SlideShare une entreprise Scribd logo

OpenID Connect 4 SSI (DIFCon F2F)

T
Torsten Lodderstedt

OpenID Connect 4 SSI aims at specifying a set of protocols based on OpenID Connect to enable SSI applications. The initiative is conducted at OpenID Foundation in liaison with the Decentralized Identity Foundation (DIF). One of the specifications is built up on DID-SIOP in DIDAuth WG in DIF and SIOP v1 in OIDC Core.

Internet
1  sur  24
Télécharger pour lire hors ligne
OpenID Connect for SSI Kristina Yasuda, Microsoft Dr. Torsten Lodderstedt, yes.com
OpenID Connect for SSI • Aims at specifying a set of protocols based on OpenID Connect to enable SSI applications • Initiative conducted at OpenID Foundation in liaison with the Decentralized Identity Foundation (DIF) • One of the specifications is built up on DID-SIOP in DIDAuth WG in DIF and SIOP v1 in OIDC Core
- Self-Issued OP (SIOP) already provides good starting point - Leveraging the simplicity and security of OpenID Connect for SSI applications - Existing libraries, only HTTPS communication, developer familiarity - Great for mobile applications, no firewall hassles - Security of OpenID Connect has been tested and formally analysed - Allow existing OpenID Connect RPs to access SSI credentials and existing OpenID Connect OPs to issue credentials Why use OpenID Connect as basis?
③ OpenID Connect for Verifiable Credential Issuance (Issuance of Verifiable Credentials) OpenID Connect for SSI Components Issuer (Website) Verifier (Website) Holder (Digital Wallet) Issue Credentials Present Credentials OpenID Connect Core ② OpenID Connect for Verifiable Presentations (Transportation of Verifiable Credentials) ① Self-Issued OP v2 (key exchange and authentication) or OpenID Connect Core Code flow Base Protocol Credentials
Using OIDC4SSI as an authentication protocol to present and issue credentials allows implementers to choose a combination of DID methods, credential formats and other components of the SSI tech stack. OIDC4SSI allows variety of choices in the SSI tech stack SSI Tech Stack component Implementer’s choices when using OIDC4SSI as a protocol Identifiers Any DID method - user’s identifier can also be a JWK Thumbprint (`sub` in the ID Token) - verifier’s identifier can also be a unique string (`client_id` in the request) Credential Format Any credential format (AnonCreds, LDP-VC, JWT-VC, ISO mDL, etc.) Revocation Any mechanism (Status List 2021, etc.) additional trust mechanisms Any mechanism (.well-known DID configuration, etc.) Cryptography Any cryptosuite (EdDSA, ES256K, etc.)
Standard OpenID Connect vs SIOP v2 Self-Issued OP model ⓪ User tries to log in Website (RP) User Agent OP Trust in cryptographically verifiable identifier ② OP on the user device issues ID Token Alice User-controlled OpenID Connect OP is able to self-sign ID Tokens and authenticate using public keys or Decentralized identifiers (DIDs) ① RP requests ID Token OpenID Connect standard model ⓪ User tries to log in Website (RP) User Agent OP (3P OpenID Provider) Trust in 3rd party Alice ② 3rd Party OP issues an ID Token ① RP requests ID Token
Credential Issuer ③ Verify Credential from Trusted Credential Issuer (credential validation) SIOP v2 + OpenID Connect 4 Verifiable Presentations Presenting Credentials Website or App (RP) User Agent OP Alice Trust in cryptographically authenticated identifier ⓪ User tries to log in RP Stored Verifiable Credentials Trust in Credential Issuer(s) ② SIOP issues ID Token & Verifiable Presentation(s) ① RP requests ID Token and Credential(s)
- Protocol is credential/presentation format agnostic - Dynamic SIOP discovery and invocation via HTTPS URLs - in addition to “openid://” custom scheme - enables use of app/universal links and web wallets - Same and Cross Device Flows - Leverages OpenID Connect Registration/Discovery metadata for management of verifiers and wallets Present Credentials (Key Features)
- First Implementer’s Drafts of OpenID Connect SIOPV2 and OIDC4VP approved - https://openid.net/specs/openid-connect-self-issued-v2-1_0.html - https://openid.net/specs/openid-connect-4-verifiable-presentations-1_0.html - Existing & ongoing Implementations: - Microsoft - Convergence.Tech - IDunion - walt.id (eSSIF-Lab)* - Sphereon - Gimly *Some ESSIF projects already utilizes SIOP (based on DID-SIOP & OpenID Connect 4 Identity Assurance) Present Credentials (Status)
Demo Credential Presentation
IDunion Prototype •Implemented within IDunion project •Team: Sebastian Bickerle, Paul Wenzel, Fabian Hauck, & Dr. Daniel Fett •Use Case: Login to NextCloud using Verifiable Credentials •Based on • Existing NextCloud OpenID Connect Plugin • Lissi Wallet • Hyperledger Indy & Indy SDK & AnonCreds
European Banking Identity Prototype •eSSIF-Lab founded project •Team: yes.com & walt.id • Presentation & Issuance via OIDC4SSI •Based on • walt.id Wallet (Web Wallet) • JSON LD based credentials • did:key (did:ebsi) eSSIF-Lab is funded by the European Commission, as part of the Horizon 2020 Research and Innovation Programme, under Grant Agreement Nº 871932 and it's framed under Next Generation Internet Initiative.
Architecture Verifier Ledger Frontend Wallet redirects (HTTPS GET) (3) “response” (HTTPS POST) Backend polling on device cross device ledger access (1) QR Code e.g. DID resolution, revocation info, schema and credential definition (2) Request payload (GET request_uri)
Request Example ESSIF Lab (W3C VC) { "response_type" :"id_token", "client_id":"https://example.com/callback" , "scope":"openid", "redirect_uri" :"https://example.com/callback" , "nonce":"67473895393019470130" , ... "claims":{ "vp_token":{ "presentation_definition" :{ "id":"1", "input_descriptors" :[ { "id":"1", "schema":{ "uri":"https://raw.githubusercontent.com/…/EuropeanBankIdentity.json" } } ] } } } }
Response Example ESSIF Lab (W3C VC) { "iss": "https://self-issued.me/v2", "aud": "https://example.com/callback", "sub": "did:key:z6MkqUDiu3MHxAm...mscLT8E9R5CKdbtr7gwR8", "exp": 1645469476, "iat": 1645465876, "nonce": "cdb97870-a3be-49b4-aa55-8c7c7122178a", "_vp_token": { "presentation_submission": { "descriptor_map": [ { "path": "$", "format": "ldp_vp", "path_nested": { "path": "$.verifiableCredential[0]", "format": "ldp_vc" } ], "definition_id": "1", "id": "1" } } } { "@context" :[ "https://www.w3.org/2018/credentials/v1" ], "holder" :"did:key:z6MkqUDiu3MHxAmuMQ8jjkLiUu1mscLT8E9R5CKdbtr7gwR8" , "id":"urn:uuid:04816f2a-85f1-45d7-a66d-51764d39a569" , "proof":{ "domain" :"https://example.com/callback" , "jws" :"...", "nonce":"cdb97870-a3be-49b4-aa55-8c7c7122178a" , "proofPurpose" :"authentication" , "type":"Ed25519Signature2018" , "verificationMethod" :"did:key:z6MkqUDiu3 ..." }, "type":[ "VerifiablePresentation" ], "verifiableCredential" :[ { … "type":[ "VerifiableCredential" , "EuropeanBankIdentity" ], "credentialSubject" :{ "id":"did:key:z6MkqUDiu3MHxAmuMQ8jjkLiUu1mscLT8E9R5CKdbtr7gwR8" , "familyName" :"Family001" , "givenName" :"Given001" , "birthDate" :"1950-01-01" , "placeOfBirth" :{ "country" :"DE", "locality" :"Berlin" } }, ID Token VP Token
Request Example IDunion (AnonCred) { "response_type" :"id_token" , "client_id" :"https://example.com/callback" , "scope":"openid" , "redirect_uri" :"https://example.com/callback ", "nonce":"67473895393019470130" , ... "claims" :{ "vp_token" :{ "presentation_definition" :{ "id":"NextcloudLogin" , "input_descriptors" :[ { "id":"ref2", "name":"NextcloudCredential" , "format" : { "ac_vc": { "proof_type" : ["CLSignature2019" ] } }, "schema" :[{ "uri":"did:indy:idu:test:3QowxFtwciWceMFr7WbwnM:2:BasicScheme:0.1", "required" :true}], "constraints" :{ "limit_disclosure" :"required" , "fields" :[{"path":["$.values.email" ]}, { "path":["$.values.first_name" ]}, { "path":["$.values.last_name" ]}] } } ] } } } }
Response Example IDunion (AnonCred) { "aud": "https://example.com/callback ", "sub": "9wgU5CR6PdgGmvBfgz_CqAtBxJ33ckMEwvij-gC6Bcw" , "auth_time" : 1638483344 , "iss": "https://self-issued.me/v2" , "sub_jwk" : { "x": "cQ5fu5VmG…dA_5lTMGcoyQE78RrqQ6" , "kty": "EC", "y": "XHpi27YMA…rnF_-f_ASULPTmUmTS" , "crv": "P-384" }, "exp": 1638483944 , "iat": 1638483344 , "nonce": "67473895393019470130 ", "_vp_token" : { "presentation_submission" : { "descriptor_map" : [ { "id": "ref2", "path": "$", "format" : "ac_vp", "path_nested" : { "path": "$.requested_proof.revealed_attr_groups.ref2", "format" : "ac_vc" } } ], "definition_id" : "NextcloudLogin" , "id": "NexcloudCredentialPresentationSubmission" } } } { "proof": {...}, "requested_proof": { "revealed_attrs" : {}, "revealed_attr_groups": { "ref2": { "sub_proof_index" : 0, "values" : { "email": { "raw": "alice@example.com" , "encoded" : "115589951…83915671017846" }, "last_name" : { "raw": "Wonderland" , "encoded" : "167908493…94017654562035" }, "first_name" : { "raw": "Alice", "encoded" : "270346400…99344178781507" } } } }, … }, "identifiers" : [ { "schema_id" : "3QowxFtwciWceMFr7WbwnM:2:BasicScheme:0.1" , "cred_def_id" : "CsiDLAiFkQb9N4NDJKUagd:3:CL:4687:awesome_cred" , "rev_reg_id" : null, "timestamp" : null } ] } ID Token VP Token
⓪ User tries to log in, RP requests a VC OpenID Connect 4 Verifiable Credentials Issuance Issue Credentials Website or App (RP) User Agent OP Alice Credential Issuer Trusted Credential Issuer Trust (on first use) ⓪ User requests Credential ① Credential Issuer issues credential Verifiable Credentials ① SIOP issues ID Token & Verifiable Presentations
- Easy to turn an existing OpenID Connect OP into a credential issuer - Protocol is credential/presentation format agnostic - Issuer has screen control and can directly interact with the user (e.g. for authentication, identity verification & consent) - Wallet can obtain credential on demand while processing a presentation request (inline issuance) - Supports Batch Issuance and Credential Refresh - Supports deferred issuance, not only “synchronous” Present Credentials (Key Features)
- Specification adopted by the working group - https://openid.net/specs/openid-connect-4-verifiable-credential-issuance-1_0.html - Planned and ongoing implementations: - Microsoft - IDunion - walt.id & yes.com & BCDiploma (eSSIF-Lab) - Sphereon - Talao.io - Convergence.Tech Present Credentials (Status)
Demo Credential Presentation
Using OIDC4SSI as an authentication protocol to present and issue credentials allows implementers to choose a combination of DID methods, credential formats and other components of the SSI tech stack. OIDC4SSI allows variety of choices in the SSI tech stack SSI Tech Stack component Implementer’s choices when using OIDC4SSI as a protocol Identifiers Any DID method - user’s identifier can also be a JWK Thumbprint (`sub` in the ID Token) - verifier’s identifier can also be a unique string (`client_id` in the request) Credential Format Any credential format (AnonCreds, LDP-VC, JWT-VC, ISO mDL, etc.) Revocation Any mechanism (Status List 2021, etc.) additional trust mechanisms Any mechanism (.well-known DID configuration, etc.) Cryptography Any cryptosuite (EdDSA, ES256K, etc.)
Q&A

