs-ab at lists.openid.net<mailto:openid-specs-ab at lists.openid.net>> wrote:

This message originated outside your organization.

________________________________

Sorry for asking but is “information cards“ and cardspace the same thing? FWIW I found this episode of Identity Unlocked about cardspace very educative
[cid:image001.jpg at 01D9547C.CDCA10B0]
Windows CardSpace with Stuart Kwan<https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fidentityunlocked.auth0.com%2Fpublic%2F49%2FIdentity%252C-Unlocked.--bed7fada%2F61103d3d&data=05%7C01%7CKristina.Yasuda%40microsoft.com%7C2ebb96788524449590a908db22838563%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C638141721598033544%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C2000%7C%7C%7C&sdata=SQNiSl6DF7L55BMNEQj8N1RIcRU3ieDl3FlqikCZH90%3D&reserved=0>
identityunlocked.auth0.com<https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fidentityunlocked.auth0.com%2Fpublic%2F49%2FIdentity%252C-Unlocked.--bed7fada%2F61103d3d&data=05%7C01%7CKristina.Yasuda%40microsoft.com%7C2ebb96788524449590a908db22838563%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C638141721598033544%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C2000%7C%7C%7C&sdata=SQNiSl6DF7L55BMNEQj8N1RIcRU3ieDl3FlqikCZH90%3D&reserved=0>

11 Μαρ 2023, 10:26 μμ, ο χρήστης «Mike Jones via Openid-specs-ab <openid-specs-ab at lists.openid.net<mailto:openid-specs-ab at lists.openid.net>>» έγραψε:

SIOP standardization was completed in 2014 https://openid.net/specs/openid-connect-core-1_0.html#SelfIssued<https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fopenid.net%2Fspecs%2Fopenid-connect-core-1_0.html%23SelfIssued&data=05%7C01%7CKristina.Yasuda%40microsoft.com%7C2ebb96788524449590a908db22838563%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C638141721598033544%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C2000%7C%7C%7C&sdata=sU%2BK3PYZZWuK2wbUU9MhAlJszxQtRzpC4nVbq4iH%2Bbw%3D&reserved=0>.  (The ideas for it were partially based on self-issued Information Cards, which used a public/private keypair held in a wallet for authentication.)

                                                       -- Mike

From: Openid-specs-ab <openid-specs-ab-bounces at lists.openid.net<mailto:openid-specs-ab-bounces at lists.openid.net>> On Behalf Of Sam Goto via Openid-specs-ab
Sent: Saturday, March 11, 2023 11:17 AM
To: Artifact Binding/Connect Working Group <openid-specs-ab at lists.openid.net<mailto:openid-specs-ab at lists.openid.net>>
Cc: Sam Goto <goto at google.com<mailto:goto at google.com>>
Subject: Re: [Openid-specs-ab] SIOP and webauthn

I don't recall the timelines precisely, but didn't we develop WebAuthn before SIOP?

I think i understand why SIOP was developed, if it was done after WebAuthn, because, IIRC, WebAuthn didn't have the cross platform syncing capabilities that it has today, but i do wonder where SIOP would fit today.

On Sat, Mar 11, 2023, 9:41 AM Tom Jones via Openid-specs-ab <openid-specs-ab at lists.openid.net<mailto:openid-specs-ab at lists.openid.net>> wrote:
Check out chapi
thx ..Tom (mobile)

On Sat, Mar 11, 2023, 2:45 AM Nikos Fotiou via Openid-specs-ab <openid-specs-ab at lists.openid.net<mailto:openid-specs-ab at lists.openid.net>> wrote:
Hi,

I have a question which is related to politics and standardization history.

I believe that SIOP (as defined in openid connect core) could have been used instead of WebAuthn. A combination of SIOP+ctap (rather than WebAuthn+ctap) would have more chances of getting adopted. So I was wondering how we came up with yet another API instead of adding support for SIOP to browsers. Did this ever occur as a possibility?

