SlideShare una empresa de Scribd logo

OpenID for SSI

T
Torsten Lodderstedt

The deck gives an overview of the OpenID for SSI protocol suite.

Internet
1 de 34
Descargar para leer sin conexión
OpenID for SSI Kristina Yasuda, Microsoft Dr. Torsten Lodderstedt, yes.com
OpenID for SSI • Aims at specifying a set of protocols based on OpenID Connect and OAuth2.0 to enable SSI applications • Initiative conducted at OpenID Foundation in liaison with the Decentralized Identity Foundation (DIF) • One of the specifications is built up on DID-SIOP in DIDAuth WG in DIF and SIOPv1 chapter 7 in OIDC Core
- Self-Issued OP (SIOP) already provides good starting point - Leveraging the simplicity and security of OpenID Connect and OAuth2.0 for SSI applications - Existing libraries, only HTTPS communication, developer familiarity - Great for mobile applications, no firewall hassles - Security of OpenID Connect has been tested and formally analysed - Allow existing OpenID Connect RPs to access SSI credentials and existing OpenID Connect OPs to issue credentials Why use OpenID Connect/OAuth2.0 as basis?
③ OpenID Connect for Verifiable Credential Issuance (Issuance of Verifiable Credentials) OpenID Connect for SSI Components Issuer (Website) Verifier (Website) Holder (Digital Wallet) Issue Credentials Present Credentials ① Self-Issued OP v2 (key exchange and authentication) ② OpenID Connect for Verifiable Presentations (Presentation of Verifiable Credentials) Can be hosted locally on the user’s device, have cloud components, or be entirely hosted in the cloud
Using OIDC4SSI as an authentication protocol to present and issue credentials allows implementers to choose a combination of DID methods, credential formats and other components of the SSI tech stack. OIDC4SSI allows variety of choices in the SSI tech stack SSI Tech Stack component Implementer’s choices when using OIDC4SSI as a protocol Identifiers Any DID method - user’s identifier can also be a JWK Thumbprint (`sub` in the ID Token) - verifier’s identifier can also be a unique string (`client_id` in the request) Credential Format Any credential format (AnonCreds, LDP-VC, JWT-VC, ISO mDL, etc.) Revocation Any mechanism (Status List 2021, etc.) additional trust mechanisms Any mechanism (.well-known DID configuration, etc.) Cryptography Any cryptosuite (EdDSA, ES256K, etc.)
some use-cases…
SIOPv2
Standard OpenID Connect vs SIOP v2 Self-Issued OP model ⓪ User tries to get access to a resource Website (RP) User Agent OP Trust in cryptographically verifiable identifier ② OP on the user device issues subject-signed ID Token Alice User-controlled OpenID Connect OP is able to self-sign ID Tokens and authenticate using the user-controlled key material (raw public keys or Decentralized identifiers (DIDs)) ① RP requests ID Token OpenID Connect standard model ⓪ User tries to log in Website (RP) User Agent OP (3P OpenID Provider) Trust in 3rd party Alice ② 3rd Party OP issues an ID Token ① RP requests ID Token
OpenID Connect for Verifiable Presentations
Credential Issuer ③ Verify Credential from Trusted Credential Issuer (obtain Issuer’s public key and optionally check revocation list) SIOP v2 + OpenID Connect 4 Verifiable Presentations Presenting Credentials Website or App (RP) User Agent OP Alice Trust in cryptographically authenticated identifier ⓪ User tries to get access to a resource Stored Verifiable Credentials Trust in Credential Issuer(s) ② SIOP issues ID Token & Verifiable Presentation(s) ① RP requests ID Token and Credential(s) Status list (revocation) Issuer’s Public Key
- Protocol is credential/presentation format agnostic - Examples for AnonCreds and mDL in OIDC4VP spec - passing `presentation_definition` PE object by value or by reference - Support for Trust Schemes - for example, request credentials issued by an issuer that is part of a Trust Framework - Dynamic SIOP discovery and invocation via HTTPS URLs - enables use of app/universal links and web wallets - Leverages all OpenID Connect Flows - SIOP can be entirely locally hosted, have cloud components, be entirely cloud-based - Cross Device Flow enabled - Leverages OpenID Connect Metadata for verifiers and wallet management - Clarify that the key feature of SIOP is ability to sign ID Token using a subject-controlled key material (iss==sub in ID Token) - Ongoing: wallet & key attestation Credentials Presentation (Key & New Features)
- First Implementer’s Drafts of OpenID Connect SIOPV2 and OIDC4VP approved. Targeting Second Implementer’s Draft by the end of 2022 - Latest Editor’s drafts can be published at: - https://openid.net/specs/openid-connect-self-issued-v2-1_0.html - https://openid.net/specs/openid-connect-4-verifiable-presentations-1_0.html - Existing & ongoing Implementations: - The European Blockchain Services Infrastructure (EBSI) - Microsoft - Workday - Ping Identity - Convergence.Tech - IDunion - walt.id (eSSIF-Lab)* - Sphereon - Gimly *Some ESSIF projects already utilizes SIOP (based on DID-SIOP & OpenID Connect 4 Identity Assurance) Credential Presentation (Status)
Demo Credential Presentation
IDunion Prototype •Implemented within IDunion project •Team: Sebastian Bickerle, Paul Wenzel, Fabian Hauck, & Dr. Daniel Fett •Use Case: Login to NextCloud using Verifiable Credentials •Based on • Existing NextCloud OpenID Connect Plugin • Lissi Wallet • Hyperledger Indy & Indy SDK & AnonCreds
European Banking Identity Prototype •eSSIF-Lab founded project •Team: yes.com & walt.id • Presentation & Issuance via OIDC4SSI •Based on • walt.id Wallet (Web Wallet) • JSON LD based credentials • did:key (did:ebsi) eSSIF-Lab is funded by the European Commission, as part of the Horizon 2020 Research and Innovation Programme, under Grant Agreement Nº 871932 and it's framed under Next Generation Internet Initiative.
Architecture Verifier Ledger Frontend Wallet redirects (HTTPS GET) (3) “response” (HTTPS POST) Backend polling on device cross device ledger access (1) QR Code e.g. DID resolution, revocation info, schema and credential definition (2) Request payload (GET request_uri)
Request Example ESSIF Lab (W3C VC) { "response_type" :"id_token", "client_id":"https://example.com/callback" , "scope":"openid", "redirect_uri" :"https://example.com/callback" , "nonce":"67473895393019470130" , ... "claims":{ "vp_token":{ "presentation_definition" :{ "id":"1", "input_descriptors" :[ { "id":"1", "schema":{ "uri":"https://raw.githubusercontent.com/…/EuropeanBankIdentity.json" } } ] } } } }
Response Example ESSIF Lab (W3C VC) { "iss": "https://self-issued.me/v2", "aud": "https://example.com/callback", "sub": "did:key:z6MkqUDiu3MHxAm...mscLT8E9R5CKdbtr7gwR8", "exp": 1645469476, "iat": 1645465876, "nonce": "cdb97870-a3be-49b4-aa55-8c7c7122178a", "_vp_token": { "presentation_submission": { "descriptor_map": [ { "path": "$", "format": "ldp_vp", "path_nested": { "path": "$.verifiableCredential[0]", "format": "ldp_vc" } ], "definition_id": "1", "id": "1" } } } { "@context" :[ "https://www.w3.org/2018/credentials/v1" ], "holder" :"did:key:z6MkqUDiu3MHxAmuMQ8jjkLiUu1mscLT8E9R5CKdbtr7gwR8" , "id":"urn:uuid:04816f2a-85f1-45d7-a66d-51764d39a569" , "proof":{ "domain" :"https://example.com/callback" , "jws" :"...", "nonce":"cdb97870-a3be-49b4-aa55-8c7c7122178a" , "proofPurpose" :"authentication" , "type":"Ed25519Signature2018" , "verificationMethod" :"did:key:z6MkqUDiu3 ..." }, "type":[ "VerifiablePresentation" ], "verifiableCredential" :[ { … "type":[ "VerifiableCredential" , "EuropeanBankIdentity" ], "credentialSubject" :{ "id":"did:key:z6MkqUDiu3MHxAmuMQ8jjkLiUu1mscLT8E9R5CKdbtr7gwR8" , "familyName" :"Family001" , "givenName" :"Given001" , "birthDate" :"1950-01-01" , "placeOfBirth" :{ "country" :"DE", "locality" :"Berlin" } }, ID Token VP Token
Request Example IDunion (AnonCred) { "response_type" :"id_token" , "client_id" :"https://example.com/callback" , "scope":"openid" , "redirect_uri" :"https://example.com/callback ", "nonce":"67473895393019470130" , ... "claims" :{ "vp_token" :{ "presentation_definition" :{ "id":"NextcloudLogin" , "input_descriptors" :[ { "id":"ref2", "name":"NextcloudCredential" , "format" : { "ac_vc": { "proof_type" : ["CLSignature2019" ] } }, "constraints" :{ "limit_disclosure" :"required" , "fields":[{ "path": [ "$.schema_id" ], "filter": { "type": "string" , "pattern": "did:indy:idu:test:3QowxFtwciWceMFr7WbwnM:2:BasicScheme:0.1" } }, {"path":[ "$.values.email" ]}, { "path":["$.values.first_name" ]}, { "path":["$.values.last_name" ]}] } }
Response Example IDunion (AnonCred) { "aud": "https://example.com/callback ", "sub": "9wgU5CR6PdgGmvBfgz_CqAtBxJ33ckMEwvij-gC6Bcw" , "auth_time" : 1638483344 , "iss": "https://self-issued.me/v2" , "sub_jwk" : { "x": "cQ5fu5VmG…dA_5lTMGcoyQE78RrqQ6" , "kty": "EC", "y": "XHpi27YMA…rnF_-f_ASULPTmUmTS" , "crv": "P-384" }, "exp": 1638483944 , "iat": 1638483344 , "nonce": "67473895393019470130 ", "_vp_token" : { "presentation_submission" : { "descriptor_map" : [ { "id": "ref2", "path": "$", "format" : "ac_vp", "path_nested" : { "path": "$.requested_proof.revealed_attr_groups.ref2", "format" : "ac_vc" } } ], "definition_id" : "NextcloudLogin" , "id": "NexcloudCredentialPresentationSubmission" } } } { "proof": {...}, "requested_proof": { "revealed_attrs" : {}, "revealed_attr_groups": { "ref2": { "sub_proof_index" : 0, "values" : { "email": { "raw": "alice@example.com" , "encoded" : "115589951…83915671017846" }, "last_name" : { "raw": "Wonderland" , "encoded" : "167908493…94017654562035" }, "first_name" : { "raw": "Alice", "encoded" : "270346400…99344178781507" } } } }, … }, "identifiers" : [ { "schema_id" : "3QowxFtwciWceMFr7WbwnM:2:BasicScheme:0.1" , "cred_def_id" : "CsiDLAiFkQb9N4NDJKUagd:3:CL:4687:awesome_cred" , "rev_reg_id" : null, "timestamp" : null } ] } ID Token VP Token
OpenID for Credential Issuance
Credential Issuer ③ Verify Credential from Trusted Credential Issuer (obtain Issuer’s public key and optionally check revocation) OpenID Connect 4 Verifiable Credentials Issuance Issuing Credentials Website or App (RP) User Agent OP Alice Trust in cryptographically authenticated identifier ⓪ User tries to log in RP Stored Verifiable Credentials Trust in Credential Issuer(s) ② SIOP issues ID Token & Verifiable Presentation(s) ① RP requests ID Token and Credential(s) ⓪ User requests Credential ① Credential Issuer issues credential
- Issuance via OAuth-protected Credential Endpoint - Currently two authorization flows: - Code flow (others possible) ■ invoked by Wallet requesting authorization for one or more credentials at the Authorization Endpoint (may trigger by presentation request during the issuance) ■ Issuer takes screen control and can authenticate/identify user with means at Issuer’s discretion - Pre-authorized code flow (new grant type) ■ Wallet is invoked after completion of process with the Issuer (QR Code or redirect) Design Principles
- Protocol is credential format agnostic - W3C Verifiable Credentials, ISO mobile Driving Licence/electronic ID, SMART Health Cards - Can be customized to use different methods for proofs of possession of key material - for example, `jwt` proof type that includes a signature by a key material tied to a DID - Allows Credential Issuance during Presentation Request (inline issuance) - Requested credential not found in the wallet - Allows just-in-time and batch credential issuance as well as credential refresh - Allows Presentation Request during Credential Issuance - Issuer is requesting to present a VC as a way to identify a user during Issuance - Can be built on top of existing OAuth/OpenID implementations - Leverages OpenID Connect Metadata for wallet & issuer management - Ongoing: wallet & key attestation to build Issuer’s trust in the wallet Credential Issuance (Key Features)
- Specification adopted by the working group. Targeting First Implementer’s draft by the end of 2022. - https://openid.net/specs/openid-connect-4-verifiable-credential-issuance-1_0.html - Planned and ongoing implementations: - The European Blockchain Services Infrastructure (EBSI) - Microsoft - Mattr - IDunion - walt.id & yes.com & BCDiploma (eSSIF-Lab) - Sphereon - Talao.io - Convergence.Tech Credential Issuance (Status)
Demo Credential Issuance
European Banking Identity Prototype •eSSIF-Lab founded project •Team: yes.com & walt.id • Presentation & Issuance via OIDC4SSI •Based on • walt.id Wallet (Web Wallet) • JSON LD based credentials • did:key (did:ebsi) eSSIF-Lab is funded by the European Commission, as part of the Horizon 2020 Research and Innovation Programme, under Grant Agreement Nº 871932 and it's framed under Next Generation Internet Initiative.
Authorization Request HTTP/1.1 302 Found Location: https://server.example.com/authorize? response_type=code &client_id=s6BhdRkqt3 &code_challenge=E9Melhoa2OwvFrEMTJguCHaoeK1t8URWbuGJSstw-cM &code_challenge_method=S256 &scope=openid_credential:ttps://…/EuropeanBankIdentity.json &redirect_uri=https://client.example.org/cb
Credential Issuance (W3C VC) HTTP/1.1 200 OK Content-Type: application/json Cache-Control: no-store Pragma: no-cache { "format": "ldp_vc", "credential" : "eyJjcmVkZW50a...d0MifQ==" } POST /credential HTTP/1.1 Host: server.example.com Content-Type: application/x-www-form-urlencoded Authorization: BEARER czZCaGRSa3F0MzpnWDFmQmF0M2JW type=https://…/EuropeanBankIdentity.json format=ldp_vc did=did:key:z6MkqUDiu3MHxAmuMQ8jjkLiUu1mscLT8E9R5CKdbtr7gwR8 proof=%7B%22type%22:%22jwt%22…0aW9EkL1nOzM%22%7D Request Response
Issued Credential { ... "issuer": "did:key:z6MkgF2pvVNEFXCksupWKrdPhL6ubecis3AWbWVsr9bNAbwC", "type": [ "VerifiableCredential", "EuropeanBankIdentity" ], "credentialSchema": { "id": "https://raw.githubusercontent.com/…/EuropeanBankIdentity.json", }, "credentialSubject": { "placeOfBirth": { "country": "DE", "locality": "Berlin" }, "familyName": "Family001", "givenName": "Given001", "id": "did:key:z6MkmY9NFeyqNTS6nYN1tSeuxg6Sbxi7ntt2wR4Upy9HHSDS", "birthDate": "1950-01-01" } ... }
- Interoperability profile relying on SIOP v2 and OIDC4VP - Microsoft - Workday - Ping Identity - (Mattr) - (IBM) Demo 2
Using OIDC4SSI as an authentication protocol to present and issue credentials allows implementers to choose a combination of DID methods, credential formats and other components of the SSI tech stack. OIDC4SSI allows variety of choices in the SSI tech stack SSI Tech Stack component Implementer’s choices when using OIDC4SSI as a protocol Identifiers Any DID method - user’s identifier can also be a JWK Thumbprint (`sub` in the ID Token) - verifier’s identifier can also be a unique string (`client_id` in the request) Credential Format Any credential format (AnonCreds, LDP-VC, JWT-VC, ISO mDL, etc.) Revocation Any mechanism (Status List 2021, etc.) additional trust mechanisms Any mechanism (.well-known DID configuration, etc.) Cryptography Any cryptosuite (EdDSA, ES256K, etc.)
Announcements - OIDF Slack channel #wg-connect
Q&A