Recommandé

How to Build Interoperable Decentralized Identity Systems with OpenID for Ver...
How to Build Interoperable Decentralized Identity Systems with OpenID for Ver...How to Build Interoperable Decentralized Identity Systems with OpenID for Ver...
How to Build Interoperable Decentralized Identity Systems with OpenID for Ver...Torsten Lodderstedt
 
OpenID for Verifiable Credentials @ IIW 36
OpenID for Verifiable Credentials @ IIW 36OpenID for Verifiable Credentials @ IIW 36
OpenID for Verifiable Credentials @ IIW 36Torsten Lodderstedt
 
OpenID Connect 4 SSI
OpenID Connect 4 SSIOpenID Connect 4 SSI
OpenID Connect 4 SSITorsten Lodderstedt
 
OpenID for Verifiable Credentials
OpenID for Verifiable CredentialsOpenID for Verifiable Credentials
OpenID for Verifiable CredentialsTorsten Lodderstedt
 
How to Build Interoperable Decentralized Identity Systems with OpenID for Ver...
How to Build Interoperable Decentralized Identity Systems with OpenID for Ver...How to Build Interoperable Decentralized Identity Systems with OpenID for Ver...
How to Build Interoperable Decentralized Identity Systems with OpenID for Ver...Torsten Lodderstedt
 
OpenID Connect 4 SSI (at EIC 2021)
OpenID Connect 4 SSI (at EIC 2021)OpenID Connect 4 SSI (at EIC 2021)
OpenID Connect 4 SSI (at EIC 2021)Torsten Lodderstedt
 
OpenID for SSI
OpenID for SSIOpenID for SSI
OpenID for SSITorsten Lodderstedt
 
OpenID for Verifiable Credentials
OpenID for Verifiable CredentialsOpenID for Verifiable Credentials
OpenID for Verifiable CredentialsTorsten Lodderstedt
 

Recommandé

How to Build Interoperable Decentralized Identity Systems with OpenID for Ver...
How to Build Interoperable Decentralized Identity Systems with OpenID for Ver...How to Build Interoperable Decentralized Identity Systems with OpenID for Ver...
How to Build Interoperable Decentralized Identity Systems with OpenID for Ver...Torsten Lodderstedt
 
OpenID for Verifiable Credentials @ IIW 36
OpenID for Verifiable Credentials @ IIW 36OpenID for Verifiable Credentials @ IIW 36
OpenID for Verifiable Credentials @ IIW 36Torsten Lodderstedt
 
OpenID Connect 4 SSI
OpenID Connect 4 SSIOpenID Connect 4 SSI
OpenID Connect 4 SSITorsten Lodderstedt
 
OpenID for Verifiable Credentials
OpenID for Verifiable CredentialsOpenID for Verifiable Credentials
OpenID for Verifiable CredentialsTorsten Lodderstedt
 
How to Build Interoperable Decentralized Identity Systems with OpenID for Ver...
How to Build Interoperable Decentralized Identity Systems with OpenID for Ver...How to Build Interoperable Decentralized Identity Systems with OpenID for Ver...
How to Build Interoperable Decentralized Identity Systems with OpenID for Ver...Torsten Lodderstedt
 
OpenID Connect 4 SSI (at EIC 2021)
OpenID Connect 4 SSI (at EIC 2021)OpenID Connect 4 SSI (at EIC 2021)
OpenID Connect 4 SSI (at EIC 2021)Torsten Lodderstedt
 
OpenID for SSI
OpenID for SSIOpenID for SSI
OpenID for SSITorsten Lodderstedt
 
OpenID for Verifiable Credentials
OpenID for Verifiable CredentialsOpenID for Verifiable Credentials
OpenID for Verifiable CredentialsTorsten Lodderstedt
 
OpenID 4 Verifiable Credentials + HAIP (Update)
OpenID 4 Verifiable Credentials + HAIP (Update)OpenID 4 Verifiable Credentials + HAIP (Update)
OpenID 4 Verifiable Credentials + HAIP (Update)Torsten Lodderstedt
 
OIDC4VP for AB/C WG
OIDC4VP for AB/C WGOIDC4VP for AB/C WG
OIDC4VP for AB/C WGTorsten Lodderstedt
 
OpenID for Verifiable Credentials (IIW 35)
OpenID for Verifiable Credentials (IIW 35)OpenID for Verifiable Credentials (IIW 35)
OpenID for Verifiable Credentials (IIW 35)Torsten Lodderstedt
 
FIDO2 & Microsoft
FIDO2 & MicrosoftFIDO2 & Microsoft
FIDO2 & MicrosoftFIDO Alliance
 
Verifiable Credentials in Self-Sovereign Identity (SSI)
Verifiable Credentials in Self-Sovereign Identity (SSI)Verifiable Credentials in Self-Sovereign Identity (SSI)
Verifiable Credentials in Self-Sovereign Identity (SSI)Evernym
 
Peer DIDs: a secure and scalable method for DIDs that’s entirely off-ledger –...
Peer DIDs: a secure and scalable method for DIDs that’s entirely off-ledger –...Peer DIDs: a secure and scalable method for DIDs that’s entirely off-ledger –...
Peer DIDs: a secure and scalable method for DIDs that’s entirely off-ledger –...SSIMeetup
 
Verifiable Credentials, Self Sovereign Identity and DLTs
Verifiable Credentials, Self Sovereign Identity and DLTs Verifiable Credentials, Self Sovereign Identity and DLTs
Verifiable Credentials, Self Sovereign Identity and DLTs Vasiliy Suvorov
 
MicrosoftのDID/VC実装概要
MicrosoftのDID/VC実装概要MicrosoftのDID/VC実装概要
MicrosoftのDID/VC実装概要Naohiro Fujie
 
EUDI wallets with OpenID for verifiable credentials (OID4VCI/OID4VP)
EUDI wallets with OpenID for verifiable credentials (OID4VCI/OID4VP)EUDI wallets with OpenID for verifiable credentials (OID4VCI/OID4VP)
EUDI wallets with OpenID for verifiable credentials (OID4VCI/OID4VP)Lal Chandran
 
