Difference between revisions of "State Issued Identifier"

From MgmtWiki
Jump to: navigation, search
(Context)
(Finland)
 
Line 13: Line 13:
  
 
The selective disclosure model of Finnish ID system is quite simple:
 
The selective disclosure model of Finnish ID system is quite simple:
 
+
* There's a relatively small number of claims.
- There's a relatively small number of claims.
+
* Each claim is issued in a separate credential.
- Each claim is issued in a separate credential.
+
* A relying party can request specific claims by using scope or claims parameter.
- A relying party can request specific claims by using scope or claims parameter.
+
* Resulting vp_token contains one or more credentials with the requested claims.
- Resulting vp_token contains one or more credentials with the requested claims.
+
* The wallet app can refresh credentials so that claims such as age_over_18 have valid information.
- The wallet app can refresh credentials so that claims such as age_over_18 have valid information.
 
  
 
Link to more detailed information https://wiki.dvv.fi/display/DHHJD/SIOPv2+POC+-+Guide+for+Relying+Parties  
 
Link to more detailed information https://wiki.dvv.fi/display/DHHJD/SIOPv2+POC+-+Guide+for+Relying+Parties  
  
Petteri
+
Tirsteb It seems from the example the holder binding uses did:web. Are the different credentials bound to the same DID? best regards,Tor
From: Openid-specs-ab <openid-specs-ab-bounces@lists.openid.net> on behalf of Nat Sakimura via Openid-specs-ab <openid-specs-ab@lists.openid.net>
 
Sent: Friday, September 23, 2022 11:36
 
To: Artifact Binding/Connect Working Group <openid-specs-ab@lists.openid.net>
 
Cc: Nat Sakimura <nat@nat.consulting>
 
Subject: Re: [Openid-specs-ab] SIOP Special Topic Call Notes 22-Sep-22
 
 
...
 
 
 
[Message clipped]  View entire message
 
 
 
Torsten Lodderstedt via Openid-specs-ab
 
Mon, Sep 26, 9:25 AM (1 day ago)
 
Hi Petteri, thanks for sharing! It seems from the example the holder binding uses did:web. Are the different credentials bound to the same DID? best regards,Tor
 
 
 
Petteri Stenius via Openid-specs-ab
 
Mon, Sep 26, 11:59 AM (1 day ago)
 
to Petteri, Torsten, Artifact
 
 
 
Yes, the subject value of the different credentials is the same. The subject is also the holder and the vp_token is signed by the subject.
 
  
Petteri
+
Petteri Stenius. Yes, the subject value of the different credentials is the same. The subject is also the holder and the vp_token is signed by the subject.
From: Torsten Lodderstedt <torsten@lodderstedt.net>
 
Sent: Monday, September 26, 2022 19:23
 
To: Artifact Binding/Connect Working Group <openid-specs-ab@lists.openid.net>
 
Cc: Petteri Stenius <Petteri.Stenius@ubisecure.com>
 
  
  

Latest revision as of 14:21, 27 September 2022

Full Title or Meme

This is documentation of some of the more common modes of State Issued Identifiers.

Context

The most common forms (which have their own wiki pages) in the Western World are:

  1. EID
  2. Mobile Driver's License

Other places are infamous for creating internal passports which are typically used in states with apparthite modes of social control.

Examples

Finland

The selective disclosure model of Finnish ID system is quite simple:

  • There's a relatively small number of claims.
  • Each claim is issued in a separate credential.
  • A relying party can request specific claims by using scope or claims parameter.
  • Resulting vp_token contains one or more credentials with the requested claims.
  • The wallet app can refresh credentials so that claims such as age_over_18 have valid information.

Link to more detailed information https://wiki.dvv.fi/display/DHHJD/SIOPv2+POC+-+Guide+for+Relying+Parties

Tirsteb It seems from the example the holder binding uses did:web. Are the different credentials bound to the same DID? best regards,Tor

Petteri Stenius. Yes, the subject value of the different credentials is the same. The subject is also the holder and the vp_token is signed by the subject.


David Chadwick via Openid-specs-ab 12:50 AM (14 hours ago) How do you address the issue of peer to peer IDs? Do you only use the set of atomic VCs once and get a new set after the first set has been selectively disclose

Kristina Yasuda via Openid-specs-ab 11:42 AM (3 hours ago) to Kristina, Artifact

Hi Petteri,

Why do you need JSON-LD for selective disclosure if you are doing atomic credentials?

In other words, “- Each claim is issued in a separate credential.” Why does this has to be JSON-LD and not JSON serialized?

References