Recomendados

OpenID Connect 4 SSI (DIFCon F2F)
OpenID Connect 4 SSI (DIFCon F2F)OpenID Connect 4 SSI (DIFCon F2F)
OpenID Connect 4 SSI (DIFCon F2F)Torsten Lodderstedt
 
How to Build Interoperable Decentralized Identity Systems with OpenID for Ver...
How to Build Interoperable Decentralized Identity Systems with OpenID for Ver...How to Build Interoperable Decentralized Identity Systems with OpenID for Ver...
How to Build Interoperable Decentralized Identity Systems with OpenID for Ver...Torsten Lodderstedt
 
OpenID Connect 4 SSI
OpenID Connect 4 SSIOpenID Connect 4 SSI
OpenID Connect 4 SSITorsten Lodderstedt
 
OpenID for Verifiable Credentials
OpenID for Verifiable CredentialsOpenID for Verifiable Credentials
OpenID for Verifiable CredentialsTorsten Lodderstedt
 
OpenID for Verifiable Credentials @ IIW 36
OpenID for Verifiable Credentials @ IIW 36OpenID for Verifiable Credentials @ IIW 36
OpenID for Verifiable Credentials @ IIW 36Torsten Lodderstedt
 
OIDC4VP for AB/C WG
OIDC4VP for AB/C WGOIDC4VP for AB/C WG
OIDC4VP for AB/C WGTorsten Lodderstedt
 
How to Build Interoperable Decentralized Identity Systems with OpenID for Ver...
How to Build Interoperable Decentralized Identity Systems with OpenID for Ver...How to Build Interoperable Decentralized Identity Systems with OpenID for Ver...
How to Build Interoperable Decentralized Identity Systems with OpenID for Ver...Torsten Lodderstedt
 
OpenID 4 Verifiable Credentials + HAIP (Update)
OpenID 4 Verifiable Credentials + HAIP (Update)OpenID 4 Verifiable Credentials + HAIP (Update)
OpenID 4 Verifiable Credentials + HAIP (Update)Torsten Lodderstedt
 

Recomendados

OpenID Connect 4 SSI (DIFCon F2F)
OpenID Connect 4 SSI (DIFCon F2F)OpenID Connect 4 SSI (DIFCon F2F)
OpenID Connect 4 SSI (DIFCon F2F)Torsten Lodderstedt
 
How to Build Interoperable Decentralized Identity Systems with OpenID for Ver...
How to Build Interoperable Decentralized Identity Systems with OpenID for Ver...How to Build Interoperable Decentralized Identity Systems with OpenID for Ver...
How to Build Interoperable Decentralized Identity Systems with OpenID for Ver...Torsten Lodderstedt
 
OpenID Connect 4 SSI
OpenID Connect 4 SSIOpenID Connect 4 SSI
OpenID Connect 4 SSITorsten Lodderstedt
 
OpenID for Verifiable Credentials
OpenID for Verifiable CredentialsOpenID for Verifiable Credentials
OpenID for Verifiable CredentialsTorsten Lodderstedt
 
OpenID for Verifiable Credentials @ IIW 36
OpenID for Verifiable Credentials @ IIW 36OpenID for Verifiable Credentials @ IIW 36
OpenID for Verifiable Credentials @ IIW 36Torsten Lodderstedt
 
OIDC4VP for AB/C WG
OIDC4VP for AB/C WGOIDC4VP for AB/C WG
OIDC4VP for AB/C WGTorsten Lodderstedt
 
How to Build Interoperable Decentralized Identity Systems with OpenID for Ver...
How to Build Interoperable Decentralized Identity Systems with OpenID for Ver...How to Build Interoperable Decentralized Identity Systems with OpenID for Ver...
How to Build Interoperable Decentralized Identity Systems with OpenID for Ver...Torsten Lodderstedt
 
OpenID 4 Verifiable Credentials + HAIP (Update)
OpenID 4 Verifiable Credentials + HAIP (Update)OpenID 4 Verifiable Credentials + HAIP (Update)
OpenID 4 Verifiable Credentials + HAIP (Update)Torsten Lodderstedt
 
OpenID Connect 4 SSI (at EIC 2021)
OpenID Connect 4 SSI (at EIC 2021)OpenID Connect 4 SSI (at EIC 2021)
OpenID Connect 4 SSI (at EIC 2021)Torsten Lodderstedt
 
The European Union goes Decentralized
The European Union goes DecentralizedThe European Union goes Decentralized
The European Union goes DecentralizedTorsten Lodderstedt
 
OpenID for Verifiable Credentials (IIW 35)
OpenID for Verifiable Credentials (IIW 35)OpenID for Verifiable Credentials (IIW 35)
OpenID for Verifiable Credentials (IIW 35)Torsten Lodderstedt
 
EUDI wallets with OpenID for verifiable credentials (OID4VCI/OID4VP)
EUDI wallets with OpenID for verifiable credentials (OID4VCI/OID4VP)EUDI wallets with OpenID for verifiable credentials (OID4VCI/OID4VP)
EUDI wallets with OpenID for verifiable credentials (OID4VCI/OID4VP)Lal Chandran
 
OpenID for Verifiable Credentials
OpenID for Verifiable CredentialsOpenID for Verifiable Credentials
OpenID for Verifiable CredentialsTorsten Lodderstedt
 
IDA,VC,DID関連仕様 最新情報 - OpenID BizDay #15
IDA,VC,DID関連仕様 最新情報 - OpenID BizDay #15IDA,VC,DID関連仕様 最新情報 - OpenID BizDay #15
IDA,VC,DID関連仕様 最新情報 - OpenID BizDay #15OpenID Foundation Japan
 
Verifiable Credentials in Self-Sovereign Identity (SSI)
Verifiable Credentials in Self-Sovereign Identity (SSI)Verifiable Credentials in Self-Sovereign Identity (SSI)
Verifiable Credentials in Self-Sovereign Identity (SSI)Evernym
 
Verifiable Credentials_Kristina_Identiverse2022_vFIN.pdf
Verifiable Credentials_Kristina_Identiverse2022_vFIN.pdfVerifiable Credentials_Kristina_Identiverse2022_vFIN.pdf
Verifiable Credentials_Kristina_Identiverse2022_vFIN.pdfKristina Yasuda
 
MicrosoftのDID/VC実装概要
MicrosoftのDID/VC実装概要MicrosoftのDID/VC実装概要
MicrosoftのDID/VC実装概要Naohiro Fujie
 
Hyperledger Indy tutorial
Hyperledger Indy tutorialHyperledger Indy tutorial
Hyperledger Indy tutorialssuser3993f3
 
Decentralized Identifiers (DIDs): The Fundamental Building Block of Self-Sove...
Decentralized Identifiers (DIDs): The Fundamental Building Block of Self-Sove...Decentralized Identifiers (DIDs): The Fundamental Building Block of Self-Sove...
Decentralized Identifiers (DIDs): The Fundamental Building Block of Self-Sove...SSIMeetup
 
SSI DIDs VCs 入門資料
SSI DIDs VCs 入門資料SSI DIDs VCs 入門資料
SSI DIDs VCs 入門資料KAYATO SAITO
 
OpenID Connect: An Overview
OpenID Connect: An OverviewOpenID Connect: An Overview
OpenID Connect: An OverviewPat Patterson
 
Hyperledger Aries: Open Source Interoperable Identity Solution – Nathan George
Hyperledger Aries: Open Source Interoperable Identity Solution – Nathan GeorgeHyperledger Aries: Open Source Interoperable Identity Solution – Nathan George
Hyperledger Aries: Open Source Interoperable Identity Solution – Nathan GeorgeSSIMeetup
 