次世代 KYC に関する検討状況 - OpenID BizDay #15
次世代 KYC に関する検討状況 - OpenID BizDay #15次世代 KYC に関する検討状況 - OpenID BizDay #15
次世代 KYC に関する検討状況 - OpenID BizDay #15OpenID Foundation Japan
 
S13_レガシー ID 管理者でも分かる Verifiable Credentials のセッション [Microsoft Japan Digital D...
S13_レガシー ID 管理者でも分かる Verifiable Credentials のセッション [Microsoft Japan Digital D...S13_レガシー ID 管理者でも分かる Verifiable Credentials のセッション [Microsoft Japan Digital D...
S13_レガシー ID 管理者でも分かる Verifiable Credentials のセッション [Microsoft Japan Digital D...日本マイクロソフト株式会社
 
FIDO Authentication: Unphishable MFA for All
FIDO Authentication: Unphishable MFA for AllFIDO Authentication: Unphishable MFA for All
FIDO Authentication: Unphishable MFA for AllFIDO Alliance
 
IDA,VC,DID関連仕様 最新情報 - OpenID BizDay #15
IDA,VC,DID関連仕様 最新情報 - OpenID BizDay #15IDA,VC,DID関連仕様 最新情報 - OpenID BizDay #15
IDA,VC,DID関連仕様 最新情報 - OpenID BizDay #15OpenID Foundation Japan
 
Identity Assurance with OpenID Connect
Identity Assurance with OpenID ConnectIdentity Assurance with OpenID Connect
Identity Assurance with OpenID ConnectTorsten Lodderstedt
 
Verifiable Credentials for Travel & Hospitality
Verifiable Credentials for Travel & HospitalityVerifiable Credentials for Travel & Hospitality
Verifiable Credentials for Travel & HospitalityEvernym
 
FIDO2 ~ パスワードのいらない世界へ
FIDO2 ~ パスワードのいらない世界へFIDO2 ~ パスワードのいらない世界へ
FIDO2 ~ パスワードのいらない世界へFIDO Alliance
 
The Shift from Federated to Decentralized Identity
The Shift from Federated to Decentralized IdentityThe Shift from Federated to Decentralized Identity
The Shift from Federated to Decentralized IdentityEvernym
 
Self-issued OpenID Provider_OpenID Foundation Virtual Workshop
Self-issued OpenID Provider_OpenID Foundation Virtual Workshop Self-issued OpenID Provider_OpenID Foundation Virtual Workshop
Self-issued OpenID Provider_OpenID Foundation Virtual Workshop Kristina Yasuda
 
Azure AD B2CにIdPを色々と繋いでみる
Azure AD B2CにIdPを色々と繋いでみるAzure AD B2CにIdPを色々と繋いでみる
Azure AD B2CにIdPを色々と繋いでみるNaohiro Fujie
 
Verifiable Credentials_Kristina_Identiverse2022_vFIN.pdf
Verifiable Credentials_Kristina_Identiverse2022_vFIN.pdfVerifiable Credentials_Kristina_Identiverse2022_vFIN.pdf
Verifiable Credentials_Kristina_Identiverse2022_vFIN.pdfKristina Yasuda
 
How to Build Interoperable Decentralized Identity Systems with OpenID for Ver...
How to Build Interoperable Decentralized Identity Systems with OpenID for Ver...How to Build Interoperable Decentralized Identity Systems with OpenID for Ver...
How to Build Interoperable Decentralized Identity Systems with OpenID for Ver...Torsten Lodderstedt
 
apidays LIVE India 2022_Standardizing Biometric Device Integration for Identi...
apidays LIVE India 2022_Standardizing Biometric Device Integration for Identi...apidays LIVE India 2022_Standardizing Biometric Device Integration for Identi...
apidays LIVE India 2022_Standardizing Biometric Device Integration for Identi...apidays
 

Contenu connexe

Tendances

OpenID 4 Verifiable Credentials + HAIP (Update)
OpenID 4 Verifiable Credentials + HAIP (Update)OpenID 4 Verifiable Credentials + HAIP (Update)
OpenID 4 Verifiable Credentials + HAIP (Update)Torsten Lodderstedt
 
OpenID for Verifiable Credentials (IIW 35)
OpenID for Verifiable Credentials (IIW 35)OpenID for Verifiable Credentials (IIW 35)
OpenID for Verifiable Credentials (IIW 35)Torsten Lodderstedt
 
Verifiable Credentials in Self-Sovereign Identity (SSI)
Verifiable Credentials in Self-Sovereign Identity (SSI)Verifiable Credentials in Self-Sovereign Identity (SSI)
Verifiable Credentials in Self-Sovereign Identity (SSI)Evernym
 
Peer DIDs: a secure and scalable method for DIDs that’s entirely off-ledger –...
Peer DIDs: a secure and scalable method for DIDs that’s entirely off-ledger –...Peer DIDs: a secure and scalable method for DIDs that’s entirely off-ledger –...
Peer DIDs: a secure and scalable method for DIDs that’s entirely off-ledger –...SSIMeetup
 
Verifiable Credentials, Self Sovereign Identity and DLTs
Verifiable Credentials, Self Sovereign Identity and DLTs Verifiable Credentials, Self Sovereign Identity and DLTs
Verifiable Credentials, Self Sovereign Identity and DLTs Vasiliy Suvorov
 
MicrosoftのDID/VC実装概要
MicrosoftのDID/VC実装概要MicrosoftのDID/VC実装概要
MicrosoftのDID/VC実装概要Naohiro Fujie
 
EUDI wallets with OpenID for verifiable credentials (OID4VCI/OID4VP)
EUDI wallets with OpenID for verifiable credentials (OID4VCI/OID4VP)EUDI wallets with OpenID for verifiable credentials (OID4VCI/OID4VP)
EUDI wallets with OpenID for verifiable credentials (OID4VCI/OID4VP)Lal Chandran
 
次世代 KYC に関する検討状況 - OpenID BizDay #15
次世代 KYC に関する検討状況 - OpenID BizDay #15次世代 KYC に関する検討状況 - OpenID BizDay #15
次世代 KYC に関する検討状況 - OpenID BizDay #15OpenID Foundation Japan
 
S13_レガシー ID 管理者でも分かる Verifiable Credentials のセッション [Microsoft Japan Digital D...
S13_レガシー ID 管理者でも分かる Verifiable Credentials のセッション [Microsoft Japan Digital D...S13_レガシー ID 管理者でも分かる Verifiable Credentials のセッション [Microsoft Japan Digital D...
S13_レガシー ID 管理者でも分かる Verifiable Credentials のセッション [Microsoft Japan Digital D...日本マイクロソフト株式会社
 
FIDO Authentication: Unphishable MFA for All
FIDO Authentication: Unphishable MFA for AllFIDO Authentication: Unphishable MFA for All
FIDO Authentication: Unphishable MFA for AllFIDO Alliance
 
IDA,VC,DID関連仕様 最新情報 - OpenID BizDay #15
IDA,VC,DID関連仕様 最新情報 - OpenID BizDay #15IDA,VC,DID関連仕様 最新情報 - OpenID BizDay #15
IDA,VC,DID関連仕様 最新情報 - OpenID BizDay #15OpenID Foundation Japan
 
Identity Assurance with OpenID Connect
Identity Assurance with OpenID ConnectIdentity Assurance with OpenID Connect
Identity Assurance with OpenID ConnectTorsten Lodderstedt
 
Verifiable Credentials for Travel & Hospitality
Verifiable Credentials for Travel & HospitalityVerifiable Credentials for Travel & Hospitality
Verifiable Credentials for Travel & HospitalityEvernym
 
FIDO2 ~ パスワードのいらない世界へ
FIDO2 ~ パスワードのいらない世界へFIDO2 ~ パスワードのいらない世界へ
FIDO2 ~ パスワードのいらない世界へFIDO Alliance
 
The Shift from Federated to Decentralized Identity
The Shift from Federated to Decentralized IdentityThe Shift from Federated to Decentralized Identity
The Shift from Federated to Decentralized IdentityEvernym
 
Self-issued OpenID Provider_OpenID Foundation Virtual Workshop
Self-issued OpenID Provider_OpenID Foundation Virtual Workshop Self-issued OpenID Provider_OpenID Foundation Virtual Workshop
Self-issued OpenID Provider_OpenID Foundation Virtual Workshop Kristina Yasuda
 
Azure AD B2CにIdPを色々と繋いでみる
Azure AD B2CにIdPを色々と繋いでみるAzure AD B2CにIdPを色々と繋いでみる
Azure AD B2CにIdPを色々と繋いでみるNaohiro Fujie
 
Verifiable Credentials_Kristina_Identiverse2022_vFIN.pdf
Verifiable Credentials_Kristina_Identiverse2022_vFIN.pdfVerifiable Credentials_Kristina_Identiverse2022_vFIN.pdf
Verifiable Credentials_Kristina_Identiverse2022_vFIN.pdfKristina Yasuda
 

Tendances (20)

OpenID 4 Verifiable Credentials + HAIP (Update)
OpenID 4 Verifiable Credentials + HAIP (Update)OpenID 4 Verifiable Credentials + HAIP (Update)
OpenID 4 Verifiable Credentials + HAIP (Update)
 
OIDC4VP for AB/C WG
OIDC4VP for AB/C WGOIDC4VP for AB/C WG
OIDC4VP for AB/C WG
 
OpenID for Verifiable Credentials (IIW 35)
OpenID for Verifiable Credentials (IIW 35)OpenID for Verifiable Credentials (IIW 35)
OpenID for Verifiable Credentials (IIW 35)
 
FIDO2 & Microsoft
FIDO2 & MicrosoftFIDO2 & Microsoft
FIDO2 & Microsoft
 
Verifiable Credentials in Self-Sovereign Identity (SSI)
Verifiable Credentials in Self-Sovereign Identity (SSI)Verifiable Credentials in Self-Sovereign Identity (SSI)
Verifiable Credentials in Self-Sovereign Identity (SSI)
 
Peer DIDs: a secure and scalable method for DIDs that’s entirely off-ledger –...
Peer DIDs: a secure and scalable method for DIDs that’s entirely off-ledger –...Peer DIDs: a secure and scalable method for DIDs that’s entirely off-ledger –...
Peer DIDs: a secure and scalable method for DIDs that’s entirely off-ledger –...
 
