identity - world wide web consortium · identity provider (idp) reference: iso 29115; openidconnect...
TRANSCRIPT
Stefan Thomas, CTO
Identity
Stefan Thomas, CTO
Agenda
• Goals
• Terminology
• What can decentralized networks contribute?
– Better Identity Provider
– Public attestation
Stefan Thomas, CTO
Goals
• Authentication
How can users securely authorize transactions?
• Attestation
How can we enable users to prove their trustworthiness?
What are we trying to solve?
Stefan Thomas, CTO
Our role
• We’re not identity experts. We’re payments experts.
• What are our unique challenges around identity?
• How does the emergence of distributed networks affect identity?
W3C Web Payments Community Group
Stefan Thomas, CTO
Terminology
Entity Identity
TheMark72
Identity Provider (IdP)
Reference: ISO 29115; OpenID Connect 1.0 Core
Stefan Thomas, CTO
Terminology
Identity
TheMark72
Claim
name: “Mark Dinkel”
Claim Provider
Reference: draft-ietf-oauth-json-web-token-19; OpenID Connect 1.0 Core
Stefan Thomas, CTO
Advantages
• Authentication mechanism agnostic
• Cryptographically secure
• Granular sharing of information and permissions
• Supports discovery
The good news first
OpenID Connect is pretty good!
Stefan Thomas, CTO
Reliance on IdPs
• They are a target
• Difficult to switch
• Right to own your identity
Why care?
Stefan Thomas, CTO
Self-issued IdP
• OpenID Connect 1.0 Core - Section 7
• https://self-issued.me
• Suggested use case: Mobile phone
• Open issues: backup, security
The other option
Stefan Thomas, CTO
Peer-assisted Key Derivation (PAKDF)
Trustless login using blind signatures
“pw”
blinding
unblinding
blind signature
Reference: justmoon.github.io/pakdf
Stefan Thomas, CTO
Peer-assisted Key Derivation (PAKDF)
• Full benefits of identity provider (multi-factor authentication, rate-limiting, fingerprinting)
• If using multiple peers provides strong protections against bad IdPs
Trustless login using blind signatures
“pw”
Stefan Thomas, CTO
Switching providers
Global distributed namespace
~alice
acmebank.com
rNb721TdNHN37yoURrMYDiQ
~alice
Stefan Thomas, CTO
Switching providers
Global distributed namespace
~alice
foobank.com
rNb721TdNHN37yoURrMYDiQ
~alice
Stefan Thomas, CTO
Service Discovery
How to pay alice?
~alice
acct:[email protected]
"links": [{
"rel": "https://ripple.com/specs/pay/1.0",
"href": "https://foobank.com/api/ripple/pay"
}]
Reference: RFC 7033 WebFinger
Stefan Thomas, CTO
Service Discovery
GET /api/ripple/pay?uri=alice%3Ffoobank.com…
[{
“uri": “ripple:[email protected]“,
“currency”: “CAD”
}, {
“uri": “ripple:rNb721TdNHN37yoURrMYDiQF?dt=1234”,
“currency”: “BTC”
}, …]
Stefan Thomas, CTO
Reputation
Identity
Claim
name: “Mark Dinkel”
Claim Provider
Reference: draft-ietf-oauth-json-web-token-19; OpenID Connect 1.0 Core
Stefan Thomas, CTO
Reputation
Identity
Claim
{
reviewer: “[email protected]”,
score: 9.5,
comment: “Great guy!”
}
Claim Provider
Stefan Thomas, CTO