The Hyperledger Indy Public Blockchain Node
The Hyperledger Indy Public Blockchain NodeThe Hyperledger Indy Public Blockchain Node
The Hyperledger Indy Public Blockchain NodeSSIMeetup
 
OAuth 2.0 and OpenId Connect
OAuth 2.0 and OpenId ConnectOAuth 2.0 and OpenId Connect
OAuth 2.0 and OpenId ConnectSaran Doraiswamy
 
How to Build Interoperable Decentralized Identity Systems with OpenID for Ver...
How to Build Interoperable Decentralized Identity Systems with OpenID for Ver...How to Build Interoperable Decentralized Identity Systems with OpenID for Ver...
How to Build Interoperable Decentralized Identity Systems with OpenID for Ver...Torsten Lodderstedt
 
次世代 KYC に関する検討状況 - OpenID BizDay #15
次世代 KYC に関する検討状況 - OpenID BizDay #15次世代 KYC に関する検討状況 - OpenID BizDay #15
次世代 KYC に関する検討状況 - OpenID BizDay #15OpenID Foundation Japan
 
Session 4 - Bringing the pieces together - Detailed review of a reference ex...
Session 4 - Bringing the pieces together - Detailed review of a reference ex...Session 4 - Bringing the pieces together - Detailed review of a reference ex...
Session 4 - Bringing the pieces together - Detailed review of a reference ex...FIWARE
 
分散型IDと検証可能なアイデンティティ技術概要
分散型IDと検証可能なアイデンティティ技術概要分散型IDと検証可能なアイデンティティ技術概要
分散型IDと検証可能なアイデンティティ技術概要Naohiro Fujie
 
OpenID Connect Explained
OpenID Connect ExplainedOpenID Connect Explained
OpenID Connect ExplainedVladimir Dzhuvinov
 
AllTheTalks.Online 2020: "Basics of OAuth 2.0 and OpenID Connect"
AllTheTalks.Online 2020: "Basics of OAuth 2.0 and OpenID Connect"AllTheTalks.Online 2020: "Basics of OAuth 2.0 and OpenID Connect"
AllTheTalks.Online 2020: "Basics of OAuth 2.0 and OpenID Connect"Andreas Falk
 

Más contenido relacionado

La actualidad más candente

OpenID Connect 4 SSI (at EIC 2021)
OpenID Connect 4 SSI (at EIC 2021)OpenID Connect 4 SSI (at EIC 2021)
OpenID Connect 4 SSI (at EIC 2021)Torsten Lodderstedt
 
The European Union goes Decentralized
The European Union goes DecentralizedThe European Union goes Decentralized
The European Union goes DecentralizedTorsten Lodderstedt
 
OpenID for Verifiable Credentials (IIW 35)
OpenID for Verifiable Credentials (IIW 35)OpenID for Verifiable Credentials (IIW 35)
OpenID for Verifiable Credentials (IIW 35)Torsten Lodderstedt
 
EUDI wallets with OpenID for verifiable credentials (OID4VCI/OID4VP)
EUDI wallets with OpenID for verifiable credentials (OID4VCI/OID4VP)EUDI wallets with OpenID for verifiable credentials (OID4VCI/OID4VP)
EUDI wallets with OpenID for verifiable credentials (OID4VCI/OID4VP)Lal Chandran
 
OpenID for Verifiable Credentials
OpenID for Verifiable CredentialsOpenID for Verifiable Credentials
OpenID for Verifiable CredentialsTorsten Lodderstedt
 
IDA,VC,DID関連仕様 最新情報 - OpenID BizDay #15
IDA,VC,DID関連仕様 最新情報 - OpenID BizDay #15IDA,VC,DID関連仕様 最新情報 - OpenID BizDay #15
IDA,VC,DID関連仕様 最新情報 - OpenID BizDay #15OpenID Foundation Japan
 
Verifiable Credentials in Self-Sovereign Identity (SSI)
Verifiable Credentials in Self-Sovereign Identity (SSI)Verifiable Credentials in Self-Sovereign Identity (SSI)
Verifiable Credentials in Self-Sovereign Identity (SSI)Evernym
 
Verifiable Credentials_Kristina_Identiverse2022_vFIN.pdf
Verifiable Credentials_Kristina_Identiverse2022_vFIN.pdfVerifiable Credentials_Kristina_Identiverse2022_vFIN.pdf
Verifiable Credentials_Kristina_Identiverse2022_vFIN.pdfKristina Yasuda
 
MicrosoftのDID/VC実装概要
MicrosoftのDID/VC実装概要MicrosoftのDID/VC実装概要
MicrosoftのDID/VC実装概要Naohiro Fujie
 
Hyperledger Indy tutorial
Hyperledger Indy tutorialHyperledger Indy tutorial
Hyperledger Indy tutorialssuser3993f3
 
Decentralized Identifiers (DIDs): The Fundamental Building Block of Self-Sove...
Decentralized Identifiers (DIDs): The Fundamental Building Block of Self-Sove...Decentralized Identifiers (DIDs): The Fundamental Building Block of Self-Sove...
Decentralized Identifiers (DIDs): The Fundamental Building Block of Self-Sove...SSIMeetup
 
SSI DIDs VCs 入門資料
SSI DIDs VCs 入門資料SSI DIDs VCs 入門資料
SSI DIDs VCs 入門資料KAYATO SAITO
 
OpenID Connect: An Overview
OpenID Connect: An OverviewOpenID Connect: An Overview
OpenID Connect: An OverviewPat Patterson
 
Hyperledger Aries: Open Source Interoperable Identity Solution – Nathan George
Hyperledger Aries: Open Source Interoperable Identity Solution – Nathan GeorgeHyperledger Aries: Open Source Interoperable Identity Solution – Nathan George
Hyperledger Aries: Open Source Interoperable Identity Solution – Nathan GeorgeSSIMeetup
 
The Hyperledger Indy Public Blockchain Node
The Hyperledger Indy Public Blockchain NodeThe Hyperledger Indy Public Blockchain Node
The Hyperledger Indy Public Blockchain NodeSSIMeetup
 
OAuth 2.0 and OpenId Connect
OAuth 2.0 and OpenId ConnectOAuth 2.0 and OpenId Connect
OAuth 2.0 and OpenId ConnectSaran Doraiswamy
 
How to Build Interoperable Decentralized Identity Systems with OpenID for Ver...
How to Build Interoperable Decentralized Identity Systems with OpenID for Ver...How to Build Interoperable Decentralized Identity Systems with OpenID for Ver...
How to Build Interoperable Decentralized Identity Systems with OpenID for Ver...Torsten Lodderstedt
 
次世代 KYC に関する検討状況 - OpenID BizDay #15
次世代 KYC に関する検討状況 - OpenID BizDay #15次世代 KYC に関する検討状況 - OpenID BizDay #15
次世代 KYC に関する検討状況 - OpenID BizDay #15OpenID Foundation Japan
 
Session 4 - Bringing the pieces together - Detailed review of a reference ex...
Session 4 - Bringing the pieces together - Detailed review of a reference ex...Session 4 - Bringing the pieces together - Detailed review of a reference ex...
Session 4 - Bringing the pieces together - Detailed review of a reference ex...FIWARE
 
分散型IDと検証可能なアイデンティティ技術概要
分散型IDと検証可能なアイデンティティ技術概要分散型IDと検証可能なアイデンティティ技術概要
分散型IDと検証可能なアイデンティティ技術概要Naohiro Fujie
 

La actualidad más candente (20)

OpenID Connect 4 SSI (at EIC 2021)
OpenID Connect 4 SSI (at EIC 2021)OpenID Connect 4 SSI (at EIC 2021)
OpenID Connect 4 SSI (at EIC 2021)
 
The European Union goes Decentralized
The European Union goes DecentralizedThe European Union goes Decentralized
The European Union goes Decentralized
 