Verifiable Credentials, Self Sovereign Identity and DLTs
Verifiable Credentials, Self Sovereign Identity and DLTs Verifiable Credentials, Self Sovereign Identity and DLTs
Verifiable Credentials, Self Sovereign Identity and DLTs
 
MicrosoftのDID/VC実装概要
MicrosoftのDID/VC実装概要MicrosoftのDID/VC実装概要
MicrosoftのDID/VC実装概要
 
EUDI wallets with OpenID for verifiable credentials (OID4VCI/OID4VP)
EUDI wallets with OpenID for verifiable credentials (OID4VCI/OID4VP)EUDI wallets with OpenID for verifiable credentials (OID4VCI/OID4VP)
EUDI wallets with OpenID for verifiable credentials (OID4VCI/OID4VP)
 
次世代 KYC に関する検討状況 - OpenID BizDay #15
次世代 KYC に関する検討状況 - OpenID BizDay #15次世代 KYC に関する検討状況 - OpenID BizDay #15
次世代 KYC に関する検討状況 - OpenID BizDay #15
 
S13_レガシー ID 管理者でも分かる Verifiable Credentials のセッション [Microsoft Japan Digital D...
S13_レガシー ID 管理者でも分かる Verifiable Credentials のセッション [Microsoft Japan Digital D...S13_レガシー ID 管理者でも分かる Verifiable Credentials のセッション [Microsoft Japan Digital D...
S13_レガシー ID 管理者でも分かる Verifiable Credentials のセッション [Microsoft Japan Digital D...
 
FIDO Authentication: Unphishable MFA for All
FIDO Authentication: Unphishable MFA for AllFIDO Authentication: Unphishable MFA for All
FIDO Authentication: Unphishable MFA for All
 
IDA,VC,DID関連仕様 最新情報 - OpenID BizDay #15
IDA,VC,DID関連仕様 最新情報 - OpenID BizDay #15IDA,VC,DID関連仕様 最新情報 - OpenID BizDay #15
IDA,VC,DID関連仕様 最新情報 - OpenID BizDay #15
 
Identity Assurance with OpenID Connect
Identity Assurance with OpenID ConnectIdentity Assurance with OpenID Connect
Identity Assurance with OpenID Connect
 
Verifiable Credentials for Travel & Hospitality
Verifiable Credentials for Travel & HospitalityVerifiable Credentials for Travel & Hospitality
Verifiable Credentials for Travel & Hospitality
 
FIDO2 ~ パスワードのいらない世界へ
FIDO2 ~ パスワードのいらない世界へFIDO2 ~ パスワードのいらない世界へ
FIDO2 ~ パスワードのいらない世界へ
 
The Shift from Federated to Decentralized Identity
The Shift from Federated to Decentralized IdentityThe Shift from Federated to Decentralized Identity
The Shift from Federated to Decentralized Identity
 
Self-issued OpenID Provider_OpenID Foundation Virtual Workshop
Self-issued OpenID Provider_OpenID Foundation Virtual Workshop Self-issued OpenID Provider_OpenID Foundation Virtual Workshop
Self-issued OpenID Provider_OpenID Foundation Virtual Workshop
 
Azure AD B2CにIdPを色々と繋いでみる
Azure AD B2CにIdPを色々と繋いでみるAzure AD B2CにIdPを色々と繋いでみる
Azure AD B2CにIdPを色々と繋いでみる
 
Verifiable Credentials_Kristina_Identiverse2022_vFIN.pdf
Verifiable Credentials_Kristina_Identiverse2022_vFIN.pdfVerifiable Credentials_Kristina_Identiverse2022_vFIN.pdf
Verifiable Credentials_Kristina_Identiverse2022_vFIN.pdf
 

Similaire à OpenID Connect 4 SSI (DIFCon F2F)

How to Build Interoperable Decentralized Identity Systems with OpenID for Ver...
How to Build Interoperable Decentralized Identity Systems with OpenID for Ver...How to Build Interoperable Decentralized Identity Systems with OpenID for Ver...
How to Build Interoperable Decentralized Identity Systems with OpenID for Ver...Torsten Lodderstedt
 
apidays LIVE India 2022_Standardizing Biometric Device Integration for Identi...
apidays LIVE India 2022_Standardizing Biometric Device Integration for Identi...apidays LIVE India 2022_Standardizing Biometric Device Integration for Identi...
apidays LIVE India 2022_Standardizing Biometric Device Integration for Identi...apidays
 
Hyperledger Indy tutorial
Hyperledger Indy tutorialHyperledger Indy tutorial
Hyperledger Indy tutorialssuser3993f3
 
Introduction to Self Sovereign Identity
Introduction to Self Sovereign IdentityIntroduction to Self Sovereign Identity
Introduction to Self Sovereign IdentityHeather Vescent
 
Cordacon 2018 - Cordentity - Hyperledger Indy + Corda
Cordacon 2018 - Cordentity - Hyperledger Indy + CordaCordacon 2018 - Cordentity - Hyperledger Indy + Corda
Cordacon 2018 - Cordentity - Hyperledger Indy + CordaVasiliy Suvorov
 
DevDay: Extending CorDapps with Self-Sovereign Identity: Technology Deepdive ...
DevDay: Extending CorDapps with Self-Sovereign Identity: Technology Deepdive ...DevDay: Extending CorDapps with Self-Sovereign Identity: Technology Deepdive ...
DevDay: Extending CorDapps with Self-Sovereign Identity: Technology Deepdive ...R3
 
Despite both sides having different benefits and tradeoffs, DeFi and CeFi are...
Despite both sides having different benefits and tradeoffs, DeFi and CeFi are...Despite both sides having different benefits and tradeoffs, DeFi and CeFi are...
Despite both sides having different benefits and tradeoffs, DeFi and CeFi are...VijayBhosale49
 
Mobile Cloud Identity
Mobile Cloud IdentityMobile Cloud Identity
Mobile Cloud IdentityMark Diodati
 
2016 pycontw web api authentication
2016 pycontw web api authentication 2016 pycontw web api authentication
2016 pycontw web api authentication Micron Technology
 
Exploring Advanced Authentication Methods in Novell Access Manager
Exploring Advanced Authentication Methods in Novell Access ManagerExploring Advanced Authentication Methods in Novell Access Manager
Exploring Advanced Authentication Methods in Novell Access ManagerNovell
 
Decentralised Trust, Jean-Michel Crom, Orange Labs
Decentralised Trust, Jean-Michel Crom, Orange LabsDecentralised Trust, Jean-Michel Crom, Orange Labs
Decentralised Trust, Jean-Michel Crom, Orange LabsAlan Quayle
 
FIWARE Training: API Umbrella
FIWARE Training: API UmbrellaFIWARE Training: API Umbrella
FIWARE Training: API UmbrellaFIWARE
 
OSCON 2018 Getting Started with Hyperledger Indy
OSCON 2018 Getting Started with Hyperledger IndyOSCON 2018 Getting Started with Hyperledger Indy
OSCON 2018 Getting Started with Hyperledger IndyTracy Kuhrt
 
AllTheTalks.Online 2020: "Basics of OAuth 2.0 and OpenID Connect"
AllTheTalks.Online 2020: "Basics of OAuth 2.0 and OpenID Connect"AllTheTalks.Online 2020: "Basics of OAuth 2.0 and OpenID Connect"
AllTheTalks.Online 2020: "Basics of OAuth 2.0 and OpenID Connect"Andreas Falk
 
FIWARE Primer - Learn FIWARE in 60 Minutes
FIWARE Primer - Learn FIWARE in 60 MinutesFIWARE Primer - Learn FIWARE in 60 Minutes
FIWARE Primer - Learn FIWARE in 60 MinutesFederico Michele Facca
 
Federico Michele Facca - FIWARE Primer - Learn FIWARE in 60 Minutes
Federico Michele Facca - FIWARE Primer - Learn FIWARE in 60 MinutesFederico Michele Facca - FIWARE Primer - Learn FIWARE in 60 Minutes
Federico Michele Facca - FIWARE Primer - Learn FIWARE in 60 MinutesCodemotion
 
