1 / 19

Identity

Identity. Some text goes here. Agenda. Goals Terminology What can decentralized networks contribute? Better Identity Provider Public attestation. Goals. Authentication How can users securely authorize transactions? Attestation How can we enable users to prove their trustworthiness?.

mercer
Download Presentation

Identity

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Identity Some text goes here

  2. Agenda • Goals • Terminology • What can decentralized networks contribute? • Better Identity Provider • Public attestation

  3. Goals • AuthenticationHow can users securely authorize transactions? • AttestationHow can we enable users to prove their trustworthiness? • What are we trying to solve?

  4. Our role • We’re not identity experts. We’re payments experts. • What are our unique challenges around identity? • How does the emergence of distributed networks affect identity? • W3C Web Payments Community Group

  5. Terminology Entity Identity Identity Provider (IdP) mark@gmail.com mark@safeway.com TheMark72 Reference: ISO 29115; OpenID Connect 1.0 Core

  6. Terminology Identity Claim Claim Provider mark@gmail.com name:“Mark Dinkel” mark@safeway.com TheMark72 Reference: draft-ietf-oauth-json-web-token-19; OpenID Connect 1.0 Core

  7. Advantages • Authentication mechanism agnostic • Cryptographically secure • Granular sharing of information and permissions • Supports discovery • The good news first • OpenID Connect is pretty good!

  8. Reliance on IdPs • They are a target • Difficult to switch • Right to own your identity • Why care?

  9. Self-issued IdP • OpenID Connect 1.0 Core - Section 7 • https://self-issued.me • Suggested use case: Mobile phone • Open issues: backup, security • The other option

  10. Peer-assisted Key Derivation (PAKDF) • Trustless login using blind signatures blind signature blinding “pw” unblinding Reference: justmoon.github.io/pakdf

  11. Peer-assisted Key Derivation (PAKDF) • Full benefits of identity provider (multi-factor authentication, rate-limiting, fingerprinting) • If using multiple peers provides strong protections against bad IdPs • Trustless login using blind signatures “pw”

  12. Switching providers • Global distributed namespace ~alice alice@acmebank.com acmebank.com rNb721TdNHN37yoURrMYDiQ ~alice

  13. Switching providers • Global distributed namespace ~alice alice@foobank.com foobank.com rNb721TdNHN37yoURrMYDiQ ~alice

  14. Service Discovery • How to pay alice? "links": [{ "rel":"https://ripple.com/specs/pay/1.0", "href":"https://foobank.com/api/ripple/pay" }] acct:alice@foobank.com ~alice Reference: RFC 7033 WebFinger

  15. Service Discovery GET /api/ripple/pay?uri=alice%3Ffoobank.com… [{ “uri":“ripple:12345-004-12341234567@eft.rippleunion.com“, “currency”: “CAD” }, { “uri":“ripple:rNb721TdNHN37yoURrMYDiQF?dt=1234”, “currency”: “BTC” }, …]

  16. Reputation Identity Claim Claim Provider name:“Mark Dinkel” mark@gmail.com Reference: draft-ietf-oauth-json-web-token-19; OpenID Connect 1.0 Core

  17. Reputation Identity Claim Claim Provider { reviewer:“bob@live.com”, score:9.5, comment:“Great guy!” } mark@gmail.com

  18. Reputation Identity Claim Score Provider 804 mark@gmail.com low risk

  19. Some text goes here

More Related