![Page 1: Identity - World Wide Web Consortium · Identity Provider (IdP) Reference: ISO 29115; OpenIDConnect 1.0 Core. Stefan Thomas, CTO Terminology Identity mark@gmail.com mark@safeway.com](https://reader034.vdocument.in/reader034/viewer/2022050716/5e1df4172dbff206aa44af61/html5/thumbnails/1.jpg)
Stefan Thomas, CTO
Identity
![Page 2: Identity - World Wide Web Consortium · Identity Provider (IdP) Reference: ISO 29115; OpenIDConnect 1.0 Core. Stefan Thomas, CTO Terminology Identity mark@gmail.com mark@safeway.com](https://reader034.vdocument.in/reader034/viewer/2022050716/5e1df4172dbff206aa44af61/html5/thumbnails/2.jpg)
Stefan Thomas, CTO
Agenda
• Goals
• Terminology
• What can decentralized networks contribute?
– Better Identity Provider
– Public attestation
![Page 3: Identity - World Wide Web Consortium · Identity Provider (IdP) Reference: ISO 29115; OpenIDConnect 1.0 Core. Stefan Thomas, CTO Terminology Identity mark@gmail.com mark@safeway.com](https://reader034.vdocument.in/reader034/viewer/2022050716/5e1df4172dbff206aa44af61/html5/thumbnails/3.jpg)
Stefan Thomas, CTO
Goals
• Authentication
How can users securely authorize transactions?
• Attestation
How can we enable users to prove their trustworthiness?
What are we trying to solve?
![Page 4: Identity - World Wide Web Consortium · Identity Provider (IdP) Reference: ISO 29115; OpenIDConnect 1.0 Core. Stefan Thomas, CTO Terminology Identity mark@gmail.com mark@safeway.com](https://reader034.vdocument.in/reader034/viewer/2022050716/5e1df4172dbff206aa44af61/html5/thumbnails/4.jpg)
Stefan Thomas, CTO
Our role
• We’re not identity experts. We’re payments experts.
• What are our unique challenges around identity?
• How does the emergence of distributed networks affect identity?
W3C Web Payments Community Group
![Page 5: Identity - World Wide Web Consortium · Identity Provider (IdP) Reference: ISO 29115; OpenIDConnect 1.0 Core. Stefan Thomas, CTO Terminology Identity mark@gmail.com mark@safeway.com](https://reader034.vdocument.in/reader034/viewer/2022050716/5e1df4172dbff206aa44af61/html5/thumbnails/5.jpg)
Stefan Thomas, CTO
Terminology
Entity Identity
TheMark72
Identity Provider (IdP)
Reference: ISO 29115; OpenID Connect 1.0 Core
![Page 6: Identity - World Wide Web Consortium · Identity Provider (IdP) Reference: ISO 29115; OpenIDConnect 1.0 Core. Stefan Thomas, CTO Terminology Identity mark@gmail.com mark@safeway.com](https://reader034.vdocument.in/reader034/viewer/2022050716/5e1df4172dbff206aa44af61/html5/thumbnails/6.jpg)
Stefan Thomas, CTO
Terminology
Identity
TheMark72
Claim
name: “Mark Dinkel”
Claim Provider
Reference: draft-ietf-oauth-json-web-token-19; OpenID Connect 1.0 Core
![Page 7: Identity - World Wide Web Consortium · Identity Provider (IdP) Reference: ISO 29115; OpenIDConnect 1.0 Core. Stefan Thomas, CTO Terminology Identity mark@gmail.com mark@safeway.com](https://reader034.vdocument.in/reader034/viewer/2022050716/5e1df4172dbff206aa44af61/html5/thumbnails/7.jpg)
Stefan Thomas, CTO
Advantages
• Authentication mechanism agnostic
• Cryptographically secure
• Granular sharing of information and permissions
• Supports discovery
The good news first
OpenID Connect is pretty good!
![Page 8: Identity - World Wide Web Consortium · Identity Provider (IdP) Reference: ISO 29115; OpenIDConnect 1.0 Core. Stefan Thomas, CTO Terminology Identity mark@gmail.com mark@safeway.com](https://reader034.vdocument.in/reader034/viewer/2022050716/5e1df4172dbff206aa44af61/html5/thumbnails/8.jpg)
Stefan Thomas, CTO
Reliance on IdPs
• They are a target
• Difficult to switch
• Right to own your identity
Why care?
