Difference between revisions of "Self-issued Trust"
From MgmtWiki
(→Participants) |
(→Trust Relationshipts) |
||
Line 19: | Line 19: | ||
#The user trusts the SIOP to faithfully present user intent to the RP. | #The user trusts the SIOP to faithfully present user intent to the RP. | ||
#The RP trusts the SIOP to assist in the user authentication process (including user secrets and possibly user liveness.) | #The RP trusts the SIOP to assist in the user authentication process (including user secrets and possibly user liveness.) | ||
− | # Once a | + | # The users trusts the TTP (aka claims provider) to avoid releasing any information about them. |
+ | # The RP trusts the TTP to validate claims (offline proofs preferred over online verification of current state. Currently a huge debate within mDL/eID efforts.) | ||
+ | # Once a relationship is established the user trusts the VRM (chooser) to provide "refresh tokens" to quickly re-establish trust. | ||
==References== | ==References== | ||
[[Category: Trust]] | [[Category: Trust]] |
Revision as of 06:46, 1 July 2021
Contents
Full Title or Meme
The core concept of Self-issued Identifiers is that the user can establish a trust relationship with a Relying Party (PR) that does not permit sharing of any part of that relationship with a Trusted Third Party.
Context
Participants
- User
- Relying Party
- Trusted Third Party (that is kept ignorant of any association between the user and the RP)
- User Agent (aka SIOP wallet)
- Vendor Relationship Manager (aka Self-issued OpenID Picker, only needed if the user has more than one wallet)
Problem
This entire concept is technically difficult (if not impossible) to pull off.
Trust Relationshipts
- The user trusts the RP to be telling the truth about its intent to honor the user's intentions wrt the user's data.
- The user trusts the SIOP to be fairly representing the RP.
- The user trusts the SIOP to protect the user's secrets (private keys and other credentials.)
- The user trusts the SIOP to faithfully present user intent to the RP.
- The RP trusts the SIOP to assist in the user authentication process (including user secrets and possibly user liveness.)
- The users trusts the TTP (aka claims provider) to avoid releasing any information about them.
- The RP trusts the TTP to validate claims (offline proofs preferred over online verification of current state. Currently a huge debate within mDL/eID efforts.)
- Once a relationship is established the user trusts the VRM (chooser) to provide "refresh tokens" to quickly re-establish trust.