TDC2018SP | Trilha Mobile - Case VC+: Como tornar seguro um aplicativo mobile...
TDC2018SP | Trilha Mobile - Case VC+: Como tornar seguro um aplicativo mobile...TDC2018SP | Trilha Mobile - Case VC+: Como tornar seguro um aplicativo mobile...
TDC2018SP | Trilha Mobile - Case VC+: Como tornar seguro um aplicativo mobile...tdc-globalcode
 
Case VC+: Como tornar seguro um aplicativo mobile payment sem penalizar a exp...
Case VC+: Como tornar seguro um aplicativo mobile payment sem penalizar a exp...Case VC+: Como tornar seguro um aplicativo mobile payment sem penalizar a exp...
Case VC+: Como tornar seguro um aplicativo mobile payment sem penalizar a exp...Márcio Rosa
 

Similaire à OpenID Connect 4 SSI (DIFCon F2F) (20)

How to Build Interoperable Decentralized Identity Systems with OpenID for Ver...
How to Build Interoperable Decentralized Identity Systems with OpenID for Ver...How to Build Interoperable Decentralized Identity Systems with OpenID for Ver...
How to Build Interoperable Decentralized Identity Systems with OpenID for Ver...
 
apidays LIVE India 2022_Standardizing Biometric Device Integration for Identi...
apidays LIVE India 2022_Standardizing Biometric Device Integration for Identi...apidays LIVE India 2022_Standardizing Biometric Device Integration for Identi...
apidays LIVE India 2022_Standardizing Biometric Device Integration for Identi...
 
Decentralized Identifiers
Decentralized IdentifiersDecentralized Identifiers
Decentralized Identifiers
 
Hyperledger Indy tutorial
Hyperledger Indy tutorialHyperledger Indy tutorial
Hyperledger Indy tutorial
 
Introduction to Self Sovereign Identity
Introduction to Self Sovereign IdentityIntroduction to Self Sovereign Identity
Introduction to Self Sovereign Identity
 
Cordacon 2018 - Cordentity - Hyperledger Indy + Corda
Cordacon 2018 - Cordentity - Hyperledger Indy + CordaCordacon 2018 - Cordentity - Hyperledger Indy + Corda
Cordacon 2018 - Cordentity - Hyperledger Indy + Corda
 
DevDay: Extending CorDapps with Self-Sovereign Identity: Technology Deepdive ...
DevDay: Extending CorDapps with Self-Sovereign Identity: Technology Deepdive ...DevDay: Extending CorDapps with Self-Sovereign Identity: Technology Deepdive ...
DevDay: Extending CorDapps with Self-Sovereign Identity: Technology Deepdive ...
 
OpenID Connect Explained
OpenID Connect ExplainedOpenID Connect Explained
OpenID Connect Explained
 
Despite both sides having different benefits and tradeoffs, DeFi and CeFi are...
Despite both sides having different benefits and tradeoffs, DeFi and CeFi are...Despite both sides having different benefits and tradeoffs, DeFi and CeFi are...
Despite both sides having different benefits and tradeoffs, DeFi and CeFi are...
 
Mobile Cloud Identity
Mobile Cloud IdentityMobile Cloud Identity
Mobile Cloud Identity
 
2016 pycontw web api authentication
2016 pycontw web api authentication 2016 pycontw web api authentication
2016 pycontw web api authentication
 
Exploring Advanced Authentication Methods in Novell Access Manager
Exploring Advanced Authentication Methods in Novell Access ManagerExploring Advanced Authentication Methods in Novell Access Manager
Exploring Advanced Authentication Methods in Novell Access Manager
 
Decentralised Trust, Jean-Michel Crom, Orange Labs
Decentralised Trust, Jean-Michel Crom, Orange LabsDecentralised Trust, Jean-Michel Crom, Orange Labs
Decentralised Trust, Jean-Michel Crom, Orange Labs
 
FIWARE Training: API Umbrella
FIWARE Training: API UmbrellaFIWARE Training: API Umbrella
FIWARE Training: API Umbrella
 
OSCON 2018 Getting Started with Hyperledger Indy
OSCON 2018 Getting Started with Hyperledger IndyOSCON 2018 Getting Started with Hyperledger Indy
OSCON 2018 Getting Started with Hyperledger Indy
 
AllTheTalks.Online 2020: "Basics of OAuth 2.0 and OpenID Connect"
AllTheTalks.Online 2020: "Basics of OAuth 2.0 and OpenID Connect"AllTheTalks.Online 2020: "Basics of OAuth 2.0 and OpenID Connect"
AllTheTalks.Online 2020: "Basics of OAuth 2.0 and OpenID Connect"
 
FIWARE Primer - Learn FIWARE in 60 Minutes
FIWARE Primer - Learn FIWARE in 60 MinutesFIWARE Primer - Learn FIWARE in 60 Minutes
FIWARE Primer - Learn FIWARE in 60 Minutes
 
Federico Michele Facca - FIWARE Primer - Learn FIWARE in 60 Minutes
Federico Michele Facca - FIWARE Primer - Learn FIWARE in 60 MinutesFederico Michele Facca - FIWARE Primer - Learn FIWARE in 60 Minutes
Federico Michele Facca - FIWARE Primer - Learn FIWARE in 60 Minutes
 
TDC2018SP | Trilha Mobile - Case VC+: Como tornar seguro um aplicativo mobile...
TDC2018SP | Trilha Mobile - Case VC+: Como tornar seguro um aplicativo mobile...TDC2018SP | Trilha Mobile - Case VC+: Como tornar seguro um aplicativo mobile...
TDC2018SP | Trilha Mobile - Case VC+: Como tornar seguro um aplicativo mobile...
 
Case VC+: Como tornar seguro um aplicativo mobile payment sem penalizar a exp...
Case VC+: Como tornar seguro um aplicativo mobile payment sem penalizar a exp...Case VC+: Como tornar seguro um aplicativo mobile payment sem penalizar a exp...
Case VC+: Como tornar seguro um aplicativo mobile payment sem penalizar a exp...
 

Plus de Torsten Lodderstedt

The European Union goes Decentralized
The European Union goes DecentralizedThe European Union goes Decentralized
The European Union goes DecentralizedTorsten Lodderstedt
 
Comprehensive overview FAPI 1 and FAPI 2
Comprehensive overview FAPI 1 and FAPI 2Comprehensive overview FAPI 1 and FAPI 2
Comprehensive overview FAPI 1 and FAPI 2Torsten Lodderstedt
 
Comprehensive overview FAPI 1 and 2
Comprehensive overview FAPI 1 and 2Comprehensive overview FAPI 1 and 2
Comprehensive overview FAPI 1 and 2Torsten Lodderstedt
 
OpenID Connect 4 Identity Assurance at IIW #32
OpenID Connect 4 Identity Assurance at IIW #32OpenID Connect 4 Identity Assurance at IIW #32
OpenID Connect 4 Identity Assurance at IIW #32Torsten Lodderstedt
 
OpenID Connect for W3C Verifiable Credential Objects
OpenID Connect for W3C Verifiable Credential ObjectsOpenID Connect for W3C Verifiable Credential Objects
OpenID Connect for W3C Verifiable Credential ObjectsTorsten Lodderstedt
 
NextGenPSD2 OAuth SCA Mode Security Recommendations
NextGenPSD2 OAuth SCA Mode Security RecommendationsNextGenPSD2 OAuth SCA Mode Security Recommendations
NextGenPSD2 OAuth SCA Mode Security RecommendationsTorsten Lodderstedt
 
OpenID Connect for Identity Assurance
OpenID Connect for Identity AssuranceOpenID Connect for Identity Assurance
OpenID Connect for Identity AssuranceTorsten Lodderstedt
 
NextGenPSD2 OAuth SCA Mode Security Recommendations
NextGenPSD2 OAuth SCA Mode Security Recommendations NextGenPSD2 OAuth SCA Mode Security Recommendations
NextGenPSD2 OAuth SCA Mode Security Recommendations Torsten Lodderstedt
 
Identiverse: PSD2, Open Banking, and Technical Interoperability
Identiverse: PSD2, Open Banking, and Technical InteroperabilityIdentiverse: PSD2, Open Banking, and Technical Interoperability
Identiverse: PSD2, Open Banking, and Technical InteroperabilityTorsten Lodderstedt
 
Identity Proofing with OpenID Connect
Identity Proofing with OpenID ConnectIdentity Proofing with OpenID Connect
Identity Proofing with OpenID ConnectTorsten Lodderstedt
 

Plus de Torsten Lodderstedt (15)

The European Union goes Decentralized
The European Union goes DecentralizedThe European Union goes Decentralized
The European Union goes Decentralized
 
GAIN Presentation.pptx
GAIN Presentation.pptxGAIN Presentation.pptx
GAIN Presentation.pptx
 
Comprehensive overview FAPI 1 and FAPI 2
Comprehensive overview FAPI 1 and FAPI 2Comprehensive overview FAPI 1 and FAPI 2
Comprehensive overview FAPI 1 and FAPI 2
 
Comprehensive overview FAPI 1 and 2
Comprehensive overview FAPI 1 and 2Comprehensive overview FAPI 1 and 2
Comprehensive overview FAPI 1 and 2
 
