SlideShare une entreprise Scribd logo

OIDC4VP for AB/C WG

T
Torsten Lodderstedt

Presentation of OpenID Connect for W3C Credential Objects to the OpenID Connect/AB Working Group

Internet
1  sur  18
Télécharger pour lire hors ligne
OpenID Connect for W3C Verifiable Credential Objects AB/Connect Working Group Kristina Yasuda, Oliver Terbu, Torsten Lodderstedt, Adam Lemmon, Tobias Looker
Scope - Support request and presentation of W3C Verifiable Credentials in all OpenID Connect Flows (SIOP, code, CIBA, …)
Out of Scope ● Data models for verifiable credentials or presentations ● Validation of verifiable presentations/credentials
Need - DIDComm is complex and lacks interoperability - OIDC is seen by a lot of people as a candidate for a simple and interoperable integration layer - Projects now either use DIF DID-SIOP, which is incomplete, or OIDC Core SIOP ch. 7, which is too generic. A more specific standard is required - Due to the lack of a clear standard, different projects implement different variants of the DID SIOP - Demand for standard to request and provide W3C Verifiable Presentations via OIDC
Goal - Make OIDC the first choice for anyone wanting to obtain and/or provide W3C Verifiable Presentations
Value - Provide interoperability between existing and new OpenID Connect deployments that use W3C verifiable presentations - Leverage OpenID Connect as simple to use protocol for wallet integrations - Leverage Verifiable Credentials for existing OpenID Connect deployments
Terminology - Presentation Data derived from one or more verifiable credentials, issued by one or more issuers, that is shared with a specific verifier. (see https://www.w3.org/TR/vc-data-model/#terminology) - Verified Presentation (VP) A verifiable presentation is a tamper-evident presentation encoded in such a way that authorship of the data can be trusted after a process of cryptographic verification. Certain types of verifiable presentations might contain data that is synthesized from, but do not contain, the original verifiable credentials (for example, zero-knowledge proofs). (see https://www.w3.org/TR/vc-data-model/#terminology)
Overview of the technical content - Request - uses “claims” parameter (OIDC Section 5.5) to request W3C verifiable presentation by credential type and (additionally) particular claims - Reponse - W3C verifiable presentations are returned using the same syntax either - 1) embedded inside the ID Token or userinfo response, or - 2) as a separate artifact VP Token that is returned together with the ID Token - Note: aggregated/distributed claims syntax was considered by discarded after WG/Community feedback
Examples
VP in ID Token ‘verifiable_presentations’ claim contains entire VPs `claims` parameter in the request
Separate artifact - ‘VP Token’ ID Token contains a `vp_hash` ‘VP Token’ contains an entire VP `claims` parameter in the request
Requests
Request for Verifiable Presentation (Type)
Request for Verifiable Presentation (Type and Claims)
“Just” Request Claims
Relationship with other work - Relationship with OpenID Connect Core - OIDC4VCO uses mechanisms already defined in OIDC Core, and does not introduce any breaking changes. - Relationship with SIOP V2 draft - SIOP V2 draft will refer to the OIDC4VCO draft wrt how W3C verifiable presentations (VPs) can be transported using SIOP model, since OIDC4VCO draft defines a generic way how W3C VPs can be used with various OIDC flows including SIOP V2. - Relationship with Claims Aggregation draft (and Credential Provider draft once contributed) - Claims Aggregation draft describes new Claims endpoint used by intermediary OP to obtain aggregated claims. RP/OP interface is aggregated claims as defined on OIDCC + “uid” assertion binding mechanism. OIDC4VCO draft describes extension at RP/OP interface for requesting and returns VPs as additional data in OIDC responses, defining a new token. Different formats and delivery mechanisms + OIDC4VCO defines request syntax. - Relationship with DIF Presentation Exchange (PE) draft - DIF PE draft could be used as part of the request syntax in OIDC4VCO draft, which should be discussed once OIDC4VCO draft is adopted. DIF PE is a query language that is protocol agnostic, and it does not replace OIDC4VCO draft.
Proposal ● Editors of claims aggregation and OIDC4VCO will keep working closely to align the documents, while adopting the OIDC4VCO draft separately. ● Write architecture whitepaper describing intermediary OP pattern with OIDC in general as well specifics of implementing it using OIDC aggregated claims or W3C Verifiable Credentials (or other types of cryptographically bound credentials).
CP (B) Identity Register 7. Signed claims b CP (A) Identity Register Client 5. Signed claims a IdP (wallet etc.) Identity Register c a b Signed Claims (Token) C D 4. Give me a. Token = Ta 6. Give me b. Token = Tb 1. Give me claims {a,b} 8. Here are {a,b} with the user identification claims c. 2.Is it ok to Give {a,b} to D? 3. I grant. User Main Interface of Claims Aggregation draft (for RP-OP interface response, adds additional verification steps and uses Aggregated Claims syntax) Interface of OIDC4VCO draft

Recommandé

OpenID for Verifiable Credentials
OpenID for Verifiable CredentialsOpenID for Verifiable Credentials
OpenID for Verifiable Credentials
Torsten Lodderstedt
 
OpenID for Verifiable Credentials @ IIW 36
OpenID for Verifiable Credentials @ IIW 36OpenID for Verifiable Credentials @ IIW 36
OpenID for Verifiable Credentials @ IIW 36
Torsten Lodderstedt
 
OpenID for Verifiable Credentials
OpenID for Verifiable CredentialsOpenID for Verifiable Credentials
OpenID for Verifiable Credentials
Torsten Lodderstedt
 
How to Build Interoperable Decentralized Identity Systems with OpenID for Ver...
How to Build Interoperable Decentralized Identity Systems with OpenID for Ver...How to Build Interoperable Decentralized Identity Systems with OpenID for Ver...
How to Build Interoperable Decentralized Identity Systems with OpenID for Ver...
Torsten Lodderstedt
 