OpenID for Verifiable Credentials (IIW 35)
OpenID for Verifiable Credentials (IIW 35)OpenID for Verifiable Credentials (IIW 35)
OpenID for Verifiable Credentials (IIW 35)
 
EUDI wallets with OpenID for verifiable credentials (OID4VCI/OID4VP)
EUDI wallets with OpenID for verifiable credentials (OID4VCI/OID4VP)EUDI wallets with OpenID for verifiable credentials (OID4VCI/OID4VP)
EUDI wallets with OpenID for verifiable credentials (OID4VCI/OID4VP)
 
OpenID for Verifiable Credentials
OpenID for Verifiable CredentialsOpenID for Verifiable Credentials
OpenID for Verifiable Credentials
 
IDA,VC,DID関連仕様 最新情報 - OpenID BizDay #15
IDA,VC,DID関連仕様 最新情報 - OpenID BizDay #15IDA,VC,DID関連仕様 最新情報 - OpenID BizDay #15
IDA,VC,DID関連仕様 最新情報 - OpenID BizDay #15
 
Verifiable Credentials in Self-Sovereign Identity (SSI)
Verifiable Credentials in Self-Sovereign Identity (SSI)Verifiable Credentials in Self-Sovereign Identity (SSI)
Verifiable Credentials in Self-Sovereign Identity (SSI)
 
Verifiable Credentials_Kristina_Identiverse2022_vFIN.pdf
Verifiable Credentials_Kristina_Identiverse2022_vFIN.pdfVerifiable Credentials_Kristina_Identiverse2022_vFIN.pdf
Verifiable Credentials_Kristina_Identiverse2022_vFIN.pdf
 
MicrosoftのDID/VC実装概要
MicrosoftのDID/VC実装概要MicrosoftのDID/VC実装概要
MicrosoftのDID/VC実装概要
 
Hyperledger Indy tutorial
Hyperledger Indy tutorialHyperledger Indy tutorial
Hyperledger Indy tutorial
 
Decentralized Identifiers (DIDs): The Fundamental Building Block of Self-Sove...
Decentralized Identifiers (DIDs): The Fundamental Building Block of Self-Sove...Decentralized Identifiers (DIDs): The Fundamental Building Block of Self-Sove...
Decentralized Identifiers (DIDs): The Fundamental Building Block of Self-Sove...
 
SSI DIDs VCs 入門資料
SSI DIDs VCs 入門資料SSI DIDs VCs 入門資料
SSI DIDs VCs 入門資料
 
OpenID Connect: An Overview
OpenID Connect: An OverviewOpenID Connect: An Overview
OpenID Connect: An Overview
 
Hyperledger Aries: Open Source Interoperable Identity Solution – Nathan George
Hyperledger Aries: Open Source Interoperable Identity Solution – Nathan GeorgeHyperledger Aries: Open Source Interoperable Identity Solution – Nathan George
Hyperledger Aries: Open Source Interoperable Identity Solution – Nathan George
 
The Hyperledger Indy Public Blockchain Node
The Hyperledger Indy Public Blockchain NodeThe Hyperledger Indy Public Blockchain Node
The Hyperledger Indy Public Blockchain Node
 
OAuth 2.0 and OpenId Connect
OAuth 2.0 and OpenId ConnectOAuth 2.0 and OpenId Connect
OAuth 2.0 and OpenId Connect
 
How to Build Interoperable Decentralized Identity Systems with OpenID for Ver...
How to Build Interoperable Decentralized Identity Systems with OpenID for Ver...How to Build Interoperable Decentralized Identity Systems with OpenID for Ver...
How to Build Interoperable Decentralized Identity Systems with OpenID for Ver...
 
次世代 KYC に関する検討状況 - OpenID BizDay #15
次世代 KYC に関する検討状況 - OpenID BizDay #15次世代 KYC に関する検討状況 - OpenID BizDay #15
次世代 KYC に関する検討状況 - OpenID BizDay #15
 
Session 4 - Bringing the pieces together - Detailed review of a reference ex...
Session 4 - Bringing the pieces together - Detailed review of a reference ex...Session 4 - Bringing the pieces together - Detailed review of a reference ex...
Session 4 - Bringing the pieces together - Detailed review of a reference ex...
 
分散型IDと検証可能なアイデンティティ技術概要
分散型IDと検証可能なアイデンティティ技術概要分散型IDと検証可能なアイデンティティ技術概要
分散型IDと検証可能なアイデンティティ技術概要
 

Similar a OpenID for SSI

AllTheTalks.Online 2020: "Basics of OAuth 2.0 and OpenID Connect"
AllTheTalks.Online 2020: "Basics of OAuth 2.0 and OpenID Connect"AllTheTalks.Online 2020: "Basics of OAuth 2.0 and OpenID Connect"
AllTheTalks.Online 2020: "Basics of OAuth 2.0 and OpenID Connect"Andreas Falk
 
OpenID Connect "101" Introduction -- October 23, 2018
OpenID Connect "101" Introduction -- October 23, 2018OpenID Connect "101" Introduction -- October 23, 2018
OpenID Connect "101" Introduction -- October 23, 2018OpenIDFoundation
 
FIWARE IoT Proposal & Community
FIWARE IoT Proposal & CommunityFIWARE IoT Proposal & Community
FIWARE IoT Proposal & CommunityFIWARE
 
apidays LIVE India 2022_Standardizing Biometric Device Integration for Identi...
apidays LIVE India 2022_Standardizing Biometric Device Integration for Identi...apidays LIVE India 2022_Standardizing Biometric Device Integration for Identi...
apidays LIVE India 2022_Standardizing Biometric Device Integration for Identi...apidays
 
Fiware io t_ul20_cpbr8
Fiware io t_ul20_cpbr8Fiware io t_ul20_cpbr8
Fiware io t_ul20_cpbr8FIWARE
 
Java EE Application Security With PicketLink
Java EE Application Security With PicketLinkJava EE Application Security With PicketLink
Java EE Application Security With PicketLinkpigorcraveiro
 
WSO2 Identity Server - Product Overview
WSO2 Identity Server - Product OverviewWSO2 Identity Server - Product Overview
WSO2 Identity Server - Product OverviewWSO2
 
Self-issued OpenID Provider_OpenID Foundation Virtual Workshop
Self-issued OpenID Provider_OpenID Foundation Virtual Workshop Self-issued OpenID Provider_OpenID Foundation Virtual Workshop
Self-issued OpenID Provider_OpenID Foundation Virtual Workshop Kristina Yasuda
 
Authorization and Authentication using IdentityServer4
Authorization and Authentication using IdentityServer4Authorization and Authentication using IdentityServer4
Authorization and Authentication using IdentityServer4Aaron Ralls
 
Microservices Security landscape
Microservices Security landscapeMicroservices Security landscape
Microservices Security landscapeSagara Gunathunga
 
Building IAM for OpenStack
Building IAM for OpenStackBuilding IAM for OpenStack
Building IAM for OpenStackSteve Martinelli
 
FIWARE Training: API Umbrella
FIWARE Training: API UmbrellaFIWARE Training: API Umbrella
FIWARE Training: API UmbrellaFIWARE
 
OpenID Connect - An Emperor or Just New Cloths?
OpenID Connect - An Emperor or Just New Cloths?OpenID Connect - An Emperor or Just New Cloths?
OpenID Connect - An Emperor or Just New Cloths?Oliver Pfaff
 
#5 WSO2 Masterclassitalia - WSO2 Identity Server, un approccio OAUTH2
#5 WSO2 Masterclassitalia - WSO2 Identity Server, un approccio OAUTH2#5 WSO2 Masterclassitalia - WSO2 Identity Server, un approccio OAUTH2
#5 WSO2 Masterclassitalia - WSO2 Identity Server, un approccio OAUTH2Profesia Srl, Lynx Group
 
2016 pycontw web api authentication
2016 pycontw web api authentication 2016 pycontw web api authentication
2016 pycontw web api authentication Micron Technology
 
Moscow MuleSoft meetup May 2021
Moscow MuleSoft meetup May 2021Moscow MuleSoft meetup May 2021
Moscow MuleSoft meetup May 2021Leadex Systems
 
