Difference between revisions of "Credential Aggregation"
From MgmtWiki
(→Context) |
(→Context) |
||
| Line 6: | Line 6: | ||
# Gym membership card - typically will include an expiration date. | # Gym membership card - typically will include an expiration date. | ||
# Driver's license - to provide a biometric image for verification. | # Driver's license - to provide a biometric image for verification. | ||
| − | # | + | # Smart Health Card - to prove vaccination or current testing. |
===Principles=== | ===Principles=== | ||
| Line 12: | Line 12: | ||
===Taxonomy=== | ===Taxonomy=== | ||
| − | * [[Credential]] | + | * [[Credential]] is a collection of user attributes attested by the issuer.* |
| − | * [[Digital Presentation]] | + | * [[Attribute]] or [[Identifier]] are terms used in [[Identifier Management]] for [[Authentication]] information. |
| + | * Data element can represent an attribute, identifier or details of the digital world. | ||
| + | * [[Claim]] as defined in NIST or SAML publication is just a statement the user makes about themselves. Sometimes this is confused with attribute. | ||
| + | * [[Verified]] can applied to [[Credential]]s, [[Presentation]]s or [[Attribute]]s. | ||
| + | * [[Digital Presentation]] is a data minimized collection of user attributes from one or more credentials. | ||
* [[User Experience]] or presentation of options to the user for their consent. | * [[User Experience]] or presentation of options to the user for their consent. | ||
Revision as of 13:41, 24 November 2021
Contents
Full Title or Meme
In the real-world a person is likely to need to produce more than one certificate from the wallet to get access to high value locations. This use case looks at how that effort might be addressed when Credentials are held in digital format.
Context
- To reify this abstract concept we will use a Smartphone to digitize John's common practice of actually using his gym membership. The following credentials are displayed to the desk attendant today.
- Gym membership card - typically will include an expiration date.
- Driver's license - to provide a biometric image for verification.
- Smart Health Card - to prove vaccination or current testing.
Principles
- The user will provide no data that is not required for the purpose desired for this access.
Taxonomy
- Credential is a collection of user attributes attested by the issuer.*
- Attribute or Identifier are terms used in Identifier Management for Authentication information.
- Data element can represent an attribute, identifier or details of the digital world.
- Claim as defined in NIST or SAML publication is just a statement the user makes about themselves. Sometimes this is confused with attribute.
- Verified can applied to Credentials, Presentations or Attributes.
- Digital Presentation is a data minimized collection of user attributes from one or more credentials.
- User Experience or presentation of options to the user for their consent.
Problems
- In the real world only a few sites ask to make copies of your credentials and collect more data than they need in the process.
- In the digital world collecting the full credential exposes the user to signification loss of Privacy.
Solutions
- As a general rule the user's entire credential data contents should not be passed to any Relying Party whether in-person or on-line.