OpenID 4 Verifiable Credentials + HAIP (Update)
OpenID 4 Verifiable Credentials + HAIP (Update)OpenID 4 Verifiable Credentials + HAIP (Update)
OpenID 4 Verifiable Credentials + HAIP (Update)
Torsten Lodderstedt
 
OpenID Connect 4 SSI (at EIC 2021)
OpenID Connect 4 SSI (at EIC 2021)OpenID Connect 4 SSI (at EIC 2021)
OpenID Connect 4 SSI (at EIC 2021)
Torsten Lodderstedt
 
OpenID for SSI
OpenID for SSIOpenID for SSI
OpenID for SSI
Torsten Lodderstedt
 
OpenID Connect 4 SSI
OpenID Connect 4 SSIOpenID Connect 4 SSI
OpenID Connect 4 SSI
Torsten Lodderstedt
 

Recommandé

OpenID for Verifiable Credentials
OpenID for Verifiable CredentialsOpenID for Verifiable Credentials
OpenID for Verifiable Credentials
Torsten Lodderstedt
 
OpenID for Verifiable Credentials @ IIW 36
OpenID for Verifiable Credentials @ IIW 36OpenID for Verifiable Credentials @ IIW 36
OpenID for Verifiable Credentials @ IIW 36
Torsten Lodderstedt
 
OpenID for Verifiable Credentials
OpenID for Verifiable CredentialsOpenID for Verifiable Credentials
OpenID for Verifiable Credentials
Torsten Lodderstedt
 
How to Build Interoperable Decentralized Identity Systems with OpenID for Ver...
How to Build Interoperable Decentralized Identity Systems with OpenID for Ver...How to Build Interoperable Decentralized Identity Systems with OpenID for Ver...
How to Build Interoperable Decentralized Identity Systems with OpenID for Ver...
Torsten Lodderstedt
 
OpenID 4 Verifiable Credentials + HAIP (Update)
OpenID 4 Verifiable Credentials + HAIP (Update)OpenID 4 Verifiable Credentials + HAIP (Update)
OpenID 4 Verifiable Credentials + HAIP (Update)
Torsten Lodderstedt
 
OpenID Connect 4 SSI (at EIC 2021)
OpenID Connect 4 SSI (at EIC 2021)OpenID Connect 4 SSI (at EIC 2021)
OpenID Connect 4 SSI (at EIC 2021)
Torsten Lodderstedt
 
OpenID for SSI
OpenID for SSIOpenID for SSI
OpenID for SSI
Torsten Lodderstedt
 
OpenID Connect 4 SSI
OpenID Connect 4 SSIOpenID Connect 4 SSI
OpenID Connect 4 SSI
Torsten Lodderstedt
 
How to Build Interoperable Decentralized Identity Systems with OpenID for Ver...
How to Build Interoperable Decentralized Identity Systems with OpenID for Ver...How to Build Interoperable Decentralized Identity Systems with OpenID for Ver...
How to Build Interoperable Decentralized Identity Systems with OpenID for Ver...
Torsten Lodderstedt
 
Verifiable Credentials_Kristina_Identiverse2022_vFIN.pdf
Verifiable Credentials_Kristina_Identiverse2022_vFIN.pdfVerifiable Credentials_Kristina_Identiverse2022_vFIN.pdf
Verifiable Credentials_Kristina_Identiverse2022_vFIN.pdf
Kristina Yasuda
 
OpenID Connect 4 SSI (DIFCon F2F)
OpenID Connect 4 SSI (DIFCon F2F)OpenID Connect 4 SSI (DIFCon F2F)
OpenID Connect 4 SSI (DIFCon F2F)
Torsten Lodderstedt
 
Verifiable Credentials, Self Sovereign Identity and DLTs
Verifiable Credentials, Self Sovereign Identity and DLTs Verifiable Credentials, Self Sovereign Identity and DLTs
Verifiable Credentials, Self Sovereign Identity and DLTs
Vasiliy Suvorov
 
The Shift from Federated to Decentralized Identity
The Shift from Federated to Decentralized IdentityThe Shift from Federated to Decentralized Identity
The Shift from Federated to Decentralized Identity
Evernym
 
OpenID for Verifiable Credentials (IIW 35)
OpenID for Verifiable Credentials (IIW 35)OpenID for Verifiable Credentials (IIW 35)
OpenID for Verifiable Credentials (IIW 35)
Torsten Lodderstedt
 
Overview of Decentralized Identity
Overview of Decentralized IdentityOverview of Decentralized Identity
Overview of Decentralized Identity
Jim Flynn
 
Self-issued OpenID Provider_OpenID Foundation Virtual Workshop
Self-issued OpenID Provider_OpenID Foundation Virtual Workshop Self-issued OpenID Provider_OpenID Foundation Virtual Workshop
Self-issued OpenID Provider_OpenID Foundation Virtual Workshop
Kristina Yasuda
 
OpenID ConnectとSCIMの標準化動向
OpenID ConnectとSCIMの標準化動向OpenID ConnectとSCIMの標準化動向
OpenID ConnectとSCIMの標準化動向
Tatsuo Kudo
 
Introduction to OpenID Connect
Introduction to OpenID Connect Introduction to OpenID Connect
Introduction to OpenID Connect
Nat Sakimura
 
次世代 KYC に関する検討状況 - OpenID BizDay #15
次世代 KYC に関する検討状況 - OpenID BizDay #15次世代 KYC に関する検討状況 - OpenID BizDay #15
次世代 KYC に関する検討状況 - OpenID BizDay #15
OpenID Foundation Japan
 
認証の課題とID連携の実装 〜ハンズオン〜
認証の課題とID連携の実装 〜ハンズオン〜認証の課題とID連携の実装 〜ハンズオン〜
認証の課題とID連携の実装 〜ハンズオン〜
Masaru Kurahayashi
 
