identity
play

Identity Stefan Thomas, CTO Agenda Goals Terminology What - PowerPoint PPT Presentation

Identity Stefan Thomas, CTO Agenda Goals Terminology What can decentralized networks contribute? Better Identity Provider Public attestation Stefan Thomas, CTO Goals What are we trying to solve? Authentication


  1. Identity Stefan Thomas, CTO

  2. Agenda • Goals • Terminology • What can decentralized networks contribute? – Better Identity Provider – Public attestation Stefan Thomas, CTO

  3. Goals What are we trying to solve? Authentication • How can users securely authorize transactions? Attestation • How can we enable users to prove their trustworthiness? Stefan Thomas, CTO

  4. Our role W3C Web Payments Community Group We’re not identity experts. We’re payments experts. • What are our unique challenges around identity? • How does the emergence of distributed networks affect identity? • Stefan Thomas, CTO

  5. Terminology Entity Identity Identity Provider (IdP) mark@gmail.com mark@safeway.com TheMark72 Reference: ISO 29115; OpenID Connect 1.0 Core Stefan Thomas, CTO

  6. Terminology Identity Claim Claim Provider mark@gmail.com name: “Mark Dinkel” mark@safeway.com TheMark72 Reference: draft-ietf-oauth-json-web-token-19; OpenID Connect 1.0 Core Stefan Thomas, CTO

  7. Advantages The good news first OpenID Connect is pretty good! • Authentication mechanism agnostic • Cryptographically secure • Granular sharing of information and permissions • Supports discovery Stefan Thomas, CTO

  8. Reliance on IdPs Why care? • They are a target • Difficult to switch • Right to own your identity Stefan Thomas, CTO

  9. Self-issued IdP The other option • OpenID Connect 1.0 Core - Section 7 • https://self-issued.me • Suggested use case: Mobile phone • Open issues: backup, security Stefan Thomas, CTO

  10. Peer-assisted Key Derivation (PAKDF) Trustless login using blind signatures blind signature blinding “pw” unblinding Reference: justmoon.github.io/pakdf Stefan Thomas, CTO

  11. Peer-assisted Key Derivation (PAKDF) Trustless login using blind signatures “pw” • Full benefits of identity provider (multi-factor authentication, rate-limiting, fingerprinting) • If using multiple peers provides strong protections against bad IdPs Stefan Thomas, CTO

  12. Switching providers Global distributed namespace ~alice alice@acmebank.com acmebank.com rNb721TdNHN37yoURrMYDiQ ~alice Stefan Thomas, CTO

  13. Switching providers Global distributed namespace ~alice alice@foobank.com foobank.com rNb721TdNHN37yoURrMYDiQ ~alice Stefan Thomas, CTO

  14. Service Discovery How to pay alice? "links": [{ "rel": "https://ripple.com/specs/pay/1.0", acct:alice@foobank.com "href": "https://foobank.com/api/ripple/pay" }] ~alice Reference: RFC 7033 WebFinger Stefan Thomas, CTO

  15. Service Discovery GET /api/ripple/pay?uri=alice%3Ffoobank.com… [{ “uri": “ripple:12345-004-12341234567@eft.rippleunion.com“, “currency”: “CAD” }, { “uri": “ripple:rNb721TdNHN37yoURrMYDiQF?dt=1234”, “currency”: “BTC” }, …] Stefan Thomas, CTO

  16. Reputation Identity Claim Claim Provider name: “Mark Dinkel” mark@gmail.com Reference: draft-ietf-oauth-json-web-token-19; OpenID Connect 1.0 Core Stefan Thomas, CTO

  17. Reputation Identity Claim Claim Provider { reviewer: “bob@live.com”, mark@gmail.com score: 9.5, comment: “Great guy!” } Stefan Thomas, CTO

  18. Reputation Identity Claim Score Provider mark@gmail.com 804 low risk Stefan Thomas, CTO

  19. Stefan Thomas, CTO

Recommend


More recommend