2019 - Tech Talk DC - Token-based security for web applications using OAuth2 ...
2019 - Tech Talk DC - Token-based security for web applications using OAuth2 ...2019 - Tech Talk DC - Token-based security for web applications using OAuth2 ...
2019 - Tech Talk DC - Token-based security for web applications using OAuth2 ...Vladimir Bychkov
 

Similar a OpenID for SSI (20)

OpenID Connect Explained
OpenID Connect ExplainedOpenID Connect Explained
OpenID Connect Explained
 
AllTheTalks.Online 2020: "Basics of OAuth 2.0 and OpenID Connect"
AllTheTalks.Online 2020: "Basics of OAuth 2.0 and OpenID Connect"AllTheTalks.Online 2020: "Basics of OAuth 2.0 and OpenID Connect"
AllTheTalks.Online 2020: "Basics of OAuth 2.0 and OpenID Connect"
 
OpenID Connect "101" Introduction -- October 23, 2018
OpenID Connect "101" Introduction -- October 23, 2018OpenID Connect "101" Introduction -- October 23, 2018
OpenID Connect "101" Introduction -- October 23, 2018
 
FIWARE IoT Proposal & Community
FIWARE IoT Proposal & CommunityFIWARE IoT Proposal & Community
FIWARE IoT Proposal & Community
 
apidays LIVE India 2022_Standardizing Biometric Device Integration for Identi...
apidays LIVE India 2022_Standardizing Biometric Device Integration for Identi...apidays LIVE India 2022_Standardizing Biometric Device Integration for Identi...
apidays LIVE India 2022_Standardizing Biometric Device Integration for Identi...
 
Decentralized Identifiers
Decentralized IdentifiersDecentralized Identifiers
Decentralized Identifiers
 
Bye bye Identity Server
Bye bye Identity ServerBye bye Identity Server
Bye bye Identity Server
 
Fiware io t_ul20_cpbr8
Fiware io t_ul20_cpbr8Fiware io t_ul20_cpbr8
Fiware io t_ul20_cpbr8
 
Java EE Application Security With PicketLink
Java EE Application Security With PicketLinkJava EE Application Security With PicketLink
Java EE Application Security With PicketLink
 
WSO2 Identity Server - Product Overview
WSO2 Identity Server - Product OverviewWSO2 Identity Server - Product Overview
WSO2 Identity Server - Product Overview
 
Self-issued OpenID Provider_OpenID Foundation Virtual Workshop
Self-issued OpenID Provider_OpenID Foundation Virtual Workshop Self-issued OpenID Provider_OpenID Foundation Virtual Workshop
Self-issued OpenID Provider_OpenID Foundation Virtual Workshop
 
Authorization and Authentication using IdentityServer4
Authorization and Authentication using IdentityServer4Authorization and Authentication using IdentityServer4
Authorization and Authentication using IdentityServer4
 
Microservices Security landscape
Microservices Security landscapeMicroservices Security landscape
Microservices Security landscape
 
Building IAM for OpenStack
Building IAM for OpenStackBuilding IAM for OpenStack
Building IAM for OpenStack
 
FIWARE Training: API Umbrella
FIWARE Training: API UmbrellaFIWARE Training: API Umbrella
FIWARE Training: API Umbrella
 
OpenID Connect - An Emperor or Just New Cloths?
OpenID Connect - An Emperor or Just New Cloths?OpenID Connect - An Emperor or Just New Cloths?
OpenID Connect - An Emperor or Just New Cloths?
 
#5 WSO2 Masterclassitalia - WSO2 Identity Server, un approccio OAUTH2
#5 WSO2 Masterclassitalia - WSO2 Identity Server, un approccio OAUTH2#5 WSO2 Masterclassitalia - WSO2 Identity Server, un approccio OAUTH2
#5 WSO2 Masterclassitalia - WSO2 Identity Server, un approccio OAUTH2
 
2016 pycontw web api authentication
2016 pycontw web api authentication 2016 pycontw web api authentication
2016 pycontw web api authentication
 
Moscow MuleSoft meetup May 2021
Moscow MuleSoft meetup May 2021Moscow MuleSoft meetup May 2021
Moscow MuleSoft meetup May 2021
 
2019 - Tech Talk DC - Token-based security for web applications using OAuth2 ...
2019 - Tech Talk DC - Token-based security for web applications using OAuth2 ...2019 - Tech Talk DC - Token-based security for web applications using OAuth2 ...
2019 - Tech Talk DC - Token-based security for web applications using OAuth2 ...
 

Más de Torsten Lodderstedt

Comprehensive overview FAPI 1 and FAPI 2
Comprehensive overview FAPI 1 and FAPI 2Comprehensive overview FAPI 1 and FAPI 2
Comprehensive overview FAPI 1 and FAPI 2Torsten Lodderstedt
 
Comprehensive overview FAPI 1 and 2
Comprehensive overview FAPI 1 and 2Comprehensive overview FAPI 1 and 2
Comprehensive overview FAPI 1 and 2Torsten Lodderstedt
 
OpenID Connect 4 Identity Assurance at IIW #32
OpenID Connect 4 Identity Assurance at IIW #32OpenID Connect 4 Identity Assurance at IIW #32
OpenID Connect 4 Identity Assurance at IIW #32Torsten Lodderstedt
 
OpenID Connect for W3C Verifiable Credential Objects
OpenID Connect for W3C Verifiable Credential ObjectsOpenID Connect for W3C Verifiable Credential Objects
OpenID Connect for W3C Verifiable Credential ObjectsTorsten Lodderstedt
 
Identity Assurance with OpenID Connect
Identity Assurance with OpenID ConnectIdentity Assurance with OpenID Connect
Identity Assurance with OpenID ConnectTorsten Lodderstedt
 
NextGenPSD2 OAuth SCA Mode Security Recommendations
NextGenPSD2 OAuth SCA Mode Security RecommendationsNextGenPSD2 OAuth SCA Mode Security Recommendations
NextGenPSD2 OAuth SCA Mode Security RecommendationsTorsten Lodderstedt
 
OpenID Connect for Identity Assurance
OpenID Connect for Identity AssuranceOpenID Connect for Identity Assurance
OpenID Connect for Identity AssuranceTorsten Lodderstedt
 
NextGenPSD2 OAuth SCA Mode Security Recommendations
NextGenPSD2 OAuth SCA Mode Security Recommendations NextGenPSD2 OAuth SCA Mode Security Recommendations
NextGenPSD2 OAuth SCA Mode Security Recommendations Torsten Lodderstedt
 
Identiverse: PSD2, Open Banking, and Technical Interoperability
Identiverse: PSD2, Open Banking, and Technical InteroperabilityIdentiverse: PSD2, Open Banking, and Technical Interoperability
Identiverse: PSD2, Open Banking, and Technical InteroperabilityTorsten Lodderstedt
 
Identity Proofing with OpenID Connect
Identity Proofing with OpenID ConnectIdentity Proofing with OpenID Connect
Identity Proofing with OpenID ConnectTorsten Lodderstedt
 

Más de Torsten Lodderstedt (15)

GAIN Presentation.pptx
GAIN Presentation.pptxGAIN Presentation.pptx
GAIN Presentation.pptx
 
Comprehensive overview FAPI 1 and FAPI 2
Comprehensive overview FAPI 1 and FAPI 2Comprehensive overview FAPI 1 and FAPI 2
Comprehensive overview FAPI 1 and FAPI 2
 
Comprehensive overview FAPI 1 and 2
Comprehensive overview FAPI 1 and 2Comprehensive overview FAPI 1 and 2
Comprehensive overview FAPI 1 and 2
 
OpenID Connect 4 Identity Assurance at IIW #32
OpenID Connect 4 Identity Assurance at IIW #32OpenID Connect 4 Identity Assurance at IIW #32
OpenID Connect 4 Identity Assurance at IIW #32
 