なぜOpenID Connectが必要となったのか、その歴史的背景
なぜOpenID Connectが必要となったのか、その歴史的背景なぜOpenID Connectが必要となったのか、その歴史的背景
なぜOpenID Connectが必要となったのか、その歴史的背景
Tatsuo Kudo
 
Azure ADとIdentity管理
Azure ADとIdentity管理Azure ADとIdentity管理
Azure ADとIdentity管理
Naohiro Fujie
 
OpenID Connect 入門 〜コンシューマーにおけるID連携のトレンド〜
OpenID Connect 入門 〜コンシューマーにおけるID連携のトレンド〜OpenID Connect 入門 〜コンシューマーにおけるID連携のトレンド〜
OpenID Connect 入門 〜コンシューマーにおけるID連携のトレンド〜
Masaru Kurahayashi
 
OpenID Connect: An Overview
OpenID Connect: An OverviewOpenID Connect: An Overview
OpenID Connect: An Overview
Pat Patterson
 
新しい認証技術FIDOの最新動向
新しい認証技術FIDOの最新動向新しい認証技術FIDOの最新動向
新しい認証技術FIDOの最新動向
FIDO Alliance
 
OpenID Connect for W3C Verifiable Credential Objects
OpenID Connect for W3C Verifiable Credential ObjectsOpenID Connect for W3C Verifiable Credential Objects
OpenID Connect for W3C Verifiable Credential Objects
Torsten Lodderstedt
 
Decentralized Identifiers (DIDs): The Fundamental Building Block of Self-Sove...
Decentralized Identifiers (DIDs): The Fundamental Building Block of Self-Sove...Decentralized Identifiers (DIDs): The Fundamental Building Block of Self-Sove...
Decentralized Identifiers (DIDs): The Fundamental Building Block of Self-Sove...
SSIMeetup
 
FIDO Authentication: Unphishable MFA for All
FIDO Authentication: Unphishable MFA for AllFIDO Authentication: Unphishable MFA for All
FIDO Authentication: Unphishable MFA for All
FIDO Alliance
 
Deciphering 'Claims-based Identity'
Deciphering 'Claims-based Identity'Deciphering 'Claims-based Identity'
Deciphering 'Claims-based Identity'
Oliver Pfaff
 
The 12 facets of the OpenAPI standard.pdf
The 12 facets of the OpenAPI standard.pdfThe 12 facets of the OpenAPI standard.pdf
The 12 facets of the OpenAPI standard.pdf
Cisco DevNet
 

Contenu connexe

Tendances

Verifiable Credentials_Kristina_Identiverse2022_vFIN.pdf
Verifiable Credentials_Kristina_Identiverse2022_vFIN.pdfVerifiable Credentials_Kristina_Identiverse2022_vFIN.pdf
Verifiable Credentials_Kristina_Identiverse2022_vFIN.pdf
Kristina Yasuda
 
The Shift from Federated to Decentralized Identity
The Shift from Federated to Decentralized IdentityThe Shift from Federated to Decentralized Identity
The Shift from Federated to Decentralized Identity
Evernym
 
OpenID ConnectとSCIMの標準化動向
OpenID ConnectとSCIMの標準化動向OpenID ConnectとSCIMの標準化動向
OpenID ConnectとSCIMの標準化動向
Tatsuo Kudo
 
認証の課題とID連携の実装 〜ハンズオン〜
認証の課題とID連携の実装 〜ハンズオン〜認証の課題とID連携の実装 〜ハンズオン〜
認証の課題とID連携の実装 〜ハンズオン〜
Masaru Kurahayashi
 

Tendances (20)

How to Build Interoperable Decentralized Identity Systems with OpenID for Ver...
How to Build Interoperable Decentralized Identity Systems with OpenID for Ver...How to Build Interoperable Decentralized Identity Systems with OpenID for Ver...
How to Build Interoperable Decentralized Identity Systems with OpenID for Ver...
 
Verifiable Credentials_Kristina_Identiverse2022_vFIN.pdf
Verifiable Credentials_Kristina_Identiverse2022_vFIN.pdfVerifiable Credentials_Kristina_Identiverse2022_vFIN.pdf
Verifiable Credentials_Kristina_Identiverse2022_vFIN.pdf
 
OpenID Connect 4 SSI (DIFCon F2F)
OpenID Connect 4 SSI (DIFCon F2F)OpenID Connect 4 SSI (DIFCon F2F)
OpenID Connect 4 SSI (DIFCon F2F)
 
Verifiable Credentials, Self Sovereign Identity and DLTs
Verifiable Credentials, Self Sovereign Identity and DLTs Verifiable Credentials, Self Sovereign Identity and DLTs
Verifiable Credentials, Self Sovereign Identity and DLTs
 
The Shift from Federated to Decentralized Identity
The Shift from Federated to Decentralized IdentityThe Shift from Federated to Decentralized Identity
The Shift from Federated to Decentralized Identity
 
OpenID for Verifiable Credentials (IIW 35)
OpenID for Verifiable Credentials (IIW 35)OpenID for Verifiable Credentials (IIW 35)
OpenID for Verifiable Credentials (IIW 35)
 
Overview of Decentralized Identity
Overview of Decentralized IdentityOverview of Decentralized Identity
Overview of Decentralized Identity
 
Self-issued OpenID Provider_OpenID Foundation Virtual Workshop
Self-issued OpenID Provider_OpenID Foundation Virtual Workshop Self-issued OpenID Provider_OpenID Foundation Virtual Workshop
Self-issued OpenID Provider_OpenID Foundation Virtual Workshop
 
OpenID ConnectとSCIMの標準化動向
OpenID ConnectとSCIMの標準化動向OpenID ConnectとSCIMの標準化動向
OpenID ConnectとSCIMの標準化動向
 
Introduction to OpenID Connect
Introduction to OpenID Connect Introduction to OpenID Connect
Introduction to OpenID Connect
 
次世代 KYC に関する検討状況 - OpenID BizDay #15
次世代 KYC に関する検討状況 - OpenID BizDay #15次世代 KYC に関する検討状況 - OpenID BizDay #15
次世代 KYC に関する検討状況 - OpenID BizDay #15
 
認証の課題とID連携の実装 〜ハンズオン〜
認証の課題とID連携の実装 〜ハンズオン〜認証の課題とID連携の実装 〜ハンズオン〜
認証の課題とID連携の実装 〜ハンズオン〜
 
なぜOpenID Connectが必要となったのか、その歴史的背景
なぜOpenID Connectが必要となったのか、その歴史的背景なぜOpenID Connectが必要となったのか、その歴史的背景
なぜOpenID Connectが必要となったのか、その歴史的背景
 
Azure ADとIdentity管理
Azure ADとIdentity管理Azure ADとIdentity管理
Azure ADとIdentity管理
 
OpenID Connect 入門 〜コンシューマーにおけるID連携のトレンド〜
OpenID Connect 入門 〜コンシューマーにおけるID連携のトレンド〜OpenID Connect 入門 〜コンシューマーにおけるID連携のトレンド〜
OpenID Connect 入門 〜コンシューマーにおけるID連携のトレンド〜
 
OpenID Connect: An Overview
OpenID Connect: An OverviewOpenID Connect: An Overview
OpenID Connect: An Overview
 
新しい認証技術FIDOの最新動向
新しい認証技術FIDOの最新動向新しい認証技術FIDOの最新動向
新しい認証技術FIDOの最新動向
 
OpenID Connect for W3C Verifiable Credential Objects
OpenID Connect for W3C Verifiable Credential ObjectsOpenID Connect for W3C Verifiable Credential Objects
OpenID Connect for W3C Verifiable Credential Objects
 
Decentralized Identifiers (DIDs): The Fundamental Building Block of Self-Sove...
Decentralized Identifiers (DIDs): The Fundamental Building Block of Self-Sove...Decentralized Identifiers (DIDs): The Fundamental Building Block of Self-Sove...
Decentralized Identifiers (DIDs): The Fundamental Building Block of Self-Sove...
 
FIDO Authentication: Unphishable MFA for All
FIDO Authentication: Unphishable MFA for AllFIDO Authentication: Unphishable MFA for All
FIDO Authentication: Unphishable MFA for All
 

Similaire à OIDC4VP for AB/C WG

SOLID Programming with Portable Class Libraries
SOLID Programming with Portable Class LibrariesSOLID Programming with Portable Class Libraries
SOLID Programming with Portable Class Libraries
Vagif Abilov
 
PaaS Lessons: Cisco IT Deploys OpenShift to Meet Developer Demand
PaaS Lessons: Cisco IT Deploys OpenShift to Meet Developer DemandPaaS Lessons: Cisco IT Deploys OpenShift to Meet Developer Demand
PaaS Lessons: Cisco IT Deploys OpenShift to Meet Developer Demand
Cisco IT
 
Juanjo Hierro_FIWARE Marketplace and Data Publication features.pptx
Juanjo Hierro_FIWARE Marketplace and Data Publication features.pptxJuanjo Hierro_FIWARE Marketplace and Data Publication features.pptx
Juanjo Hierro_FIWARE Marketplace and Data Publication features.pptx
FIWARE
 
TechWiseTV Workshop: Intercloud Fabric
TechWiseTV Workshop: Intercloud FabricTechWiseTV Workshop: Intercloud Fabric
TechWiseTV Workshop: Intercloud Fabric
Robb Boyd
 
Introducing the WSO2 Platform
Introducing the WSO2 PlatformIntroducing the WSO2 Platform
Introducing the WSO2 Platform
WSO2
 

Similaire à OIDC4VP for AB/C WG (20)

Deciphering 'Claims-based Identity'
Deciphering 'Claims-based Identity'Deciphering 'Claims-based Identity'
Deciphering 'Claims-based Identity'
 
The 12 facets of the OpenAPI standard.pdf
The 12 facets of the OpenAPI standard.pdfThe 12 facets of the OpenAPI standard.pdf
The 12 facets of the OpenAPI standard.pdf
 
SOLID Programming with Portable Class Libraries
SOLID Programming with Portable Class LibrariesSOLID Programming with Portable Class Libraries
SOLID Programming with Portable Class Libraries
 
PaaS Lessons: Cisco IT Deploys OpenShift to Meet Developer Demand
PaaS Lessons: Cisco IT Deploys OpenShift to Meet Developer DemandPaaS Lessons: Cisco IT Deploys OpenShift to Meet Developer Demand
PaaS Lessons: Cisco IT Deploys OpenShift to Meet Developer Demand
 
18 facets of the OpenAPI specification - Cisco Live US 2023
18 facets of the OpenAPI specification - Cisco Live US 202318 facets of the OpenAPI specification - Cisco Live US 2023
18 facets of the OpenAPI specification - Cisco Live US 2023
 
How to Build Interoperable Decentralized Identity Systems with OpenID for Ver...
How to Build Interoperable Decentralized Identity Systems with OpenID for Ver...How to Build Interoperable Decentralized Identity Systems with OpenID for Ver...
How to Build Interoperable Decentralized Identity Systems with OpenID for Ver...
 
OCF/IoTivity for Healthcare/Fitness/Wearable
OCF/IoTivity for Healthcare/Fitness/WearableOCF/IoTivity for Healthcare/Fitness/Wearable
OCF/IoTivity for Healthcare/Fitness/Wearable
 
Dejan Podgorsek - Is Hyperledger Fabric secure enough for your Business?
Dejan Podgorsek - Is Hyperledger Fabric secure enough for your Business?Dejan Podgorsek - Is Hyperledger Fabric secure enough for your Business?
Dejan Podgorsek - Is Hyperledger Fabric secure enough for your Business?
 
Juanjo Hierro_FIWARE Marketplace and Data Publication features.pptx
Juanjo Hierro_FIWARE Marketplace and Data Publication features.pptxJuanjo Hierro_FIWARE Marketplace and Data Publication features.pptx
Juanjo Hierro_FIWARE Marketplace and Data Publication features.pptx
 
MNAssociationEnterpriseArchitectsCloudFoundryJuly2017
MNAssociationEnterpriseArchitectsCloudFoundryJuly2017MNAssociationEnterpriseArchitectsCloudFoundryJuly2017
MNAssociationEnterpriseArchitectsCloudFoundryJuly2017
 
OFC2016 SDN Framework and APIs
OFC2016 SDN Framework and APIsOFC2016 SDN Framework and APIs
OFC2016 SDN Framework and APIs
 
Nasdanika Foundation Server
Nasdanika Foundation ServerNasdanika Foundation Server
Nasdanika Foundation Server
 
TechWiseTV Workshop: Intercloud Fabric
TechWiseTV Workshop: Intercloud FabricTechWiseTV Workshop: Intercloud Fabric
TechWiseTV Workshop: Intercloud Fabric
 
the 12 facets of OpenAPI
the 12 facets of OpenAPIthe 12 facets of OpenAPI
the 12 facets of OpenAPI
 
2015 Q4 webrtc standards update
2015 Q4 webrtc standards update2015 Q4 webrtc standards update
2015 Q4 webrtc standards update
 
Colt inter-provider SDN NNIs and APIs
Colt inter-provider SDN NNIs and APIsColt inter-provider SDN NNIs and APIs
Colt inter-provider SDN NNIs and APIs
 
Introducing the WSO2 Platform
Introducing the WSO2 PlatformIntroducing the WSO2 Platform
Introducing the WSO2 Platform
 
IoT Physical Servers and Cloud Offerings.pdf
IoT Physical Servers and Cloud Offerings.pdfIoT Physical Servers and Cloud Offerings.pdf
IoT Physical Servers and Cloud Offerings.pdf
 
apidays LIVE Paris 2021 - Building an analytics API by David Wobrock, Botify
apidays LIVE Paris 2021 - Building an analytics API by David Wobrock, Botifyapidays LIVE Paris 2021 - Building an analytics API by David Wobrock, Botify
apidays LIVE Paris 2021 - Building an analytics API by David Wobrock, Botify
 
Technical Introduction to Hyperledger Fabric v1.0
Technical Introduction to Hyperledger Fabric v1.0Technical Introduction to Hyperledger Fabric v1.0
Technical Introduction to Hyperledger Fabric v1.0
 

Plus de Torsten Lodderstedt

The European Union goes Decentralized
The European Union goes DecentralizedThe European Union goes Decentralized
The European Union goes Decentralized
Torsten Lodderstedt
 
Identiverse: PSD2, Open Banking, and Technical Interoperability
Identiverse: PSD2, Open Banking, and Technical InteroperabilityIdentiverse: PSD2, Open Banking, and Technical Interoperability
Identiverse: PSD2, Open Banking, and Technical Interoperability
Torsten Lodderstedt
 
OAuth 2.0 Security Reinforced
OAuth 2.0 Security ReinforcedOAuth 2.0 Security Reinforced
OAuth 2.0 Security Reinforced
Torsten Lodderstedt
 

Plus de Torsten Lodderstedt (15)

The European Union goes Decentralized
The European Union goes DecentralizedThe European Union goes Decentralized
The European Union goes Decentralized
 
GAIN Presentation.pptx
GAIN Presentation.pptxGAIN Presentation.pptx
GAIN Presentation.pptx
 
Comprehensive overview FAPI 1 and FAPI 2
Comprehensive overview FAPI 1 and FAPI 2Comprehensive overview FAPI 1 and FAPI 2
Comprehensive overview FAPI 1 and FAPI 2
 
Comprehensive overview FAPI 1 and 2
Comprehensive overview FAPI 1 and 2Comprehensive overview FAPI 1 and 2
Comprehensive overview FAPI 1 and 2
 
OpenID Connect 4 Identity Assurance at IIW #32
OpenID Connect 4 Identity Assurance at IIW #32OpenID Connect 4 Identity Assurance at IIW #32
OpenID Connect 4 Identity Assurance at IIW #32
 
Identity Assurance with OpenID Connect
Identity Assurance with OpenID ConnectIdentity Assurance with OpenID Connect
Identity Assurance with OpenID Connect
 
NextGenPSD2 OAuth SCA Mode Security Recommendations
NextGenPSD2 OAuth SCA Mode Security RecommendationsNextGenPSD2 OAuth SCA Mode Security Recommendations
NextGenPSD2 OAuth SCA Mode Security Recommendations
 
Rich Authorization Requests
Rich Authorization RequestsRich Authorization Requests
Rich Authorization Requests
 
Pushed Authorization Requests
Pushed Authorization RequestsPushed Authorization Requests
Pushed Authorization Requests
 
OpenID Connect for Identity Assurance
OpenID Connect for Identity AssuranceOpenID Connect for Identity Assurance
OpenID Connect for Identity Assurance
 
NextGenPSD2 OAuth SCA Mode Security Recommendations
NextGenPSD2 OAuth SCA Mode Security Recommendations NextGenPSD2 OAuth SCA Mode Security Recommendations
NextGenPSD2 OAuth SCA Mode Security Recommendations
 
Identiverse: PSD2, Open Banking, and Technical Interoperability
Identiverse: PSD2, Open Banking, and Technical InteroperabilityIdentiverse: PSD2, Open Banking, and Technical Interoperability
Identiverse: PSD2, Open Banking, and Technical Interoperability
 
