<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
</head>
<body>
<p>I think the latter included the former. If the RP can
differentiate between user1 with wallet1 and user2 with wallet2
from a different provider, then the requirement has not been
fulfilled. That is my interpretation. So the RP should not be able
to distinguish between requests from<br>
</p>
<p>user1 with wallet1</p>
<p>user1 with wallet2</p>
<p>user2 with wallet1</p>
<p>user2 with wallet2</p>
<p>They should all look like different requests from different users
to the RP. This is how the original SAML worked before persistent
IDs were introduced. Personally I think it is a superb privacy
protecting feature, and its what we have implemented in our
product.<br>
</p>
<p>Kind regards</p>
<p>David<br>
</p>
<div class="moz-cite-prefix">On 10/06/2022 07:53, Kristina Yasuda
via Openid-specs-ab wrote:<br>
</div>
<blockquote type="cite"
cite="mid:BYAPR00MB088712E3E8D0CB25CDDEC455E5A69@BYAPR00MB0887.namprd00.prod.outlook.com">
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<div dir="ltr">
<div>
<div dir="ltr">Thank you, David.</div>
<div dir="ltr"><br>
</div>
<div dir="ltr">+1 to Torsten’s question and interpretation
that the text refers to verifier not being able to
differentiate two different wallet instances and use that to
identify a unique<span style="font-size: inherit;"> user.</span></div>
<div dir="ltr"><br>
</div>
</div>
<div id="mail-editor-reference-message-container"
class="ms-outlook-mobile-reference-message">
<hr style="display:inline-block;width:98%" tabindex="-1">
<div id="divRplyFwdMsg" dir="ltr"><font face="Calibri,
sans-serif"><b>From:</b> Openid-specs-ab
<a class="moz-txt-link-rfc2396E" href="mailto:openid-specs-ab-bounces@lists.openid.net"><openid-specs-ab-bounces@lists.openid.net></a> on behalf
of Torsten Lodderstedt via Openid-specs-ab
<a class="moz-txt-link-rfc2396E" href="mailto:openid-specs-ab@lists.openid.net"><openid-specs-ab@lists.openid.net></a><br>
<b>Sent:</b> Thursday, June 9, 2022 12:06 PM<br>
<b>To:</b> Artifact Binding/Connect Working Group<br>
<b>Cc:</b> Torsten Lodderstedt<br>
<b>Subject:</b> Re: [Openid-specs-ab] SIOP call
2022-June-9
<div> </div>
</font></div>
Thanks for sharing.
<div class=""><br class="">
</div>
<div class="">I would like to understand whether "two
certified EUDI Wallets“ in this statement refer to two
different implementations/service providers or just two
different instances for different users. I assume the later
since the former does not have privacy implications.</div>
<div class=""><br class="">
</div>
<div class="">best regards,</div>
<div class="">Torsten. <br class="">
<div><br class="">
<blockquote type="cite" class="">
<div class="">Am 09.06.2022 um 20:36 schrieb David
Chadwick via Openid-specs-ab <<a
href="mailto:openid-specs-ab@lists.openid.net"
class="moz-txt-link-freetext" moz-do-not-send="true">openid-specs-ab@lists.openid.net</a>>:</div>
<br class="Apple-interchange-newline">
<div class="">
<div class="">
<p class="">During today's call I asserted that the
EU Digital Identity Wallet should be able to prove
to an RP that it is certified without revealing
its identity or who the software provider is. I
was asked to find a reference to this. It is on
page 26 of "European Digital Identity Architecture
and Reference Framework" available here:
<br class="">
</p>
<p class=""><a class="moz-txt-link-freetext"
href="https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fcloud.eid.as%2Findex.php%2Fs%2FDQ5aRjyzJDNKXpW&data=05%7C01%7CKristina.Yasuda%40microsoft.com%7Cdde2e2735d554c67888308da4a4af495%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637903984091677249%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C2000%7C%7C%7C&sdata=AXMbHKj5%2FQ1fHgTGQIhlzNuwaqUTdHxyYNad%2BMHlp2o%3D&reserved=0"
originalsrc="https://cloud.eid.as/index.php/s/DQ5aRjyzJDNKXpW"
shash="E53rDx/Yn3rFWDcmKW/GwvdQ2oGP0eiBuStjRDCOjMD34a1vdDDZ+msQqL3SjKbAjlaN/u65RaDWdoWcSjI2NkjqTJTgwma3C3HKLvoKII/xqr7Ri9BEs74q2XPmMeFsWA0XGezo87mcVgt8jHBSpK5dV7WZPW/f+6t1d8ZYo7s="
moz-do-not-send="true">https://cloud.eid.as/index.php/s/DQ5aRjyzJDNKXpW</a><br
class="">
</p>
<p class="">Here is the relevant text</p>
<p class="">"In addition, the mechanism for relying
parties to verify whether a EUDI Wallet used is
genuine and certified, shall not enable the