OpenID Connect for W3C Verifiable Credential Objects
OpenID Connect for W3C Verifiable Credential ObjectsOpenID Connect for W3C Verifiable Credential Objects
OpenID Connect for W3C Verifiable Credential Objects
 
Identity Assurance with OpenID Connect
Identity Assurance with OpenID ConnectIdentity Assurance with OpenID Connect
Identity Assurance with OpenID Connect
 
NextGenPSD2 OAuth SCA Mode Security Recommendations
NextGenPSD2 OAuth SCA Mode Security RecommendationsNextGenPSD2 OAuth SCA Mode Security Recommendations
NextGenPSD2 OAuth SCA Mode Security Recommendations
 
Rich Authorization Requests
Rich Authorization RequestsRich Authorization Requests
Rich Authorization Requests
 
Pushed Authorization Requests
Pushed Authorization RequestsPushed Authorization Requests
Pushed Authorization Requests
 
OpenID Connect for Identity Assurance
OpenID Connect for Identity AssuranceOpenID Connect for Identity Assurance
OpenID Connect for Identity Assurance
 
NextGenPSD2 OAuth SCA Mode Security Recommendations
NextGenPSD2 OAuth SCA Mode Security Recommendations NextGenPSD2 OAuth SCA Mode Security Recommendations
NextGenPSD2 OAuth SCA Mode Security Recommendations
 
Identiverse: PSD2, Open Banking, and Technical Interoperability
Identiverse: PSD2, Open Banking, and Technical InteroperabilityIdentiverse: PSD2, Open Banking, and Technical Interoperability
Identiverse: PSD2, Open Banking, and Technical Interoperability
 
OAuth 2.0 Security Reinforced
OAuth 2.0 Security ReinforcedOAuth 2.0 Security Reinforced
OAuth 2.0 Security Reinforced
 
OAuth Security 4 Dummies iiw#27
OAuth Security 4 Dummies iiw#27OAuth Security 4 Dummies iiw#27
OAuth Security 4 Dummies iiw#27
 
Identity Proofing with OpenID Connect
Identity Proofing with OpenID ConnectIdentity Proofing with OpenID Connect
Identity Proofing with OpenID Connect
 

Último

Top profile Call Girls In Dindigul [ 7014168258 ] Call Me For Genuine Models ...
Top profile Call Girls In Dindigul [ 7014168258 ] Call Me For Genuine Models ...Top profile Call Girls In Dindigul [ 7014168258 ] Call Me For Genuine Models ...
Top profile Call Girls In Dindigul [ 7014168258 ] Call Me For Genuine Models ...gajnagarg
 
20240507 QFM013 Machine Intelligence Reading List April 2024.pdf
20240507 QFM013 Machine Intelligence Reading List April 2024.pdf20240507 QFM013 Machine Intelligence Reading List April 2024.pdf
20240507 QFM013 Machine Intelligence Reading List April 2024.pdfMatthew Sinclair
 
20240510 QFM016 Irresponsible AI Reading List April 2024.pdf
20240510 QFM016 Irresponsible AI Reading List April 2024.pdf20240510 QFM016 Irresponsible AI Reading List April 2024.pdf
20240510 QFM016 Irresponsible AI Reading List April 2024.pdfMatthew Sinclair
 
Vip Firozabad Phone 8250092165 Escorts Service At 6k To 30k Along With Ac Room
Vip Firozabad Phone 8250092165 Escorts Service At 6k To 30k Along With Ac RoomVip Firozabad Phone 8250092165 Escorts Service At 6k To 30k Along With Ac Room
Vip Firozabad Phone 8250092165 Escorts Service At 6k To 30k Along With Ac Roommeghakumariji156
 
Local Call Girls in Seoni 9332606886 HOT & SEXY Models beautiful and charmin...
Local Call Girls in Seoni 9332606886 HOT & SEXY Models beautiful and charmin...Local Call Girls in Seoni 9332606886 HOT & SEXY Models beautiful and charmin...
Local Call Girls in Seoni 9332606886 HOT & SEXY Models beautiful and charmin...kumargunjan9515
 
一比一原版奥兹学院毕业证如何办理
一比一原版奥兹学院毕业证如何办理一比一原版奥兹学院毕业证如何办理
一比一原版奥兹学院毕业证如何办理F
 
Mira Road Housewife Call Girls 07506202331, Nalasopara Call Girls
Mira Road Housewife Call Girls 07506202331, Nalasopara Call GirlsMira Road Housewife Call Girls 07506202331, Nalasopara Call Girls
Mira Road Housewife Call Girls 07506202331, Nalasopara Call GirlsPriya Reddy
 
Best SEO Services Company in Dallas | Best SEO Agency Dallas
Best SEO Services Company in Dallas | Best SEO Agency DallasBest SEO Services Company in Dallas | Best SEO Agency Dallas
Best SEO Services Company in Dallas | Best SEO Agency DallasDigicorns Technologies
 
一比一原版(Flinders毕业证书)弗林德斯大学毕业证原件一模一样
一比一原版(Flinders毕业证书)弗林德斯大学毕业证原件一模一样一比一原版(Flinders毕业证书)弗林德斯大学毕业证原件一模一样
一比一原版(Flinders毕业证书)弗林德斯大学毕业证原件一模一样ayvbos
 
Nagercoil Escorts Service Girl ^ 9332606886, WhatsApp Anytime Nagercoil
Nagercoil Escorts Service Girl ^ 9332606886, WhatsApp Anytime NagercoilNagercoil Escorts Service Girl ^ 9332606886, WhatsApp Anytime Nagercoil
Nagercoil Escorts Service Girl ^ 9332606886, WhatsApp Anytime Nagercoilmeghakumariji156
 
Russian Escort Abu Dhabi 0503464457 Abu DHabi Escorts
Russian Escort Abu Dhabi 0503464457 Abu DHabi EscortsRussian Escort Abu Dhabi 0503464457 Abu DHabi Escorts
Russian Escort Abu Dhabi 0503464457 Abu DHabi EscortsMonica Sydney
 
Meaning of On page SEO & its process in detail.
Meaning of On page SEO & its process in detail.Meaning of On page SEO & its process in detail.
Meaning of On page SEO & its process in detail.krishnachandrapal52
 
"Boost Your Digital Presence: Partner with a Leading SEO Agency"
"Boost Your Digital Presence: Partner with a Leading SEO Agency""Boost Your Digital Presence: Partner with a Leading SEO Agency"
"Boost Your Digital Presence: Partner with a Leading SEO Agency"growthgrids
 
APNIC Updates presented by Paul Wilson at ARIN 53
APNIC Updates presented by Paul Wilson at ARIN 53APNIC Updates presented by Paul Wilson at ARIN 53
APNIC Updates presented by Paul Wilson at ARIN 53APNIC
 
20240508 QFM014 Elixir Reading List April 2024.pdf
20240508 QFM014 Elixir Reading List April 2024.pdf20240508 QFM014 Elixir Reading List April 2024.pdf
20240508 QFM014 Elixir Reading List April 2024.pdfMatthew Sinclair
 
一比一原版田纳西大学毕业证如何办理
一比一原版田纳西大学毕业证如何办理一比一原版田纳西大学毕业证如何办理
一比一原版田纳西大学毕业证如何办理F
 
Trump Diapers Over Dems t shirts Sweatshirt
Trump Diapers Over Dems t shirts SweatshirtTrump Diapers Over Dems t shirts Sweatshirt
Trump Diapers Over Dems t shirts Sweatshirtrahman018755
 
Real Men Wear Diapers T Shirts sweatshirt
Real Men Wear Diapers T Shirts sweatshirtReal Men Wear Diapers T Shirts sweatshirt
Real Men Wear Diapers T Shirts sweatshirtrahman018755
 
Tadepalligudem Escorts Service Girl ^ 9332606886, WhatsApp Anytime Tadepallig...
Tadepalligudem Escorts Service Girl ^ 9332606886, WhatsApp Anytime Tadepallig...Tadepalligudem Escorts Service Girl ^ 9332606886, WhatsApp Anytime Tadepallig...
Tadepalligudem Escorts Service Girl ^ 9332606886, WhatsApp Anytime Tadepallig...meghakumariji156
 

Último (20)

call girls in Anand Vihar (delhi) call me [🔝9953056974🔝] escort service 24X7
call girls in Anand Vihar (delhi) call me [🔝9953056974🔝] escort service 24X7call girls in Anand Vihar (delhi) call me [🔝9953056974🔝] escort service 24X7
call girls in Anand Vihar (delhi) call me [🔝9953056974🔝] escort service 24X7
 
Top profile Call Girls In Dindigul [ 7014168258 ] Call Me For Genuine Models ...
Top profile Call Girls In Dindigul [ 7014168258 ] Call Me For Genuine Models ...Top profile Call Girls In Dindigul [ 7014168258 ] Call Me For Genuine Models ...
Top profile Call Girls In Dindigul [ 7014168258 ] Call Me For Genuine Models ...
 