OpenID Connect 4 Identity Assurance at IIW #32
OpenID Connect 4 Identity Assurance at IIW #32OpenID Connect 4 Identity Assurance at IIW #32
OpenID Connect 4 Identity Assurance at IIW #32
 
OpenID Connect for W3C Verifiable Credential Objects
OpenID Connect for W3C Verifiable Credential ObjectsOpenID Connect for W3C Verifiable Credential Objects
OpenID Connect for W3C Verifiable Credential Objects
 
NextGenPSD2 OAuth SCA Mode Security Recommendations
NextGenPSD2 OAuth SCA Mode Security RecommendationsNextGenPSD2 OAuth SCA Mode Security Recommendations
NextGenPSD2 OAuth SCA Mode Security Recommendations
 
Rich Authorization Requests
Rich Authorization RequestsRich Authorization Requests
Rich Authorization Requests
 
Pushed Authorization Requests
Pushed Authorization RequestsPushed Authorization Requests
Pushed Authorization Requests
 
OpenID Connect for Identity Assurance
OpenID Connect for Identity AssuranceOpenID Connect for Identity Assurance
OpenID Connect for Identity Assurance
 
NextGenPSD2 OAuth SCA Mode Security Recommendations
NextGenPSD2 OAuth SCA Mode Security Recommendations NextGenPSD2 OAuth SCA Mode Security Recommendations
NextGenPSD2 OAuth SCA Mode Security Recommendations
 
Identiverse: PSD2, Open Banking, and Technical Interoperability
Identiverse: PSD2, Open Banking, and Technical InteroperabilityIdentiverse: PSD2, Open Banking, and Technical Interoperability
Identiverse: PSD2, Open Banking, and Technical Interoperability
 
OAuth 2.0 Security Reinforced
OAuth 2.0 Security ReinforcedOAuth 2.0 Security Reinforced
OAuth 2.0 Security Reinforced
 
OAuth Security 4 Dummies iiw#27
OAuth Security 4 Dummies iiw#27OAuth Security 4 Dummies iiw#27
OAuth Security 4 Dummies iiw#27
 
Identity Proofing with OpenID Connect
Identity Proofing with OpenID ConnectIdentity Proofing with OpenID Connect
Identity Proofing with OpenID Connect
 

Dernier

一比一定制(Temasek毕业证书)新加坡淡马锡理工学院毕业证学位证书
一比一定制(Temasek毕业证书)新加坡淡马锡理工学院毕业证学位证书一比一定制(Temasek毕业证书)新加坡淡马锡理工学院毕业证学位证书
一比一定制(Temasek毕业证书)新加坡淡马锡理工学院毕业证学位证书B
 
Thank You Luv I’ll Never Walk Alone Again T shirts
Thank You Luv I’ll Never Walk Alone Again T shirtsThank You Luv I’ll Never Walk Alone Again T shirts
Thank You Luv I’ll Never Walk Alone Again T shirtsrahman018755
 
一比一原版(Wintec毕业证书)新西兰怀卡托理工学院毕业证原件一模一样
一比一原版(Wintec毕业证书)新西兰怀卡托理工学院毕业证原件一模一样一比一原版(Wintec毕业证书)新西兰怀卡托理工学院毕业证原件一模一样
一比一原版(Wintec毕业证书)新西兰怀卡托理工学院毕业证原件一模一样AS
 
Free scottie t shirts Free scottie t shirts
Free scottie t shirts Free scottie t shirtsFree scottie t shirts Free scottie t shirts
Free scottie t shirts Free scottie t shirtsrahman018755
 
一比一原版(Soton毕业证书)南安普顿大学毕业证原件一模一样
一比一原版(Soton毕业证书)南安普顿大学毕业证原件一模一样一比一原版(Soton毕业证书)南安普顿大学毕业证原件一模一样
一比一原版(Soton毕业证书)南安普顿大学毕业证原件一模一样Fi
 
一比一原版(Design毕业证书)新加坡科技设计大学毕业证原件一模一样
一比一原版(Design毕业证书)新加坡科技设计大学毕业证原件一模一样一比一原版(Design毕业证书)新加坡科技设计大学毕业证原件一模一样
一比一原版(Design毕业证书)新加坡科技设计大学毕业证原件一模一样AS
 
原版定制英国赫瑞瓦特大学毕业证原件一模一样
原版定制英国赫瑞瓦特大学毕业证原件一模一样原版定制英国赫瑞瓦特大学毕业证原件一模一样
原版定制英国赫瑞瓦特大学毕业证原件一模一样AS
 
一比一原版(UWE毕业证书)西英格兰大学毕业证原件一模一样
一比一原版(UWE毕业证书)西英格兰大学毕业证原件一模一样一比一原版(UWE毕业证书)西英格兰大学毕业证原件一模一样
一比一原版(UWE毕业证书)西英格兰大学毕业证原件一模一样Fi
 
一比一定制(USC毕业证书)美国南加州大学毕业证学位证书
一比一定制(USC毕业证书)美国南加州大学毕业证学位证书一比一定制(USC毕业证书)美国南加州大学毕业证学位证书
一比一定制(USC毕业证书)美国南加州大学毕业证学位证书Fir
 
Free on Wednesdays T Shirts Free on Wednesdays Sweatshirts
Free on Wednesdays T Shirts Free on Wednesdays SweatshirtsFree on Wednesdays T Shirts Free on Wednesdays Sweatshirts
Free on Wednesdays T Shirts Free on Wednesdays Sweatshirtsrahman018755
 
原版定制(爱大毕业证书)英国爱丁堡大学毕业证原件一模一样
原版定制(爱大毕业证书)英国爱丁堡大学毕业证原件一模一样原版定制(爱大毕业证书)英国爱丁堡大学毕业证原件一模一样
原版定制(爱大毕业证书)英国爱丁堡大学毕业证原件一模一样gfhdsfr
 
100^%)( POLOKWANE))(*((+27838792658))*))௹ )Abortion Pills for Sale in Sibasa,...
100^%)( POLOKWANE))(*((+27838792658))*))௹ )Abortion Pills for Sale in Sibasa,...100^%)( POLOKWANE))(*((+27838792658))*))௹ )Abortion Pills for Sale in Sibasa,...
100^%)( POLOKWANE))(*((+27838792658))*))௹ )Abortion Pills for Sale in Sibasa,...musaddumba454
 
Registry Data Accuracy Improvements, presented by Chimi Dorji at SANOG 41 / I...
Registry Data Accuracy Improvements, presented by Chimi Dorji at SANOG 41 / I...Registry Data Accuracy Improvements, presented by Chimi Dorji at SANOG 41 / I...
Registry Data Accuracy Improvements, presented by Chimi Dorji at SANOG 41 / I...APNIC
 
一比一原版(Bath毕业证书)英国桑德兰大学毕业证如何办理
一比一原版(Bath毕业证书)英国桑德兰大学毕业证如何办理一比一原版(Bath毕业证书)英国桑德兰大学毕业证如何办理
一比一原版(Bath毕业证书)英国桑德兰大学毕业证如何办理B
 
原版定制(Management毕业证书)新加坡管理大学毕业证原件一模一样
原版定制(Management毕业证书)新加坡管理大学毕业证原件一模一样原版定制(Management毕业证书)新加坡管理大学毕业证原件一模一样
原版定制(Management毕业证书)新加坡管理大学毕业证原件一模一样asdafd
 
Reggie miller choke t shirtsReggie miller choke t shirts
Reggie miller choke t shirtsReggie miller choke t shirtsReggie miller choke t shirtsReggie miller choke t shirts
Reggie miller choke t shirtsReggie miller choke t shirtsrahman018755
 
🍑👄Dehradun Esℂorts Serviℂe☎️9315791090🍑👄 ℂall Girl serviℂe in ☎️Dehradun ℂall...
🍑👄Dehradun Esℂorts Serviℂe☎️9315791090🍑👄 ℂall Girl serviℂe in ☎️Dehradun ℂall...🍑👄Dehradun Esℂorts Serviℂe☎️9315791090🍑👄 ℂall Girl serviℂe in ☎️Dehradun ℂall...
🍑👄Dehradun Esℂorts Serviℂe☎️9315791090🍑👄 ℂall Girl serviℂe in ☎️Dehradun ℂall...Mumbai Escorts
 
一比一原版(Exon毕业证书)英国埃克塞特大学毕业证如何办理
一比一原版(Exon毕业证书)英国埃克塞特大学毕业证如何办理一比一原版(Exon毕业证书)英国埃克塞特大学毕业证如何办理
一比一原版(Exon毕业证书)英国埃克塞特大学毕业证如何办理gfhdsfr
 
Premier Mobile App Development Agency in USA.pdf
Premier Mobile App Development Agency in USA.pdfPremier Mobile App Development Agency in USA.pdf
Premier Mobile App Development Agency in USA.pdfappinfoedgeca
 

Dernier (20)

一比一定制(Temasek毕业证书)新加坡淡马锡理工学院毕业证学位证书
一比一定制(Temasek毕业证书)新加坡淡马锡理工学院毕业证学位证书一比一定制(Temasek毕业证书)新加坡淡马锡理工学院毕业证学位证书
一比一定制(Temasek毕业证书)新加坡淡马锡理工学院毕业证学位证书
 