relying party to distinguish between two certified
EUDI Wallets, in order to preserve the privacy of
the user when performing pseudonymous
authentication." <br class="">
</p>
<p class="">This could be implemented using
traditional asymmetric crypto, in which each EUDI
wallet is issued its own VC, stating that it is a
certified wallet, issued by the EUDI certification
authority, in which the subject ID is the public
key of the wallet. There would be no information
to indicate who the wallet provider is, or who the
wallet holder is. However, this certificate, if
long lived, would then be a correlating handle, so
by issuing transient short lived VCs to the wallet
each time an RP requires assurance, the public key
would change every time thereby removing the
ability to correlate the certifying VCs.<br
class="">
</p>
<p class="">Kind regards</p>
<p class="">David<br class="">
</p>
<span role="presentation" dir="ltr" class="" style="padding:0px; margin:0px; white-space:pre; font-style:normal; font-variant-ligatures:normal; font-variant-caps:normal; font-weight:400; letter-spacing:normal; orphans:2; text-align:start; text-indent:0px; text-transform:none; widows:2; word-spacing:0px; background-color:rgb(255,255,255); left:120.04px; top:565.163px; font-size:18.4px; font-family:sans-serif">In
addition,</span><span role="presentation" dir="ltr" class="" style="padding:0px; margin:0px; white-space:pre; font-style:normal; font-variant-ligatures:normal; font-variant-caps:normal; font-weight:400; letter-spacing:normal; orphans:2; text-align:start; text-indent:0px; text-transform:none; widows:2; word-spacing:0px; background-color:rgb(255,255,255); left:208.01px; top:565.163px; font-size:18.4px; font-family:sans-serif">
</span><span role="presentation" dir="ltr" class="" style="padding:0px; margin:0px; white-space:pre; font-style:normal; font-variant-ligatures:normal; font-variant-caps:normal; font-weight:400; letter-spacing:normal; orphans:2; text-align:start; text-indent:0px; text-transform:none; widows:2; word-spacing:0px; background-color:rgb(255,255,255); left:215.233px; top:565.163px; font-size:18.4px; font-family:sans-serif">the
mechanism for</span><span role="presentation" dir="ltr" class="" style="padding:0px; margin:0px; white-space:pre; font-style:normal; font-variant-ligatures:normal; font-variant-caps:normal; font-weight:400; letter-spacing:normal; orphans:2; text-align:start; text-indent:0px; text-transform:none; widows:2; word-spacing:0px; background-color:rgb(255,255,255); left:361.955px; top:565.163px; font-size:18.4px; font-family:sans-serif">
</span><span role="presentation" dir="ltr" class="" style="padding:0px; margin:0px; white-space:pre; font-style:normal; font-variant-ligatures:normal; font-variant-caps:normal; font-weight:400; letter-spacing:normal; orphans:2; text-align:start; text-indent:0px; text-transform:none; widows:2; word-spacing:0px; background-color:rgb(255,255,255); left:369.083px; top:565.163px; font-size:18.4px; font-family:sans-serif">relying
parties</span><span role="presentation" dir="ltr" class="" style="padding:0px; margin:0px; white-space:pre; font-style:normal; font-variant-ligatures:normal; font-variant-caps:normal; font-weight:400; letter-spacing:normal; orphans:2; text-align:start; text-indent:0px; text-transform:none; widows:2; word-spacing:0px; background-color:rgb(255,255,255); left:478.214px; top:565.163px; font-size:18.4px; font-family:sans-serif">
</span><span role="presentation" dir="ltr" class="" style="padding:0px; margin:0px; white-space:pre; font-style:normal; font-variant-ligatures:normal; font-variant-caps:normal; font-weight:400; letter-spacing:normal; orphans:2; text-align:start; text-indent:0px; text-transform:none; widows:2; word-spacing:0px; background-color:rgb(255,255,255); left:485.483px; top:565.163px; font-size:18.4px; font-family:sans-serif">to
verify whether</span><span role="presentation" dir="ltr" class="" style="padding:0px; margin:0px; white-space:pre; font-style:normal; font-variant-ligatures:normal; font-variant-caps:normal; font-weight:400; letter-spacing:normal; orphans:2; text-align:start; text-indent:0px; text-transform:none; widows:2; word-spacing:0px; background-color:rgb(255,255,255); left:620.797px; top:565.163px; font-size:18.4px; font-family:sans-serif">
