Difference between revisions of "Credential Aggregation"

From MgmtWiki
Jump to: navigation, search
(Context)
(Problems)
Line 23: Line 23:
 
* In the real world only a few sites ask to make copies of your credentials and collect more data than they need in the process.
 
* In the real world only a few sites ask to make copies of your credentials and collect more data than they need in the process.
 
* In the digital world collecting the full credential exposes the user to signification loss of [[Privacy]].
 
* In the digital world collecting the full credential exposes the user to signification loss of [[Privacy]].
 +
* Many issuers of credentials are very specific about which wallet can be used to store their credential with adequate security.
 +
* Other credentials, like the [[Smart Health Card]] (shc:) are completely independent of the wallet and are accepted by existing [[Smartphone]]s. In some cases the shc is stored in a health app rather than in the wallet.
  
 
==Solutions==
 
==Solutions==

Revision as of 12:56, 24 November 2021

Full Title or Meme

In the real-world a person is likely to need to produce more than one certificate from the wallet to get access to high value locations. This use case looks at how that effort might be addressed when Credentials are held in digital format.

Context

  • To reify this abstract concept we will use a Smartphone to digitize John's common practice of actually using his gym membership. The following credentials are displayed to the desk attendant today.
  1. Gym membership card - typically will include an expiration date.
  2. Driver's license - to provide a biometric image for verification.
  3. Smart Health Card - to prove vaccination or current testing.

Principles

  • The user will provide no data that is not required for the purpose desired for this access.

Taxonomy

Problems

  • In the real world only a few sites ask to make copies of your credentials and collect more data than they need in the process.
  • In the digital world collecting the full credential exposes the user to signification loss of Privacy.
  • Many issuers of credentials are very specific about which wallet can be used to store their credential with adequate security.
  • Other credentials, like the Smart Health Card (shc:) are completely independent of the wallet and are accepted by existing Smartphones. In some cases the shc is stored in a health app rather than in the wallet.

Solutions

  • As a general rule the user's entire credential data contents should not be passed to any Relying Party whether in-person or on-line.

References