Thank You Luv I’ll Never Walk Alone Again T shirts
Thank You Luv I’ll Never Walk Alone Again T shirtsThank You Luv I’ll Never Walk Alone Again T shirts
Thank You Luv I’ll Never Walk Alone Again T shirts
 
一比一原版(Wintec毕业证书)新西兰怀卡托理工学院毕业证原件一模一样
一比一原版(Wintec毕业证书)新西兰怀卡托理工学院毕业证原件一模一样一比一原版(Wintec毕业证书)新西兰怀卡托理工学院毕业证原件一模一样
一比一原版(Wintec毕业证书)新西兰怀卡托理工学院毕业证原件一模一样
 
Free scottie t shirts Free scottie t shirts
Free scottie t shirts Free scottie t shirtsFree scottie t shirts Free scottie t shirts
Free scottie t shirts Free scottie t shirts
 
GOOGLE Io 2024 At takes center stage.pdf
GOOGLE Io 2024 At takes center stage.pdfGOOGLE Io 2024 At takes center stage.pdf
GOOGLE Io 2024 At takes center stage.pdf
 
一比一原版(Soton毕业证书)南安普顿大学毕业证原件一模一样
一比一原版(Soton毕业证书)南安普顿大学毕业证原件一模一样一比一原版(Soton毕业证书)南安普顿大学毕业证原件一模一样
一比一原版(Soton毕业证书)南安普顿大学毕业证原件一模一样
 
一比一原版(Design毕业证书)新加坡科技设计大学毕业证原件一模一样
一比一原版(Design毕业证书)新加坡科技设计大学毕业证原件一模一样一比一原版(Design毕业证书)新加坡科技设计大学毕业证原件一模一样
一比一原版(Design毕业证书)新加坡科技设计大学毕业证原件一模一样
 
原版定制英国赫瑞瓦特大学毕业证原件一模一样
原版定制英国赫瑞瓦特大学毕业证原件一模一样原版定制英国赫瑞瓦特大学毕业证原件一模一样
原版定制英国赫瑞瓦特大学毕业证原件一模一样
 
一比一原版(UWE毕业证书)西英格兰大学毕业证原件一模一样
一比一原版(UWE毕业证书)西英格兰大学毕业证原件一模一样一比一原版(UWE毕业证书)西英格兰大学毕业证原件一模一样
一比一原版(UWE毕业证书)西英格兰大学毕业证原件一模一样
 
一比一定制(USC毕业证书)美国南加州大学毕业证学位证书
一比一定制(USC毕业证书)美国南加州大学毕业证学位证书一比一定制(USC毕业证书)美国南加州大学毕业证学位证书
一比一定制(USC毕业证书)美国南加州大学毕业证学位证书
 
Free on Wednesdays T Shirts Free on Wednesdays Sweatshirts
Free on Wednesdays T Shirts Free on Wednesdays SweatshirtsFree on Wednesdays T Shirts Free on Wednesdays Sweatshirts
Free on Wednesdays T Shirts Free on Wednesdays Sweatshirts
 
原版定制(爱大毕业证书)英国爱丁堡大学毕业证原件一模一样
原版定制(爱大毕业证书)英国爱丁堡大学毕业证原件一模一样原版定制(爱大毕业证书)英国爱丁堡大学毕业证原件一模一样
原版定制(爱大毕业证书)英国爱丁堡大学毕业证原件一模一样
 
100^%)( POLOKWANE))(*((+27838792658))*))௹ )Abortion Pills for Sale in Sibasa,...
100^%)( POLOKWANE))(*((+27838792658))*))௹ )Abortion Pills for Sale in Sibasa,...100^%)( POLOKWANE))(*((+27838792658))*))௹ )Abortion Pills for Sale in Sibasa,...
100^%)( POLOKWANE))(*((+27838792658))*))௹ )Abortion Pills for Sale in Sibasa,...
 
Registry Data Accuracy Improvements, presented by Chimi Dorji at SANOG 41 / I...
Registry Data Accuracy Improvements, presented by Chimi Dorji at SANOG 41 / I...Registry Data Accuracy Improvements, presented by Chimi Dorji at SANOG 41 / I...
Registry Data Accuracy Improvements, presented by Chimi Dorji at SANOG 41 / I...
 
一比一原版(Bath毕业证书)英国桑德兰大学毕业证如何办理
一比一原版(Bath毕业证书)英国桑德兰大学毕业证如何办理一比一原版(Bath毕业证书)英国桑德兰大学毕业证如何办理
一比一原版(Bath毕业证书)英国桑德兰大学毕业证如何办理
 
原版定制(Management毕业证书)新加坡管理大学毕业证原件一模一样
原版定制(Management毕业证书)新加坡管理大学毕业证原件一模一样原版定制(Management毕业证书)新加坡管理大学毕业证原件一模一样
原版定制(Management毕业证书)新加坡管理大学毕业证原件一模一样
 
Reggie miller choke t shirtsReggie miller choke t shirts
Reggie miller choke t shirtsReggie miller choke t shirtsReggie miller choke t shirtsReggie miller choke t shirts
Reggie miller choke t shirtsReggie miller choke t shirts
 
🍑👄Dehradun Esℂorts Serviℂe☎️9315791090🍑👄 ℂall Girl serviℂe in ☎️Dehradun ℂall...
🍑👄Dehradun Esℂorts Serviℂe☎️9315791090🍑👄 ℂall Girl serviℂe in ☎️Dehradun ℂall...🍑👄Dehradun Esℂorts Serviℂe☎️9315791090🍑👄 ℂall Girl serviℂe in ☎️Dehradun ℂall...
🍑👄Dehradun Esℂorts Serviℂe☎️9315791090🍑👄 ℂall Girl serviℂe in ☎️Dehradun ℂall...
 
一比一原版(Exon毕业证书)英国埃克塞特大学毕业证如何办理
一比一原版(Exon毕业证书)英国埃克塞特大学毕业证如何办理一比一原版(Exon毕业证书)英国埃克塞特大学毕业证如何办理
一比一原版(Exon毕业证书)英国埃克塞特大学毕业证如何办理
 
Premier Mobile App Development Agency in USA.pdf
Premier Mobile App Development Agency in USA.pdfPremier Mobile App Development Agency in USA.pdf
Premier Mobile App Development Agency in USA.pdf
 

OpenID Connect 4 SSI (DIFCon F2F)