OAuth 2.0 Security Reinforced
OAuth 2.0 Security ReinforcedOAuth 2.0 Security Reinforced
OAuth 2.0 Security Reinforced
 
OAuth Security 4 Dummies iiw#27
OAuth Security 4 Dummies iiw#27OAuth Security 4 Dummies iiw#27
OAuth Security 4 Dummies iiw#27
 
Identity Proofing with OpenID Connect
Identity Proofing with OpenID ConnectIdentity Proofing with OpenID Connect
Identity Proofing with OpenID Connect
 

Dernier

Yerawada ] Independent Escorts in Pune - Book 8005736733 Call Girls Available...
Yerawada ] Independent Escorts in Pune - Book 8005736733 Call Girls Available...Yerawada ] Independent Escorts in Pune - Book 8005736733 Call Girls Available...
Yerawada ] Independent Escorts in Pune - Book 8005736733 Call Girls Available...
SUHANI PANDEY
 
Nanded City ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready ...
Nanded City ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready ...Nanded City ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready ...
Nanded City ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready ...
tanu pandey
 
Pirangut | Call Girls Pune Phone No 8005736733 Elite Escort Service Available...
Pirangut | Call Girls Pune Phone No 8005736733 Elite Escort Service Available...Pirangut | Call Girls Pune Phone No 8005736733 Elite Escort Service Available...
Pirangut | Call Girls Pune Phone No 8005736733 Elite Escort Service Available...
SUHANI PANDEY
 
➥🔝 7737669865 🔝▻ mehsana Call-girls in Women Seeking Men 🔝mehsana🔝 Escorts...
➥🔝 7737669865 🔝▻ mehsana Call-girls in Women Seeking Men 🔝mehsana🔝 Escorts...➥🔝 7737669865 🔝▻ mehsana Call-girls in Women Seeking Men 🔝mehsana🔝 Escorts...
➥🔝 7737669865 🔝▻ mehsana Call-girls in Women Seeking Men 🔝mehsana🔝 Escorts...
nirzagarg
 
VIP Model Call Girls NIBM ( Pune ) Call ON 8005736733 Starting From 5K to 25K...
VIP Model Call Girls NIBM ( Pune ) Call ON 8005736733 Starting From 5K to 25K...VIP Model Call Girls NIBM ( Pune ) Call ON 8005736733 Starting From 5K to 25K...
VIP Model Call Girls NIBM ( Pune ) Call ON 8005736733 Starting From 5K to 25K...
SUHANI PANDEY
 
Wagholi & High Class Call Girls Pune Neha 8005736733 | 100% Gennuine High Cla...
Wagholi & High Class Call Girls Pune Neha 8005736733 | 100% Gennuine High Cla...Wagholi & High Class Call Girls Pune Neha 8005736733 | 100% Gennuine High Cla...
Wagholi & High Class Call Girls Pune Neha 8005736733 | 100% Gennuine High Cla...
SUHANI PANDEY
 
📱Dehradun Call Girls Service 📱☎️ +91'905,3900,678 ☎️📱 Call Girls In Dehradun 📱
📱Dehradun Call Girls Service 📱☎️ +91'905,3900,678 ☎️📱 Call Girls In Dehradun 📱📱Dehradun Call Girls Service 📱☎️ +91'905,3900,678 ☎️📱 Call Girls In Dehradun 📱
📱Dehradun Call Girls Service 📱☎️ +91'905,3900,678 ☎️📱 Call Girls In Dehradun 📱
@Chandigarh #call #Girls 9053900678 @Call #Girls in @Punjab 9053900678
 
Dubai=Desi Dubai Call Girls O525547819 Outdoor Call Girls Dubai
Dubai=Desi Dubai Call Girls O525547819 Outdoor Call Girls DubaiDubai=Desi Dubai Call Girls O525547819 Outdoor Call Girls Dubai
Dubai=Desi Dubai Call Girls O525547819 Outdoor Call Girls Dubai
kojalkojal131
 
Call Girls Sangvi Call Me 7737669865 Budget Friendly No Advance BookingCall G...
Call Girls Sangvi Call Me 7737669865 Budget Friendly No Advance BookingCall G...Call Girls Sangvi Call Me 7737669865 Budget Friendly No Advance BookingCall G...
Call Girls Sangvi Call Me 7737669865 Budget Friendly No Advance BookingCall G...
roncy bisnoi
 
Pune Airport ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready...
Pune Airport ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready...Pune Airport ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready...
Pune Airport ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready...
tanu pandey
 
💚😋 Bilaspur Escort Service Call Girls, 9352852248 ₹5000 To 25K With AC💚😋
💚😋 Bilaspur Escort Service Call Girls, 9352852248 ₹5000 To 25K With AC💚😋💚😋 Bilaspur Escort Service Call Girls, 9352852248 ₹5000 To 25K With AC💚😋
💚😋 Bilaspur Escort Service Call Girls, 9352852248 ₹5000 To 25K With AC💚😋
nirzagarg
 
All Time Service Available Call Girls Mg Road 👌 ⏭️ 6378878445
All Time Service Available Call Girls Mg Road 👌 ⏭️ 6378878445All Time Service Available Call Girls Mg Road 👌 ⏭️ 6378878445
All Time Service Available Call Girls Mg Road 👌 ⏭️ 6378878445
ruhi
 
VIP Model Call Girls Hadapsar ( Pune ) Call ON 9905417584 Starting High Prof...
VIP Model Call Girls Hadapsar ( Pune ) Call ON 9905417584 Starting High Prof...VIP Model Call Girls Hadapsar ( Pune ) Call ON 9905417584 Starting High Prof...
VIP Model Call Girls Hadapsar ( Pune ) Call ON 9905417584 Starting High Prof...
singhpriety023
 

