Difference between revisions of "Proof of Presence"
(→References) |
(→Context) |
||
| Line 8: | Line 8: | ||
is there anybody out there with any examples, or even any plans, to convert a verifiable credential into a verifiable presentation that includes online proof of presence of the subject of the vp? | is there anybody out there with any examples, or even any plans, to convert a verifiable credential into a verifiable presentation that includes online proof of presence of the subject of the vp? | ||
| − | Orie Steele (Transmute) 5:46 AM @Tom Jones I did some work on biometric verifiable presentations a while ago | + | Orie Steele (Transmute) 5:46 AM @Tom Jones I did some work on biometric verifiable presentations a while ago. I used [https://www.bioid.com/ BioID] Face Recognition & Liveness Detection Software. BioID provides software-based biometric authentication with presentation attack detection using face recognition and liveness detection. Most likely you would make a presentation that included a short lived liveness credential and the other credential you cared about like VP: [DriversLicense, BiometricLivenessCheck] |
| − | |||
| − | I used [https://www.bioid.com/ BioID] Face Recognition & Liveness Detection Software. BioID provides software-based biometric authentication with presentation attack detection using face recognition and liveness detection. | ||
| − | |||
| − | |||
Tom Jones 7:42 AM | Tom Jones 7:42 AM | ||
Revision as of 12:38, 22 January 2021
Full Title
Proof of Presence of user and app: Proposed work item pending funding.
Context
is there anybody out there with any examples, or even any plans, to convert a verifiable credential into a verifiable presentation that includes online proof of presence of the subject of the vp?
Orie Steele (Transmute) 5:46 AM @Tom Jones I did some work on biometric verifiable presentations a while ago. I used BioID Face Recognition & Liveness Detection Software. BioID provides software-based biometric authentication with presentation attack detection using face recognition and liveness detection. Most likely you would make a presentation that included a short lived liveness credential and the other credential you cared about like VP: [DriversLicense, BiometricLivenessCheck]
Tom Jones 7:42 AM @Orie Steele (Transmute) thanks - I guess you are saying that some other element in the phone must be trusted to create creds.
Stephen Curran (Cloud Compass) 7:55 AM I think that's a great use case and it would be good to make that possible. But you've nailed it that for such a credential to work, there has to be an element on the phone that is a "trusted" issuer -- something that the verifier can trust. In theory an open source, signed wallet might be able to do that, I suspect it will need to be at the phone OS level. But I don't have any expertise on that and would love to know what others think.
there are two ways to get a trusted signer on the phone.
- register an app that is trusted. If that is the method the easiest way is to register the actual instance of the wallet itself to the user.
- depend on the trusted element in the phone to boot up an assurance element - the TPM code in the TEE could do that, but it depends on a trusted server in the could. All of these depend on a web of trust that is not based on any human intervention. Not sure what the rWOT guys think about that? (nb this could be accomplished with a webauthn token like that from Yubikey) (edited)
References
- A related problem is described in the Over 21 with Proof of Presence Use Case.