  • 1. OpenID Connect for SSI Kristina Yasuda, Microsoft Dr. Torsten Lodderstedt, yes.com
  • 2. OpenID Connect for SSI • Aims at specifying a set of protocols based on OpenID Connect to enable SSI applications • Initiative conducted at OpenID Foundation in liaison with the Decentralized Identity Foundation (DIF) • One of the specifications is built up on DID-SIOP in DIDAuth WG in DIF and SIOP v1 in OIDC Core
  • 3. - Self-Issued OP (SIOP) already provides good starting point - Leveraging the simplicity and security of OpenID Connect for SSI applications - Existing libraries, only HTTPS communication, developer familiarity - Great for mobile applications, no firewall hassles - Security of OpenID Connect has been tested and formally analysed - Allow existing OpenID Connect RPs to access SSI credentials and existing OpenID Connect OPs to issue credentials Why use OpenID Connect as basis?
  • 4. ③ OpenID Connect for Verifiable Credential Issuance (Issuance of Verifiable Credentials) OpenID Connect for SSI Components Issuer (Website) Verifier (Website) Holder (Digital Wallet) Issue Credentials Present Credentials OpenID Connect Core ② OpenID Connect for Verifiable Presentations (Transportation of Verifiable Credentials) ① Self-Issued OP v2 (key exchange and authentication) or OpenID Connect Core Code flow Base Protocol Credentials
  • 5. Using OIDC4SSI as an authentication protocol to present and issue credentials allows implementers to choose a combination of DID methods, credential formats and other components of the SSI tech stack. OIDC4SSI allows variety of choices in the SSI tech stack SSI Tech Stack component Implementer’s choices when using OIDC4SSI as a protocol Identifiers Any DID method - user’s identifier can also be a JWK Thumbprint (`sub` in the ID Token) - verifier’s identifier can also be a unique string (`client_id` in the request) Credential Format Any credential format (AnonCreds, LDP-VC, JWT-VC, ISO mDL, etc.) Revocation Any mechanism (Status List 2021, etc.) additional trust mechanisms Any mechanism (.well-known DID configuration, etc.) Cryptography Any cryptosuite (EdDSA, ES256K, etc.)
  • 6. Standard OpenID Connect vs SIOP v2 Self-Issued OP model ⓪ User tries to log in Website (RP) User Agent OP Trust in cryptographically verifiable identifier ② OP on the user device issues ID Token Alice User-controlled OpenID Connect OP is able to self-sign ID Tokens and authenticate using public keys or Decentralized identifiers (DIDs) ① RP requests ID Token OpenID Connect standard model ⓪ User tries to log in Website (RP) User Agent OP (3P OpenID Provider) Trust in 3rd party Alice ② 3rd Party OP issues an ID Token ① RP requests ID Token
  • 7. Credential Issuer ③ Verify Credential from Trusted Credential Issuer (credential validation) SIOP v2 + OpenID Connect 4 Verifiable Presentations Presenting Credentials Website or App (RP) User Agent OP Alice Trust in cryptographically authenticated identifier ⓪ User tries to log in RP Stored Verifiable Credentials Trust in Credential Issuer(s) ② SIOP issues ID Token & Verifiable Presentation(s) ① RP requests ID Token and Credential(s)
  • 8. - Protocol is credential/presentation format agnostic - Dynamic SIOP discovery and invocation via HTTPS URLs - in addition to “openid://” custom scheme - enables use of app/universal links and web wallets - Same and Cross Device Flows - Leverages OpenID Connect Registration/Discovery metadata for management of verifiers and wallets Present Credentials (Key Features)
  • 9. - First Implementer’s Drafts of OpenID Connect SIOPV2 and OIDC4VP approved - https://openid.net/specs/openid-connect-self-issued-v2-1_0.html - https://openid.net/specs/openid-connect-4-verifiable-presentations-1_0.html - Existing & ongoing Implementations: - Microsoft - Convergence.Tech - IDunion - walt.id (eSSIF-Lab)* - Sphereon - Gimly *Some ESSIF projects already utilizes SIOP (based on DID-SIOP & OpenID Connect 4 Identity Assurance) Present Credentials (Status)
  • 11. IDunion Prototype •Implemented within IDunion project •Team: Sebastian Bickerle, Paul Wenzel, Fabian Hauck, & Dr. Daniel Fett •Use Case: Login to NextCloud using Verifiable Credentials •Based on • Existing NextCloud OpenID Connect Plugin • Lissi Wallet • Hyperledger Indy & Indy SDK & AnonCreds
  • 12. European Banking Identity Prototype •eSSIF-Lab founded project •Team: yes.com & walt.id • Presentation & Issuance via OIDC4SSI •Based on • walt.id Wallet (Web Wallet) • JSON LD based credentials • did:key (did:ebsi) eSSIF-Lab is funded by the European Commission, as part of the Horizon 2020 Research and Innovation Programme, under Grant Agreement Nº 871932 and it's framed under Next Generation Internet Initiative.
  • 13. Architecture Verifier Ledger Frontend Wallet redirects (HTTPS GET) (3) “response” (HTTPS POST) Backend polling on device cross device ledger access (1) QR Code e.g. DID resolution, revocation info, schema and credential definition (2) Request payload (GET request_uri)
  • 14. Request Example ESSIF Lab (W3C VC) { "response_type" :"id_token", "client_id":"https://example.com/callback" , "scope":"openid", "redirect_uri" :"https://example.com/callback" , "nonce":"67473895393019470130" , ... "claims":{ "vp_token":{ "presentation_definition" :{ "id":"1", "input_descriptors" :[ { "id":"1", "schema":{ "uri":"https://raw.githubusercontent.com/…/EuropeanBankIdentity.json" } } ] } } } }
  • 15. Response Example ESSIF Lab (W3C VC) { "iss": "https://self-issued.me/v2", "aud": "https://example.com/callback", "sub": "did:key:z6MkqUDiu3MHxAm...mscLT8E9R5CKdbtr7gwR8", "exp": 1645469476, "iat": 1645465876, "nonce": "cdb97870-a3be-49b4-aa55-8c7c7122178a", "_vp_token": { "presentation_submission": { "descriptor_map": [ { "path": "$", "format": "ldp_vp", "path_nested": { "path": "$.verifiableCredential[0]", "format": "ldp_vc" } ], "definition_id": "1", "id": "1" } } } { "@context" :[ "https://www.w3.org/2018/credentials/v1" ], "holder" :"did:key:z6MkqUDiu3MHxAmuMQ8jjkLiUu1mscLT8E9R5CKdbtr7gwR8" , "id":"urn:uuid:04816f2a-85f1-45d7-a66d-51764d39a569" , "proof":{ "domain" :"https://example.com/callback" , "jws" :"...", "nonce":"cdb97870-a3be-49b4-aa55-8c7c7122178a" , "proofPurpose" :"authentication" , "type":"Ed25519Signature2018" , "verificationMethod" :"did:key:z6MkqUDiu3 ..." }, "type":[ "VerifiablePresentation" ], "verifiableCredential" :[ { … "type":[ "VerifiableCredential" , "EuropeanBankIdentity" ], "credentialSubject" :{ "id":"did:key:z6MkqUDiu3MHxAmuMQ8jjkLiUu1mscLT8E9R5CKdbtr7gwR8" , "familyName" :"Family001" , "givenName" :"Given001" , "birthDate" :"1950-01-01" , "placeOfBirth" :{ "country" :"DE", "locality" :"Berlin" } }, ID Token VP Token
  • 16. Request Example IDunion (AnonCred) { "response_type" :"id_token" , "client_id" :"https://example.com/callback" , "scope":"openid" , "redirect_uri" :"https://example.com/callback ", "nonce":"67473895393019470130" , ... "claims" :{ "vp_token" :{ "presentation_definition" :{ "id":"NextcloudLogin" , "input_descriptors" :[ { "id":"ref2", "name":"NextcloudCredential" , "format" : { "ac_vc": { "proof_type" : ["CLSignature2019" ] } }, "schema" :[{ "uri":"did:indy:idu:test:3QowxFtwciWceMFr7WbwnM:2:BasicScheme:0.1", "required" :true}], "constraints" :{ "limit_disclosure" :"required" , "fields" :[{"path":["$.values.email" ]}, { "path":["$.values.first_name" ]}, { "path":["$.values.last_name" ]}] } } ] } } } }
  • 17. Response Example IDunion (AnonCred) { "aud": "https://example.com/callback ", "sub": "9wgU5CR6PdgGmvBfgz_CqAtBxJ33ckMEwvij-gC6Bcw" , "auth_time" : 1638483344 , "iss": "https://self-issued.me/v2" , "sub_jwk" : { "x": "cQ5fu5VmG…dA_5lTMGcoyQE78RrqQ6" , "kty": "EC", "y": "XHpi27YMA…rnF_-f_ASULPTmUmTS" , "crv": "P-384" }, "exp": 1638483944 , "iat": 1638483344 , "nonce": "67473895393019470130 ", "_vp_token" : { "presentation_submission" : { "descriptor_map" : [ { "id": "ref2", "path": "$", "format" : "ac_vp", "path_nested" : { "path": "$.requested_proof.revealed_attr_groups.ref2", "format" : "ac_vc" } } ], "definition_id" : "NextcloudLogin" , "id": "NexcloudCredentialPresentationSubmission" } } } { "proof": {...}, "requested_proof": { "revealed_attrs" : {}, "revealed_attr_groups": { "ref2": { "sub_proof_index" : 0, "values" : { "email": { "raw": "alice@example.com" , "encoded" : "115589951…83915671017846" }, "last_name" : { "raw": "Wonderland" , "encoded" : "167908493…94017654562035" }, "first_name" : { "raw": "Alice", "encoded" : "270346400…99344178781507" } } } }, … }, "identifiers" : [ { "schema_id" : "3QowxFtwciWceMFr7WbwnM:2:BasicScheme:0.1" , "cred_def_id" : "CsiDLAiFkQb9N4NDJKUagd:3:CL:4687:awesome_cred" , "rev_reg_id" : null, "timestamp" : null } ] } ID Token VP Token
  • 18. ⓪ User tries to log in, RP requests a VC OpenID Connect 4 Verifiable Credentials Issuance Issue Credentials Website or App (RP) User Agent OP Alice Credential Issuer Trusted Credential Issuer Trust (on first use) ⓪ User requests Credential ① Credential Issuer issues credential Verifiable Credentials ① SIOP issues ID Token & Verifiable Presentations
  • 19.
  • 20. - Easy to turn an existing OpenID Connect OP into a credential issuer - Protocol is credential/presentation format agnostic - Issuer has screen control and can directly interact with the user (e.g. for authentication, identity verification & consent) - Wallet can obtain credential on demand while processing a presentation request (inline issuance) - Supports Batch Issuance and Credential Refresh - Supports deferred issuance, not only “synchronous” Present Credentials (Key Features)
  • 21. - Specification adopted by the working group - https://openid.net/specs/openid-connect-4-verifiable-credential-issuance-1_0.html - Planned and ongoing implementations: - Microsoft - IDunion - walt.id & yes.com & BCDiploma (eSSIF-Lab) - Sphereon - Talao.io - Convergence.Tech Present Credentials (Status)
  • 23. Using OIDC4SSI as an authentication protocol to present and issue credentials allows implementers to choose a combination of DID methods, credential formats and other components of the SSI tech stack. OIDC4SSI allows variety of choices in the SSI tech stack SSI Tech Stack component Implementer’s choices when using OIDC4SSI as a protocol Identifiers Any DID method - user’s identifier can also be a JWK Thumbprint (`sub` in the ID Token) - verifier’s identifier can also be a unique string (`client_id` in the request) Credential Format Any credential format (AnonCreds, LDP-VC, JWT-VC, ISO mDL, etc.) Revocation Any mechanism (Status List 2021, etc.) additional trust mechanisms Any mechanism (.well-known DID configuration, etc.) Cryptography Any cryptosuite (EdDSA, ES256K, etc.)
  • 24. Q&A