Dernier (20)

20240510 QFM016 Irresponsible AI Reading List April 2024.pdf
20240510 QFM016 Irresponsible AI Reading List April 2024.pdf20240510 QFM016 Irresponsible AI Reading List April 2024.pdf
20240510 QFM016 Irresponsible AI Reading List April 2024.pdf
 
Real Men Wear Diapers T Shirts sweatshirt
Real Men Wear Diapers T Shirts sweatshirtReal Men Wear Diapers T Shirts sweatshirt
Real Men Wear Diapers T Shirts sweatshirt
 
Yerawada ] Independent Escorts in Pune - Book 8005736733 Call Girls Available...
Yerawada ] Independent Escorts in Pune - Book 8005736733 Call Girls Available...Yerawada ] Independent Escorts in Pune - Book 8005736733 Call Girls Available...
Yerawada ] Independent Escorts in Pune - Book 8005736733 Call Girls Available...
 
Call Girls Ludhiana Just Call 98765-12871 Top Class Call Girl Service Available
Call Girls Ludhiana Just Call 98765-12871 Top Class Call Girl Service AvailableCall Girls Ludhiana Just Call 98765-12871 Top Class Call Girl Service Available
Call Girls Ludhiana Just Call 98765-12871 Top Class Call Girl Service Available
 
Nanded City ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready ...
Nanded City ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready ...Nanded City ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready ...
Nanded City ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready ...
 
Pirangut | Call Girls Pune Phone No 8005736733 Elite Escort Service Available...
Pirangut | Call Girls Pune Phone No 8005736733 Elite Escort Service Available...Pirangut | Call Girls Pune Phone No 8005736733 Elite Escort Service Available...
Pirangut | Call Girls Pune Phone No 8005736733 Elite Escort Service Available...
 
20240508 QFM014 Elixir Reading List April 2024.pdf
20240508 QFM014 Elixir Reading List April 2024.pdf20240508 QFM014 Elixir Reading List April 2024.pdf
20240508 QFM014 Elixir Reading List April 2024.pdf
 
➥🔝 7737669865 🔝▻ mehsana Call-girls in Women Seeking Men 🔝mehsana🔝 Escorts...
➥🔝 7737669865 🔝▻ mehsana Call-girls in Women Seeking Men 🔝mehsana🔝 Escorts...➥🔝 7737669865 🔝▻ mehsana Call-girls in Women Seeking Men 🔝mehsana🔝 Escorts...
➥🔝 7737669865 🔝▻ mehsana Call-girls in Women Seeking Men 🔝mehsana🔝 Escorts...
 
Trump Diapers Over Dems t shirts Sweatshirt
Trump Diapers Over Dems t shirts SweatshirtTrump Diapers Over Dems t shirts Sweatshirt
Trump Diapers Over Dems t shirts Sweatshirt
 
APNIC Updates presented by Paul Wilson at ARIN 53
APNIC Updates presented by Paul Wilson at ARIN 53APNIC Updates presented by Paul Wilson at ARIN 53
APNIC Updates presented by Paul Wilson at ARIN 53
 
VIP Model Call Girls NIBM ( Pune ) Call ON 8005736733 Starting From 5K to 25K...
VIP Model Call Girls NIBM ( Pune ) Call ON 8005736733 Starting From 5K to 25K...VIP Model Call Girls NIBM ( Pune ) Call ON 8005736733 Starting From 5K to 25K...
VIP Model Call Girls NIBM ( Pune ) Call ON 8005736733 Starting From 5K to 25K...
 
Wagholi & High Class Call Girls Pune Neha 8005736733 | 100% Gennuine High Cla...
Wagholi & High Class Call Girls Pune Neha 8005736733 | 100% Gennuine High Cla...Wagholi & High Class Call Girls Pune Neha 8005736733 | 100% Gennuine High Cla...
Wagholi & High Class Call Girls Pune Neha 8005736733 | 100% Gennuine High Cla...
 
📱Dehradun Call Girls Service 📱☎️ +91'905,3900,678 ☎️📱 Call Girls In Dehradun 📱
📱Dehradun Call Girls Service 📱☎️ +91'905,3900,678 ☎️📱 Call Girls In Dehradun 📱📱Dehradun Call Girls Service 📱☎️ +91'905,3900,678 ☎️📱 Call Girls In Dehradun 📱
📱Dehradun Call Girls Service 📱☎️ +91'905,3900,678 ☎️📱 Call Girls In Dehradun 📱
 
Microsoft Azure Arc Customer Deck Microsoft
Microsoft Azure Arc Customer Deck MicrosoftMicrosoft Azure Arc Customer Deck Microsoft
Microsoft Azure Arc Customer Deck Microsoft
 
Dubai=Desi Dubai Call Girls O525547819 Outdoor Call Girls Dubai
Dubai=Desi Dubai Call Girls O525547819 Outdoor Call Girls DubaiDubai=Desi Dubai Call Girls O525547819 Outdoor Call Girls Dubai
Dubai=Desi Dubai Call Girls O525547819 Outdoor Call Girls Dubai
 
Call Girls Sangvi Call Me 7737669865 Budget Friendly No Advance BookingCall G...
Call Girls Sangvi Call Me 7737669865 Budget Friendly No Advance BookingCall G...Call Girls Sangvi Call Me 7737669865 Budget Friendly No Advance BookingCall G...
Call Girls Sangvi Call Me 7737669865 Budget Friendly No Advance BookingCall G...
 
Pune Airport ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready...
Pune Airport ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready...Pune Airport ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready...
Pune Airport ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready...
 
