Difference between revisions of "State Issued Identifier"

From MgmtWiki
Jump to: navigation, search
(Context)
(Context)
Line 7: Line 7:
 
# [[Mobile Driver's License]]
 
# [[Mobile Driver's License]]
 
Other places are infamous for creating internal passports which are typically used in states with apparthite modes of social control.
 
Other places are infamous for creating internal passports which are typically used in states with apparthite modes of social control.
 +
 +
==Examples==
 +
 +
===Finland===
 +
 +
The selective disclosure model of Finnish ID system is quite simple:
 +
 +
- There's a relatively small number of claims.
 +
- Each claim is issued in a separate credential.
 +
- A relying party can request specific claims by using scope or claims parameter.
 +
- Resulting vp_token contains one or more credentials with the requested claims.
 +
- The wallet app can refresh credentials so that claims such as age_over_18 have valid information.
 +
 +
Link to more detailed information https://wiki.dvv.fi/display/DHHJD/SIOPv2+POC+-+Guide+for+Relying+Parties
 +
 +
Petteri
 +
From: Openid-specs-ab <openid-specs-ab-bounces@lists.openid.net> on behalf of Nat Sakimura via Openid-specs-ab <openid-specs-ab@lists.openid.net>
 +
Sent: Friday, September 23, 2022 11:36
 +
To: Artifact Binding/Connect Working Group <openid-specs-ab@lists.openid.net>
 +
Cc: Nat Sakimura <nat@nat.consulting>
 +
Subject: Re: [Openid-specs-ab] SIOP Special Topic Call Notes 22-Sep-22
 +
 +
...
 +
 +
[Message clipped]  View entire message
 +
 +
Torsten Lodderstedt via Openid-specs-ab
 +
Mon, Sep 26, 9:25 AM (1 day ago)
 +
Hi Petteri, thanks for sharing! It seems from the example the holder binding uses did:web. Are the different credentials bound to the same DID? best regards,Tor
 +
 +
Petteri Stenius via Openid-specs-ab
 +
Mon, Sep 26, 11:59 AM (1 day ago)
 +
to Petteri, Torsten, Artifact
 +
 +
Yes, the subject value of the different credentials is the same. The subject is also the holder and the vp_token is signed by the subject.
 +
 +
Petteri
 +
From: Torsten Lodderstedt <torsten@lodderstedt.net>
 +
Sent: Monday, September 26, 2022 19:23
 +
To: Artifact Binding/Connect Working Group <openid-specs-ab@lists.openid.net>
 +
Cc: Petteri Stenius <Petteri.Stenius@ubisecure.com>
 +
 +
 +
David Chadwick via Openid-specs-ab
 +
12:50 AM (14 hours ago)
 +
How do you address the issue of peer to peer IDs? Do you only use the set of atomic VCs once and get a new set after the first set has been selectively disclose
 +
 +
Kristina Yasuda via Openid-specs-ab
 +
11:42 AM (3 hours ago)
 +
to Kristina, Artifact
 +
 +
Hi Petteri,
 +
 +
Why do you need JSON-LD for selective disclosure if you are doing atomic credentials?
 +
 +
In other words, “- Each claim is issued in a separate credential.” Why does this has to be JSON-LD and not JSON serialized?
  
 
==References==
 
==References==
  
 
* [[State Mandated Identification]]
 
* [[State Mandated Identification]]

Revision as of 14:18, 27 September 2022

Full Title or Meme

This is documentation of some of the more common modes of State Issued Identifiers.

Context

The most common forms (which have their own wiki pages) in the Western World are:

  1. EID
  2. Mobile Driver's License

Other places are infamous for creating internal passports which are typically used in states with apparthite modes of social control.

Examples

Finland

The selective disclosure model of Finnish ID system is quite simple:

- There's a relatively small number of claims. - Each claim is issued in a separate credential. - A relying party can request specific claims by using scope or claims parameter. - Resulting vp_token contains one or more credentials with the requested claims. - The wallet app can refresh credentials so that claims such as age_over_18 have valid information.

Link to more detailed information https://wiki.dvv.fi/display/DHHJD/SIOPv2+POC+-+Guide+for+Relying+Parties

Petteri From: Openid-specs-ab <openid-specs-ab-bounces@lists.openid.net> on behalf of Nat Sakimura via Openid-specs-ab <openid-specs-ab@lists.openid.net> Sent: Friday, September 23, 2022 11:36 To: Artifact Binding/Connect Working Group <openid-specs-ab@lists.openid.net> Cc: Nat Sakimura <nat@nat.consulting> Subject: Re: [Openid-specs-ab] SIOP Special Topic Call Notes 22-Sep-22

...

[Message clipped] View entire message

Torsten Lodderstedt via Openid-specs-ab Mon, Sep 26, 9:25 AM (1 day ago) Hi Petteri, thanks for sharing! It seems from the example the holder binding uses did:web. Are the different credentials bound to the same DID? best regards,Tor

Petteri Stenius via Openid-specs-ab Mon, Sep 26, 11:59 AM (1 day ago) to Petteri, Torsten, Artifact

Yes, the subject value of the different credentials is the same. The subject is also the holder and the vp_token is signed by the subject.

Petteri From: Torsten Lodderstedt <torsten@lodderstedt.net> Sent: Monday, September 26, 2022 19:23 To: Artifact Binding/Connect Working Group <openid-specs-ab@lists.openid.net> Cc: Petteri Stenius <Petteri.Stenius@ubisecure.com>


David Chadwick via Openid-specs-ab 12:50 AM (14 hours ago) How do you address the issue of peer to peer IDs? Do you only use the set of atomic VCs once and get a new set after the first set has been selectively disclose

Kristina Yasuda via Openid-specs-ab 11:42 AM (3 hours ago) to Kristina, Artifact

Hi Petteri,

Why do you need JSON-LD for selective disclosure if you are doing atomic credentials?

In other words, “- Each claim is issued in a separate credential.” Why does this has to be JSON-LD and not JSON serialized?

References