</span><span role="presentation" dir="ltr" class="" style="padding:0px; margin:0px; white-space:pre; font-style:normal; font-variant-ligatures:normal; font-variant-caps:normal; font-weight:400; letter-spacing:normal; orphans:2; text-align:start; text-indent:0px; text-transform:none; widows:2; word-spacing:0px; background-color:rgb(255,255,255); left:628.117px; top:565.163px; font-size:18.4px; font-family:sans-serif">a</span><span role="presentation" dir="ltr" class="" style="padding:0px; margin:0px; white-space:pre; font-style:normal; font-variant-ligatures:normal; font-variant-caps:normal; font-weight:400; letter-spacing:normal; orphans:2; text-align:start; text-indent:0px; text-transform:none; widows:2; word-spacing:0px; background-color:rgb(255,255,255); left:636.93px; top:565.163px; font-size:18.4px; font-family:sans-serif">
</span><span role="presentation" dir="ltr" class="" style="padding:0px; margin:0px; white-space:pre; font-style:normal; font-variant-ligatures:normal; font-variant-caps:normal; font-weight:400; letter-spacing:normal; orphans:2; text-align:start; text-indent:0px; text-transform:none; widows:2; word-spacing:0px; background-color:rgb(255,255,255); left:644.117px; top:565.163px; font-size:18.4px; font-family:sans-serif">EUDI
W</span><span role="presentation" dir="ltr" class="" style="padding:0px; margin:0px; white-space:pre; font-style:normal; font-variant-ligatures:normal; font-variant-caps:normal; font-weight:400; letter-spacing:normal; orphans:2; text-align:start; text-indent:0px; text-transform:none; widows:2; word-spacing:0px; background-color:rgb(255,255,255); left:704.117px; top:565.163px; font-size:18.4px; font-family:sans-serif">allet
used is genuine and</span><br role="presentation" class="" style="padding:0px; margin:0px; white-space:pre; font-family:Arial; font-size:16px; font-style:normal; font-variant-ligatures:normal; font-variant-caps:normal; font-weight:400; letter-spacing:normal; orphans:2; text-align:start; text-indent:0px; text-transform:none; widows:2; word-spacing:0px; background-color:rgb(255,255,255)">
<p class=""><span role="presentation" dir="ltr" class="" style="padding:0px; margin:0px; white-space:pre; font-style:normal; font-variant-ligatures:normal; font-variant-caps:normal; font-weight:400; letter-spacing:normal; orphans:2; text-align:start; text-indent:0px; text-transform:none; widows:2; word-spacing:0px; background-color:rgb(255,255,255); left:120.04px; top:590.763px; font-size:18.4px; font-family:sans-serif">certifie</span><span role="presentation" dir="ltr" class="" style="padding:0px; margin:0px; white-space:pre; font-style:normal; font-variant-ligatures:normal; font-variant-caps:normal; font-weight:400; letter-spacing:normal; orphans:2; text-align:start; text-indent:0px; text-transform:none; widows:2; word-spacing:0px; background-color:rgb(255,255,255); left:172.833px; top:590.763px; font-size:18.4px; font-family:sans-serif">d</span><span role="presentation" dir="ltr" class="" style="padding:0px; margin:0px; white-space:pre; font-style:normal; font-variant-ligatures:normal; font-variant-caps:normal; font-weight:400; letter-spacing:normal; orphans:2; text-align:start; text-indent:0px; text-transform:none; widows:2; word-spacing:0px; background-color:rgb(255,255,255); left:182.433px; top:590.763px; font-size:18.4px; font-family:sans-serif">,</span><span role="presentation" dir="ltr" class="" style="padding:0px; margin:0px; white-space:pre; font-style:normal; font-variant-ligatures:normal; font-variant-caps:normal; font-weight:400; letter-spacing:normal; orphans:2; text-align:start; text-indent:0px; text-transform:none; widows:2; word-spacing:0px; background-color:rgb(255,255,255); left:187.033px; top:590.763px; font-size:18.4px; font-family:sans-serif">
</span><span role="presentation" dir="ltr" class="" style="padding:0px; margin:0px; white-space:pre; font-style:normal; font-variant-ligatures:normal; font-variant-caps:normal; font-weight:400; letter-spacing:normal; orphans:2; text-align:start; text-indent:0px; text-transform:none; widows:2; word-spacing:0px; background-color:rgb(255,255,255); left:191.033px; top:590.763px; font-size:18.4px; font-family:sans-serif">shall</span><span role="presentation" dir="ltr" class="" style="padding:0px; margin:0px; white-space:pre; font-style:normal; font-variant-ligatures:normal; font-variant-caps:normal; font-weight:400; letter-spacing:normal; orphans:2; text-align:start; text-indent:0px; text-transform:none; widows:2; word-spacing:0px; background-color:rgb(255,255,255); left:226.325px; top:590.763px; font-size:18.4px; font-family:sans-serif">
