4.0 KiB
published |
---|
false |
Bridging the Gap
- OpenID Connect for W3C Verifiable Credential Objects by Oliver Terbu, Torsten Lodderstedt, Kristina Yasuda, Adam Lemmon, Tobias Looker
Slides: https://www.slideshare.net/TorstenLodderstedt/openid-connect-for-w3c-verifiable-credential-objects
- Have been incubated in OpenID Foundation and DIF’s joint Self-Issued OpenID Provider WG - contact Kristina (kristina.yasuda@microsoft.com for participation details)
-
Integrating FIDO with Verifiable Credentials (8.30 am start) by David Chadwick
-
The Use of FIDO2 and Verifiable Credentials (David Chadwick)
W3C Web Authentication (FIDO2) provides a mechanism for strong authentication whilst W3C Verifiable Credentials provide a mechanism for strong identification and authorisation. Together they make an unbeatable pair for identity management.
Prof. David Chadwick presented work on sharing W3C Verifiable Crendentials via FIDO2 key setup with issuers of credentials. In a nutshell, the holder and issuer use the WebAuthN protocol to strongly authenticate before the issuer protects the credentials with its signature. Upon providing credentials to a relying party, the issuer (acting in an IDP capacity, so they must be online) will verify the identity of the holder via FIDO2 WebAuthN so that the credentials (or selected claims in the credentials for selective disclosure) can be shared with the relying party. Ephemeral keys are created to bind the holder with such credentials shared to the relying party/verifier. The relying party/verifier can use X.509 certs to confirm that the issuer is valid by checking the signature on the derived credential from the holder.
- Continuity of a service
- Offline Authentication
- Speed, reduced latency
- Choice, Portability
- Privacy
-
Mapping FHIR JSON resource to W3C Vaccination vocabulary : A semantic data pipeline by John Walker
-
DID chooser for SIOP by tom jones & friends
Goal is to allow folks to pick their DID they want to use for a website. “Subject choosing which DID to present”.
Use case: A user goes to an RP, and decides to register for return visits. RP can’t offer folks the Nascar Problem (too many IDP logos on the login screen).
Select a Wallet vs Select a Wallet and Identifier.
What happens when SIOP arrives? We will need a DID chooser.
Some wallets will hold credentials for multiple identifiers, some will hold only 1.
An RP offers users multiple options for registration (Google, Facebook, Yahoo…. And coming soon… Personal)
RP should disclose their ID and why they are asking the user for what data.
Options we consider: