Identity Stefan Thomas, CTO Agenda Goals Terminology What - - PowerPoint PPT Presentation

identity
SMART_READER_LITE
LIVE PREVIEW

Identity Stefan Thomas, CTO Agenda Goals Terminology What - - PowerPoint PPT Presentation

Feb 04, 2023 327 likes •538 views

Identity Stefan Thomas, CTO Agenda Goals Terminology What can decentralized networks contribute? Better Identity Provider Public attestation Stefan Thomas, CTO Goals What are we trying to solve? Authentication

slide-1
SLIDE 1

Stefan Thomas, CTO

Identity

slide-2
SLIDE 2

Stefan Thomas, CTO

Agenda

  • Goals
  • Terminology
  • What can decentralized networks contribute?

Better Identity Provider

Public attestation

slide-3
SLIDE 3

Stefan Thomas, CTO

Goals

  • Authentication

How can users securely authorize transactions?

  • Attestation

How can we enable users to prove their trustworthiness?

What are we trying to solve?

slide-4
SLIDE 4

Stefan Thomas, CTO

Our role

  • We’re not identity experts. We’re payments experts.
  • What are our unique challenges around identity?
  • How does the emergence of distributed networks affect identity?

W3C Web Payments Community Group

slide-5
SLIDE 5

Stefan Thomas, CTO

Terminology

Entity Identity mark@gmail.com mark@safeway.com TheMark72 Identity Provider (IdP)

Reference: ISO 29115; OpenID Connect 1.0 Core

slide-6
SLIDE 6

Stefan Thomas, CTO

Terminology

Identity mark@gmail.com mark@safeway.com TheMark72 Claim name: “Mark Dinkel” Claim Provider

Reference: draft-ietf-oauth-json-web-token-19; OpenID Connect 1.0 Core

slide-7
SLIDE 7

Stefan Thomas, CTO

Advantages

  • Authentication mechanism agnostic
  • Cryptographically secure
  • Granular sharing of information and permissions
  • Supports discovery

The good news first

OpenID Connect is pretty good!

slide-8
SLIDE 8

Stefan Thomas, CTO

Reliance on IdPs

  • They are a target
  • Difficult to switch
  • Right to own your identity

Why care?

slide-9
SLIDE 9

Stefan Thomas, CTO

Self-issued IdP

  • OpenID Connect 1.0 Core - Section 7
  • https://self-issued.me
  • Suggested use case: Mobile phone
  • Open issues: backup, security

The other option

slide-10
SLIDE 10

Stefan Thomas, CTO

Peer-assisted Key Derivation (PAKDF)

Trustless login using blind signatures

“pw” blinding unblinding blind signature

Reference: justmoon.github.io/pakdf

slide-11
SLIDE 11

Stefan Thomas, CTO

Peer-assisted Key Derivation (PAKDF)

  • Full benefits of identity provider (multi-factor authentication, rate-limiting, fingerprinting)
  • If using multiple peers provides strong protections against bad IdPs

Trustless login using blind signatures

“pw”

slide-12
SLIDE 12

Stefan Thomas, CTO

Switching providers

Global distributed namespace

~alice

acmebank.com rNb721TdNHN37yoURrMYDiQ alice@acmebank.com

~alice

slide-13
SLIDE 13

Stefan Thomas, CTO

Switching providers

Global distributed namespace

~alice

foobank.com rNb721TdNHN37yoURrMYDiQ alice@foobank.com

~alice

slide-14
SLIDE 14

Stefan Thomas, CTO

Service Discovery

How to pay alice?

~alice

acct:alice@foobank.com

"links": [{ "rel": "https://ripple.com/specs/pay/1.0", "href": "https://foobank.com/api/ripple/pay" }]

Reference: RFC 7033 WebFinger

slide-15
SLIDE 15

Stefan Thomas, CTO

Service Discovery

GET /api/ripple/pay?uri=alice%3Ffoobank.com… [{ “uri": “ripple:12345-004-12341234567@eft.rippleunion.com“, “currency”: “CAD” }, { “uri": “ripple:rNb721TdNHN37yoURrMYDiQF?dt=1234”, “currency”: “BTC” }, …]

slide-16
SLIDE 16

Stefan Thomas, CTO

Reputation

Identity mark@gmail.com Claim name: “Mark Dinkel” Claim Provider

Reference: draft-ietf-oauth-json-web-token-19; OpenID Connect 1.0 Core

slide-17
SLIDE 17

Stefan Thomas, CTO

Reputation

Identity mark@gmail.com Claim

{ reviewer: “bob@live.com”, score: 9.5, comment: “Great guy!” }

Claim Provider

slide-18
SLIDE 18

Stefan Thomas, CTO

Reputation

Identity mark@gmail.com Claim Score Provider

804

low risk

slide-19
SLIDE 19

Stefan Thomas, CTO