Best,
Nikos

--
Nikos Fotiou - https://www2.aueb.gr/users/fotiou/<https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww2.aueb.gr%2Fusers%2Ffotiou%2F&data=05%7C01%7CKristina.Yasuda%40microsoft.com%7C2ebb96788524449590a908db22838563%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C638141721598189796%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C2000%7C%7C%7C&sdata=UGQm8sW4YVpJwBhv1ZRaPG6NwPViOZciPKzGdJCD6RE%3D&reserved=0>
Researcher - Mobile Multimedia Laboratory
Athens University of Economics and Business
https://mm.aueb.gr<https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fmm.aueb.gr%2F&data=05%7C01%7CKristina.Yasuda%40microsoft.com%7C2ebb96788524449590a908db22838563%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C638141721598189796%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C2000%7C%7C%7C&sdata=dAawSxHbdV%2FHPkAJvw%2F9NK9P2bEkqlmc0eM42SaVLYU%3D&reserved=0>

_______________________________________________
Openid-specs-ab mailing list
Openid-specs-ab at lists.openid.net<mailto:Openid-specs-ab at lists.openid.net>
https://lists.openid.net/mailman/listinfo/openid-specs-ab<https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Flists.openid.net%2Fmailman%2Flistinfo%2Fopenid-specs-ab&data=05%7C01%7CKristina.Yasuda%40microsoft.com%7C2ebb96788524449590a908db22838563%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C638141721598189796%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C2000%7C%7C%7C&sdata=ZgavOEekPNHEHLsF%2FZEvyqTrlIwZ721hd%2B5YMyoqfuo%3D&reserved=0>
_______________________________________________
Openid-specs-ab mailing list
Openid-specs-ab at lists.openid.net<mailto:Openid-specs-ab at lists.openid.net>
https://lists.openid.net/mailman/listinfo/openid-specs-ab<https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Flists.openid.net%2Fmailman%2Flistinfo%2Fopenid-specs-ab&data=05%7C01%7CKristina.Yasuda%40microsoft.com%7C2ebb96788524449590a908db22838563%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C638141721598189796%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C2000%7C%7C%7C&sdata=ZgavOEekPNHEHLsF%2FZEvyqTrlIwZ721hd%2B5YMyoqfuo%3D&reserved=0>
_______________________________________________
Openid-specs-ab mailing list
Openid-specs-ab at lists.openid.net<mailto:Openid-specs-ab at lists.openid.net>
https://lists.openid.net/mailman/listinfo/openid-specs-ab<https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Flists.openid.net%2Fmailman%2Flistinfo%2Fopenid-specs-ab&data=05%7C01%7CKristina.Yasuda%40microsoft.com%7C2ebb96788524449590a908db22838563%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C638141721598189796%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C2000%7C%7C%7C&sdata=ZgavOEekPNHEHLsF%2FZEvyqTrlIwZ721hd%2B5YMyoqfuo%3D&reserved=0>
_______________________________________________
Openid-specs-ab mailing list
Openid-specs-ab at lists.openid.net<mailto:Openid-specs-ab at lists.openid.net>
https://lists.openid.net/mailman/listinfo/openid-specs-ab<https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Flists.openid.net%2Fmailman%2Flistinfo%2Fopenid-specs-ab&data=05%7C01%7CKristina.Yasuda%40microsoft.com%7C2ebb96788524449590a908db22838563%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C638141721598189796%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C2000%7C%7C%7C&sdata=ZgavOEekPNHEHLsF%2FZEvyqTrlIwZ721hd%2B5YMyoqfuo%3D&reserved=0>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-ab/attachments/20230311/b9ae6ac8/attachment-0001.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image001.jpg
Type: image/jpeg
Size: 89609 bytes
Desc: image001.jpg
URL: <http://lists.openid.net/pipermail/openid-specs-ab/attachments/20230311/b9ae6ac8/attachment-0001.jpg>