[Openid-specs-digital-credentials-protocols] [SIOP/DCP WG] special topic call on OID4VP advanced flow PR #52

Giuseppe De Marco demarcog83 at gmail.com
Tue Oct 24 22:40:04 UTC 2023 

This Is an example wallet instance with wallet protocol specific
capabilities in It

The sub value is a thumbprint value of the cnf.jwk or It may be equal to iss

There's nothing to be configured by users

I'm not fond of my ideas, I develop solutions and I see the potential and
convenience of certain choices. Let's do it together

{
  "alg": "ES256",
  "kid": "5t5YYpBhN-EgIEEI5iUzr6r0MR02LnVQ0OmekmNKcjY",
  "trust_chain": [
    "eyJhbGciOiJFUz...6S0A",
    "eyJhbGciOiJFUz...jJLA",
    "eyJhbGciOiJFUz...H9gw",
  ],
  "typ": "wallet-attestation+jwt",
}
.
{
  "iss": "https://wallet-provider.example.org",
  "sub": "vbeXJksM45xphtANnCiG6mCyuU4jfGNzopGuKvogg9c",
  "attested_security_context": "
https://wallet-provider.example.org/LoA/basic",
  "cnf":
  {
    "jwk":
    {
      "crv": "P-256",
      "kty": "EC",
      "x": "4HNptI-xr2pjyRJKGMnz4WmdnQD_uJSq4R95Nj98b44",
      "y": "LIZnSB39vFJhYgS3k7jXE4r3-CoGFQwZtPBIRqpNlrg",
      "kid": "vbeXJksM45xphtANnCiG6mCyuU4jfGNzopGuKvogg9c"
    }
  },
  "authorization_endpoint": "eudiw:",
  "response_types_supported": [
    "vp_token"
  ],
  "response_modes_supported": [
    "form_post.jwt"
  ],
  "vp_formats_supported": {
    "jwt_vp_json": {
      "alg_values_supported": ["ES256"]
    },
    "jwt_vc_json": {
      "alg_values_supported": ["ES256"]
    }
  },
  "request_object_signing_alg_values_supported": [
    "ES256"
  ],
  "presentation_definition_uri_supported": false,
  "iat": 1687281195,
  "exp": 1687288395
}

Il mar 24 ott 2023, 23:31 Tom Jones <thomasclinganjones at gmail.com> ha
scritto:

