Difference between revisions of "State Issued Identifier"
(→Context) |
(→Finland) |
||
| Line 13: | Line 13: | ||
The selective disclosure model of Finnish ID system is quite simple: | The selective disclosure model of Finnish ID system is quite simple: | ||
| − | + | * There's a relatively small number of claims. | |
| − | + | * Each claim is issued in a separate credential. | |
| − | + | * A relying party can request specific claims by using scope or claims parameter. | |
| − | + | * Resulting vp_token contains one or more credentials with the requested claims. | |
| − | + | * The wallet app can refresh credentials so that claims such as age_over_18 have valid information. | |
| − | |||
Link to more detailed information https://wiki.dvv.fi/display/DHHJD/SIOPv2+POC+-+Guide+for+Relying+Parties | Link to more detailed information https://wiki.dvv.fi/display/DHHJD/SIOPv2+POC+-+Guide+for+Relying+Parties | ||
| − | + | Tirsteb It seems from the example the holder binding uses did:web. Are the different credentials bound to the same DID? best regards,Tor | |
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | Petteri | + | Petteri Stenius. Yes, the subject value of the different credentials is the same. The subject is also the holder and the vp_token is signed by the subject. |
| − | |||
| − | |||
| − | |||
| − | |||
Revision as of 15:21, 27 September 2022
Full Title or Meme
This is documentation of some of the more common modes of State Issued Identifiers.
Context
The most common forms (which have their own wiki pages) in the Western World are:
Other places are infamous for creating internal passports which are typically used in states with apparthite modes of social control.
Examples
Finland
The selective disclosure model of Finnish ID system is quite simple:
- There's a relatively small number of claims.
- Each claim is issued in a separate credential.
- A relying party can request specific claims by using scope or claims parameter.
- Resulting vp_token contains one or more credentials with the requested claims.
- The wallet app can refresh credentials so that claims such as age_over_18 have valid information.
Link to more detailed information https://wiki.dvv.fi/display/DHHJD/SIOPv2+POC+-+Guide+for+Relying+Parties
Tirsteb It seems from the example the holder binding uses did:web. Are the different credentials bound to the same DID? best regards,Tor
Petteri Stenius. Yes, the subject value of the different credentials is the same. The subject is also the holder and the vp_token is signed by the subject.
David Chadwick via Openid-specs-ab
12:50 AM (14 hours ago)
How do you address the issue of peer to peer IDs? Do you only use the set of atomic VCs once and get a new set after the first set has been selectively disclose
Kristina Yasuda via Openid-specs-ab 11:42 AM (3 hours ago) to Kristina, Artifact
Hi Petteri,
Why do you need JSON-LD for selective disclosure if you are doing atomic credentials?
In other words, “- Each claim is issued in a separate credential.” Why does this has to be JSON-LD and not JSON serialized?