</span><span role="presentation" dir="ltr" class="" style="padding:0px; margin:0px; white-space:pre; font-style:normal; font-variant-ligatures:normal; font-variant-caps:normal; font-weight:400; letter-spacing:normal; orphans:2; text-align:start; text-indent:0px; text-transform:none; widows:2; word-spacing:0px; background-color:rgb(255,255,255); left:230.433px; top:590.763px; font-size:18.4px; font-family:sans-serif">not
enable the relying party to distinguish between two certified</span><span role="presentation" dir="ltr" class="" style="padding:0px; margin:0px; white-space:pre; font-style:normal; font-variant-ligatures:normal; font-variant-caps:normal; font-weight:400; letter-spacing:normal; orphans:2; text-align:start; text-indent:0px; text-transform:none; widows:2; word-spacing:0px; background-color:rgb(255,255,255); left:711.391px; top:590.763px; font-size:18.4px; font-family:sans-serif">
</span><span role="presentation" dir="ltr" class="" style="padding:0px; margin:0px; white-space:pre; font-style:normal; font-variant-ligatures:normal; font-variant-caps:normal; font-weight:400; letter-spacing:normal; orphans:2; text-align:start; text-indent:0px; text-transform:none; widows:2; word-spacing:0px; background-color:rgb(255,255,255); left:715.717px; top:590.763px; font-size:18.4px; font-family:sans-serif">EUDI
W</span><span role="presentation" dir="ltr" class="" style="padding:0px; margin:0px; white-space:pre; font-style:normal; font-variant-ligatures:normal; font-variant-caps:normal; font-weight:400; letter-spacing:normal; orphans:2; text-align:start; text-indent:0px; text-transform:none; widows:2; word-spacing:0px; background-color:rgb(255,255,255); left:772.917px; top:590.763px; font-size:18.4px; font-family:sans-serif">allets,
in order to</span><br role="presentation" class="" style="padding:0px; margin:0px; white-space:pre; font-family:Arial; font-size:16px; font-style:normal; font-variant-ligatures:normal; font-variant-caps:normal; font-weight:400; letter-spacing:normal; orphans:2; text-align:start; text-indent:0px; text-transform:none; widows:2; word-spacing:0px; background-color:rgb(255,255,255)">
<span role="presentation" dir="ltr" class="" style="padding:0px; margin:0px; white-space:pre; font-style:normal; font-variant-ligatures:normal; font-variant-caps:normal; font-weight:400; letter-spacing:normal; orphans:2; text-align:start; text-indent:0px; text-transform:none; widows:2; word-spacing:0px; background-color:rgb(255,255,255); left:120.04px; top:616.563px; font-size:18.4px; font-family:sans-serif">preserve
the privacy of the user when performing pseudonymous authentication.</span><span role="presentation" dir="ltr" class="" style="padding:0px; margin:0px; white-space:pre; font-style:normal; font-variant-ligatures:normal; font-variant-caps:normal; font-weight:400; letter-spacing:normal; orphans:2; text-align:start; text-indent:0px; text-transform:none; widows:2; word-spacing:0px; background-color:rgb(255,255,255); left:726.651px; top:616.563px; font-size:18.4px; font-family:sans-serif">
</span></p>
</div>
_______________________________________________<br
class="">
Openid-specs-ab mailing list<br class="">
<a href="mailto:Openid-specs-ab@lists.openid.net"
class="moz-txt-link-freetext" moz-do-not-send="true">Openid-specs-ab@lists.openid.net</a><br
class="">
<a class="moz-txt-link-freetext" href="https://lists.openid.net/mailman/listinfo/openid-specs-ab">https://lists.openid.net/mailman/listinfo/openid-specs-ab</a><br class="">
</div>
</blockquote>
</div>
<br class="">
</div>
</div>
</div>
<br>
<fieldset class="moz-mime-attachment-header"></fieldset>
<pre class="moz-quote-pre" wrap="">_______________________________________________
Openid-specs-ab mailing list
<a class="moz-txt-link-abbreviated" href="mailto:Openid-specs-ab@lists.openid.net">Openid-specs-ab@lists.openid.net</a>
<a class="moz-txt-link-freetext" href="https://lists.openid.net/mailman/listinfo/openid-specs-ab">https://lists.openid.net/mailman/listinfo/openid-specs-ab</a>
</pre>
</blockquote>
</body>
</html>