> I very much doubt that the wallet configurations will not be settable by
> the user.
> I very much doubt that a secure wallet attestation can be made without an
> instance id.
> I very much doubt that the collection of creds in a wallet will not
> identify the user to a high level of assurance.
> As I said, you are free to build to these specifications.
> I very much doubt that they would be acceptable to users.
>
> ..tom
>
>
> On Tue, Oct 24, 2023 at 2:25 PM Giuseppe De Marco <demarcog83 at gmail.com>
> wrote:
>
>> Wallet capabilities are not configured by user, they show information
>> about the wallet solution with some delta where devices needs (rare cases,
>> hopefully never)
>>
>> Wallet instance attestations are ephemeral
>>
>> Subject Is opaque or meaningless, cnf.jwk Is ephemeral, iat and exp too
>>
>> Me, rogue RP, how may track an user by the wia It presents?
>>
>> The hkb in the Digital credential must be different from the Key used for
>> wia hkb, different keys for different purposes
>>
>>
>>
>> Il mar 24 ott 2023, 23:18 Tom Jones <thomasclinganjones at gmail.com> ha
>> scritto:
>>
>>> You are conflating user information with user tracking. It has been
>>> shown that tracking a user device is all that is needed to track the user.
>>> You can listen now before you commit to these formats, or you can build the
>>> solutions and then have them rejected. Your call.
>>>
>>> thx ..Tom (mobile)
>>>
>>> On Tue, Oct 24, 2023, 2:07 PM Giuseppe De Marco <demarcog83 at gmail.com>
>>> wrote:
>>>
>>>> Hey Tom
>>>>
>>>> An ordinary web browser discloses more information that we may ever
>>>> imagine
>>>>
>>>> From my perspective an RP may know the wallet capabilities and should
>>>> know the wallet reliability. The first helps the interoperability when the
>>>> wallet ecosystem will grow, with future tecnologies and approaches.
>>>>
>>>> These information doesn't bring information about to the user.
>>>>
>>>> I think that attributes like key_type and user_authentication should
>>>> not be exposed, while an AAL value, properly defined in a security
>>>> assurance profile, is the way to go for a good privacy
>>>>
>>>>
>>>>
>>>> Il mar 24 ott 2023, 22:49 Tom Jones via
>>>> Openid-specs-digital-credentials-protocols <
>>>> openid-specs-digital-credentials-protocols at lists.openid.net> ha
>>>> scritto:
>>>>
>>>>> I am completely opposed to the very idea that the verifier can ask for
>>>>> any data about the configuration of an app installed by the user. It is an
>>>>> extremely useful means to track the user.
>>>>>
>>>>> The verifier should be limited to expressing a purpose and authority.
>>>>> No requests for anything that the user cannot understand!!
>>>>>
>>>>> thx ..Tom (mobile)
>>>>>
>>>>> On Tue, Oct 24, 2023, 1:30 PM Kristina Yasuda via
>>>>> Openid-specs-digital-credentials-protocols <
>>>>> openid-specs-digital-credentials-protocols at lists.openid.net> wrote:
>>>>>
>>>>>> Hi SIOP/DCP WG!
>>>>>>
>>>>>> Setting up a special topic call this week to discuss this PR:
>>>>>> https://github.com/openid/OpenID4VP/pull/52.
>>>>>>
>>>>>> Sorry it is a little last minute – we have been coordinating with
>>>>>> those who reviewed/requested changes to the PR (DavidC, Giuseppe, DanielF,
>>>>>> Gabe and Torsten).
>>>>>>
>>>>>> No pressure to join, we will report back in the main WG call.
>>>>>>
>>>>>> Thank you!
>>>>>>
>>>>>> Kristina
>>>>>>
>>>>>>
>>>>>>
>>>>>> ---
>>>>>>
>>>>>>  Kristina Yasuda (OIDF) is inviting you to a scheduled Zoom meeting.
>>>>>>
>>>>>> Join Zoom Meeting
>>>>>>
>>>>>> https://zoom.us/j/98883940545?pwd=KzlmYVdCanFmNEY3SExNOEI0Vng1UT09&from=addon
>>>>>>
>>>>>> Meeting ID: 988 8394 0545
>>>>>> Passcode: 114060
>>>>>>
>>>>>> ---
>>>>>>
>>>>>> One tap mobile
>>>>>> +12532158782,,98883940545# US (Tacoma)
>>>>>> +12532050468,,98883940545# US
>>>>>>
>>>>>> ---
>>>>>>
>>>>>> Dial by your location
>>>>>> • +1 253 215 8782 US (Tacoma)
>>>>>> • +1 253 205 0468 US
>>>>>> • +1 719 359 4580 US
>>>>>> • +1 346 248 7799 US (Houston)
>>>>>> • +1 669 444 9171 US
>>>>>> • +1 669 900 9128 US (San Jose)
>>>>>> • +1 507 473 4847 US
>>>>>> • +1 564 217 2000 US
>>>>>> • +1 646 558 8656 US (New York)
>>>>>> • +1 646 931 3860 US
>>>>>> • +1 689 278 1000 US
>>>>>> • +1 301 715 8592 US (Washington DC)
>>>>>> • +1 305 224 1968 US
>>>>>> • +1 309 205 3325 US
>>>>>> • +1 312 626 6799 US (Chicago)
>>>>>> • +1 360 209 5623 US
>>>>>> • +1 386 347 5053 US
>>>>>>
>>>>>> Meeting ID: 988 8394 0545
>>>>>>
>>>>>> Find your local number: https://zoom.us/u/acC5SB3rp
>>>>>> --
>>>>>> Openid-specs-digital-credentials-protocols mailing list
>>>>>> Openid-specs-digital-credentials-protocols at lists.openid.net
>>>>>>
>>>>>> https://lists.openid.net/mailman/listinfo/openid-specs-digital-credentials-protocols
>>>>>>
>>>>> --
>>>>> Openid-specs-digital-credentials-protocols mailing list
>>>>> Openid-specs-digital-credentials-protocols at lists.openid.net
>>>>>
>>>>> https://lists.openid.net/mailman/listinfo/openid-specs-digital-credentials-protocols
>>>>>
>>>>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-digital-credentials-protocols/attachments/20231025/c1283ef1/attachment.html>

More information about the Openid-specs-digital-credentials-protocols mailing list