💚😋 Bilaspur Escort Service Call Girls, 9352852248 ₹5000 To 25K With AC💚😋
💚😋 Bilaspur Escort Service Call Girls, 9352852248 ₹5000 To 25K With AC💚😋💚😋 Bilaspur Escort Service Call Girls, 9352852248 ₹5000 To 25K With AC💚😋
💚😋 Bilaspur Escort Service Call Girls, 9352852248 ₹5000 To 25K With AC💚😋
 
All Time Service Available Call Girls Mg Road 👌 ⏭️ 6378878445
All Time Service Available Call Girls Mg Road 👌 ⏭️ 6378878445All Time Service Available Call Girls Mg Road 👌 ⏭️ 6378878445
All Time Service Available Call Girls Mg Road 👌 ⏭️ 6378878445
 
VIP Model Call Girls Hadapsar ( Pune ) Call ON 9905417584 Starting High Prof...
VIP Model Call Girls Hadapsar ( Pune ) Call ON 9905417584 Starting High Prof...VIP Model Call Girls Hadapsar ( Pune ) Call ON 9905417584 Starting High Prof...
VIP Model Call Girls Hadapsar ( Pune ) Call ON 9905417584 Starting High Prof...
 

OIDC4VP for AB/C WG

  • 1. OpenID Connect for W3C Verifiable Credential Objects AB/Connect Working Group Kristina Yasuda, Oliver Terbu, Torsten Lodderstedt, Adam Lemmon, Tobias Looker
  • 2. Scope - Support request and presentation of W3C Verifiable Credentials in all OpenID Connect Flows (SIOP, code, CIBA, …)
  • 3. Out of Scope ● Data models for verifiable credentials or presentations ● Validation of verifiable presentations/credentials
  • 4. Need - DIDComm is complex and lacks interoperability - OIDC is seen by a lot of people as a candidate for a simple and interoperable integration layer - Projects now either use DIF DID-SIOP, which is incomplete, or OIDC Core SIOP ch. 7, which is too generic. A more specific standard is required - Due to the lack of a clear standard, different projects implement different variants of the DID SIOP - Demand for standard to request and provide W3C Verifiable Presentations via OIDC
  • 5. Goal - Make OIDC the first choice for anyone wanting to obtain and/or provide W3C Verifiable Presentations
  • 6. Value - Provide interoperability between existing and new OpenID Connect deployments that use W3C verifiable presentations - Leverage OpenID Connect as simple to use protocol for wallet integrations - Leverage Verifiable Credentials for existing OpenID Connect deployments
  • 7. Terminology - Presentation Data derived from one or more verifiable credentials, issued by one or more issuers, that is shared with a specific verifier. (see https://www.w3.org/TR/vc-data-model/#terminology) - Verified Presentation (VP) A verifiable presentation is a tamper-evident presentation encoded in such a way that authorship of the data can be trusted after a process of cryptographic verification. Certain types of verifiable presentations might contain data that is synthesized from, but do not contain, the original verifiable credentials (for example, zero-knowledge proofs). (see https://www.w3.org/TR/vc-data-model/#terminology)
  • 8. Overview of the technical content - Request - uses “claims” parameter (OIDC Section 5.5) to request W3C verifiable presentation by credential type and (additionally) particular claims - Reponse - W3C verifiable presentations are returned using the same syntax either - 1) embedded inside the ID Token or userinfo response, or - 2) as a separate artifact VP Token that is returned together with the ID Token - Note: aggregated/distributed claims syntax was considered by discarded after WG/Community feedback
  • 10. VP in ID Token ‘verifiable_presentations’ claim contains entire VPs `claims` parameter in the request
  • 11. Separate artifact - ‘VP Token’ ID Token contains a `vp_hash` ‘VP Token’ contains an entire VP `claims` parameter in the request
  • 13. Request for Verifiable Presentation (Type)
  • 14. Request for Verifiable Presentation (Type and Claims)
  • 16. Relationship with other work - Relationship with OpenID Connect Core - OIDC4VCO uses mechanisms already defined in OIDC Core, and does not introduce any breaking changes. - Relationship with SIOP V2 draft - SIOP V2 draft will refer to the OIDC4VCO draft wrt how W3C verifiable presentations (VPs) can be transported using SIOP model, since OIDC4VCO draft defines a generic way how W3C VPs can be used with various OIDC flows including SIOP V2. - Relationship with Claims Aggregation draft (and Credential Provider draft once contributed) - Claims Aggregation draft describes new Claims endpoint used by intermediary OP to obtain aggregated claims. RP/OP interface is aggregated claims as defined on OIDCC + “uid” assertion binding mechanism. OIDC4VCO draft describes extension at RP/OP interface for requesting and returns VPs as additional data in OIDC responses, defining a new token. Different formats and delivery mechanisms + OIDC4VCO defines request syntax. - Relationship with DIF Presentation Exchange (PE) draft - DIF PE draft could be used as part of the request syntax in OIDC4VCO draft, which should be discussed once OIDC4VCO draft is adopted. DIF PE is a query language that is protocol agnostic, and it does not replace OIDC4VCO draft.
  • 17. Proposal ● Editors of claims aggregation and OIDC4VCO will keep working closely to align the documents, while adopting the OIDC4VCO draft separately. ● Write architecture whitepaper describing intermediary OP pattern with OIDC in general as well specifics of implementing it using OIDC aggregated claims or W3C Verifiable Credentials (or other types of cryptographically bound credentials).
  • 18. CP (B) Identity Register 7. Signed claims b CP (A) Identity Register Client 5. Signed claims a IdP (wallet etc.) Identity Register c a b Signed Claims (Token) C D 4. Give me a. Token = Ta 6. Give me b. Token = Tb 1. Give me claims {a,b} 8. Here are {a,b} with the user identification claims c. 2.Is it ok to Give {a,b} to D? 3. I grant. User Main Interface of Claims Aggregation draft (for RP-OP interface response, adds additional verification steps and uses Aggregated Claims syntax) Interface of OIDC4VCO draft