![Page 9: Identity - World Wide Web Consortium · Identity Provider (IdP) Reference: ISO 29115; OpenIDConnect 1.0 Core. Stefan Thomas, CTO Terminology Identity mark@gmail.com mark@safeway.com](https://reader034.vdocument.in/reader034/viewer/2022050716/5e1df4172dbff206aa44af61/html5/thumbnails/9.jpg)
Stefan Thomas, CTO
Self-issued IdP
• OpenID Connect 1.0 Core - Section 7
• https://self-issued.me
• Suggested use case: Mobile phone
• Open issues: backup, security
The other option
![Page 10: Identity - World Wide Web Consortium · Identity Provider (IdP) Reference: ISO 29115; OpenIDConnect 1.0 Core. Stefan Thomas, CTO Terminology Identity mark@gmail.com mark@safeway.com](https://reader034.vdocument.in/reader034/viewer/2022050716/5e1df4172dbff206aa44af61/html5/thumbnails/10.jpg)
Stefan Thomas, CTO
Peer-assisted Key Derivation (PAKDF)
Trustless login using blind signatures
“pw”
blinding
unblinding
blind signature
Reference: justmoon.github.io/pakdf
![Page 11: Identity - World Wide Web Consortium · Identity Provider (IdP) Reference: ISO 29115; OpenIDConnect 1.0 Core. Stefan Thomas, CTO Terminology Identity mark@gmail.com mark@safeway.com](https://reader034.vdocument.in/reader034/viewer/2022050716/5e1df4172dbff206aa44af61/html5/thumbnails/11.jpg)
Stefan Thomas, CTO
Peer-assisted Key Derivation (PAKDF)
• Full benefits of identity provider (multi-factor authentication, rate-limiting, fingerprinting)
• If using multiple peers provides strong protections against bad IdPs
Trustless login using blind signatures
“pw”
![Page 12: Identity - World Wide Web Consortium · Identity Provider (IdP) Reference: ISO 29115; OpenIDConnect 1.0 Core. Stefan Thomas, CTO Terminology Identity mark@gmail.com mark@safeway.com](https://reader034.vdocument.in/reader034/viewer/2022050716/5e1df4172dbff206aa44af61/html5/thumbnails/12.jpg)
Stefan Thomas, CTO
Switching providers
Global distributed namespace
~alice
acmebank.com
rNb721TdNHN37yoURrMYDiQ
~alice
![Page 13: Identity - World Wide Web Consortium · Identity Provider (IdP) Reference: ISO 29115; OpenIDConnect 1.0 Core. Stefan Thomas, CTO Terminology Identity mark@gmail.com mark@safeway.com](https://reader034.vdocument.in/reader034/viewer/2022050716/5e1df4172dbff206aa44af61/html5/thumbnails/13.jpg)
Stefan Thomas, CTO
Switching providers
Global distributed namespace
~alice
foobank.com
rNb721TdNHN37yoURrMYDiQ
~alice
![Page 14: Identity - World Wide Web Consortium · Identity Provider (IdP) Reference: ISO 29115; OpenIDConnect 1.0 Core. Stefan Thomas, CTO Terminology Identity mark@gmail.com mark@safeway.com](https://reader034.vdocument.in/reader034/viewer/2022050716/5e1df4172dbff206aa44af61/html5/thumbnails/14.jpg)
Stefan Thomas, CTO
Service Discovery
How to pay alice?
~alice
acct:[email protected]
"links": [{
"rel": "https://ripple.com/specs/pay/1.0",
"href": "https://foobank.com/api/ripple/pay"
}]
Reference: RFC 7033 WebFinger
![Page 15: Identity - World Wide Web Consortium · Identity Provider (IdP) Reference: ISO 29115; OpenIDConnect 1.0 Core. Stefan Thomas, CTO Terminology Identity mark@gmail.com mark@safeway.com](https://reader034.vdocument.in/reader034/viewer/2022050716/5e1df4172dbff206aa44af61/html5/thumbnails/15.jpg)
Stefan Thomas, CTO
Service Discovery
GET /api/ripple/pay?uri=alice%3Ffoobank.com…
[{
“uri": “ripple:[email protected]“,
“currency”: “CAD”
}, {
“uri": “ripple:rNb721TdNHN37yoURrMYDiQF?dt=1234”,
“currency”: “BTC”
}, …]
![Page 16: Identity - World Wide Web Consortium · Identity Provider (IdP) Reference: ISO 29115; OpenIDConnect 1.0 Core. Stefan Thomas, CTO Terminology Identity mark@gmail.com mark@safeway.com](https://reader034.vdocument.in/reader034/viewer/2022050716/5e1df4172dbff206aa44af61/html5/thumbnails/16.jpg)
Stefan Thomas, CTO
Reputation
Identity
Claim
name: “Mark Dinkel”
Claim Provider
Reference: draft-ietf-oauth-json-web-token-19; OpenID Connect 1.0 Core
![Page 17: Identity - World Wide Web Consortium · Identity Provider (IdP) Reference: ISO 29115; OpenIDConnect 1.0 Core. Stefan Thomas, CTO Terminology Identity mark@gmail.com mark@safeway.com](https://reader034.vdocument.in/reader034/viewer/2022050716/5e1df4172dbff206aa44af61/html5/thumbnails/17.jpg)
Stefan Thomas, CTO
Reputation
Identity
Claim
{
reviewer: “[email protected]”,
score: 9.5,
comment: “Great guy!”
}
Claim Provider
![Page 19: Identity - World Wide Web Consortium · Identity Provider (IdP) Reference: ISO 29115; OpenIDConnect 1.0 Core. Stefan Thomas, CTO Terminology Identity mark@gmail.com mark@safeway.com](https://reader034.vdocument.in/reader034/viewer/2022050716/5e1df4172dbff206aa44af61/html5/thumbnails/19.jpg)
Stefan Thomas, CTO