20240507 QFM013 Machine Intelligence Reading List April 2024.pdf
20240507 QFM013 Machine Intelligence Reading List April 2024.pdf20240507 QFM013 Machine Intelligence Reading List April 2024.pdf
20240507 QFM013 Machine Intelligence Reading List April 2024.pdf
 
20240510 QFM016 Irresponsible AI Reading List April 2024.pdf
20240510 QFM016 Irresponsible AI Reading List April 2024.pdf20240510 QFM016 Irresponsible AI Reading List April 2024.pdf
20240510 QFM016 Irresponsible AI Reading List April 2024.pdf
 
Vip Firozabad Phone 8250092165 Escorts Service At 6k To 30k Along With Ac Room
Vip Firozabad Phone 8250092165 Escorts Service At 6k To 30k Along With Ac RoomVip Firozabad Phone 8250092165 Escorts Service At 6k To 30k Along With Ac Room
Vip Firozabad Phone 8250092165 Escorts Service At 6k To 30k Along With Ac Room
 
Local Call Girls in Seoni 9332606886 HOT & SEXY Models beautiful and charmin...
Local Call Girls in Seoni 9332606886 HOT & SEXY Models beautiful and charmin...Local Call Girls in Seoni 9332606886 HOT & SEXY Models beautiful and charmin...
Local Call Girls in Seoni 9332606886 HOT & SEXY Models beautiful and charmin...
 
一比一原版奥兹学院毕业证如何办理
一比一原版奥兹学院毕业证如何办理一比一原版奥兹学院毕业证如何办理
一比一原版奥兹学院毕业证如何办理
 
Mira Road Housewife Call Girls 07506202331, Nalasopara Call Girls
Mira Road Housewife Call Girls 07506202331, Nalasopara Call GirlsMira Road Housewife Call Girls 07506202331, Nalasopara Call Girls
Mira Road Housewife Call Girls 07506202331, Nalasopara Call Girls
 
Best SEO Services Company in Dallas | Best SEO Agency Dallas
Best SEO Services Company in Dallas | Best SEO Agency DallasBest SEO Services Company in Dallas | Best SEO Agency Dallas
Best SEO Services Company in Dallas | Best SEO Agency Dallas
 
一比一原版(Flinders毕业证书)弗林德斯大学毕业证原件一模一样
一比一原版(Flinders毕业证书)弗林德斯大学毕业证原件一模一样一比一原版(Flinders毕业证书)弗林德斯大学毕业证原件一模一样
一比一原版(Flinders毕业证书)弗林德斯大学毕业证原件一模一样
 
Nagercoil Escorts Service Girl ^ 9332606886, WhatsApp Anytime Nagercoil
Nagercoil Escorts Service Girl ^ 9332606886, WhatsApp Anytime NagercoilNagercoil Escorts Service Girl ^ 9332606886, WhatsApp Anytime Nagercoil
Nagercoil Escorts Service Girl ^ 9332606886, WhatsApp Anytime Nagercoil
 
Russian Escort Abu Dhabi 0503464457 Abu DHabi Escorts
Russian Escort Abu Dhabi 0503464457 Abu DHabi EscortsRussian Escort Abu Dhabi 0503464457 Abu DHabi Escorts
Russian Escort Abu Dhabi 0503464457 Abu DHabi Escorts
 
Meaning of On page SEO & its process in detail.
Meaning of On page SEO & its process in detail.Meaning of On page SEO & its process in detail.
Meaning of On page SEO & its process in detail.
 
"Boost Your Digital Presence: Partner with a Leading SEO Agency"
"Boost Your Digital Presence: Partner with a Leading SEO Agency""Boost Your Digital Presence: Partner with a Leading SEO Agency"
"Boost Your Digital Presence: Partner with a Leading SEO Agency"
 
APNIC Updates presented by Paul Wilson at ARIN 53
APNIC Updates presented by Paul Wilson at ARIN 53APNIC Updates presented by Paul Wilson at ARIN 53
APNIC Updates presented by Paul Wilson at ARIN 53
 
20240508 QFM014 Elixir Reading List April 2024.pdf
20240508 QFM014 Elixir Reading List April 2024.pdf20240508 QFM014 Elixir Reading List April 2024.pdf
20240508 QFM014 Elixir Reading List April 2024.pdf
 
一比一原版田纳西大学毕业证如何办理
一比一原版田纳西大学毕业证如何办理一比一原版田纳西大学毕业证如何办理
一比一原版田纳西大学毕业证如何办理
 
Trump Diapers Over Dems t shirts Sweatshirt
Trump Diapers Over Dems t shirts SweatshirtTrump Diapers Over Dems t shirts Sweatshirt
Trump Diapers Over Dems t shirts Sweatshirt
 
Real Men Wear Diapers T Shirts sweatshirt
Real Men Wear Diapers T Shirts sweatshirtReal Men Wear Diapers T Shirts sweatshirt
Real Men Wear Diapers T Shirts sweatshirt
 
Tadepalligudem Escorts Service Girl ^ 9332606886, WhatsApp Anytime Tadepallig...
Tadepalligudem Escorts Service Girl ^ 9332606886, WhatsApp Anytime Tadepallig...Tadepalligudem Escorts Service Girl ^ 9332606886, WhatsApp Anytime Tadepallig...
Tadepalligudem Escorts Service Girl ^ 9332606886, WhatsApp Anytime Tadepallig...
 

OpenID for SSI

  • 1. OpenID for SSI Kristina Yasuda, Microsoft Dr. Torsten Lodderstedt, yes.com
  • 2. OpenID for SSI • Aims at specifying a set of protocols based on OpenID Connect and OAuth2.0 to enable SSI applications • Initiative conducted at OpenID Foundation in liaison with the Decentralized Identity Foundation (DIF) • One of the specifications is built up on DID-SIOP in DIDAuth WG in DIF and SIOPv1 chapter 7 in OIDC Core
  • 3. - Self-Issued OP (SIOP) already provides good starting point - Leveraging the simplicity and security of OpenID Connect and OAuth2.0 for SSI applications - Existing libraries, only HTTPS communication, developer familiarity - Great for mobile applications, no firewall hassles - Security of OpenID Connect has been tested and formally analysed - Allow existing OpenID Connect RPs to access SSI credentials and existing OpenID Connect OPs to issue credentials Why use OpenID Connect/OAuth2.0 as basis?
  • 4. ③ OpenID Connect for Verifiable Credential Issuance (Issuance of Verifiable Credentials) OpenID Connect for SSI Components Issuer (Website) Verifier (Website) Holder (Digital Wallet) Issue Credentials Present Credentials ① Self-Issued OP v2 (key exchange and authentication) ② OpenID Connect for Verifiable Presentations (Presentation of Verifiable Credentials) Can be hosted locally on the user’s device, have cloud components, or be entirely hosted in the cloud
  • 5. Using OIDC4SSI as an authentication protocol to present and issue credentials allows implementers to choose a combination of DID methods, credential formats and other components of the SSI tech stack. OIDC4SSI allows variety of choices in the SSI tech stack SSI Tech Stack component Implementer’s choices when using OIDC4SSI as a protocol Identifiers Any DID method - user’s identifier can also be a JWK Thumbprint (`sub` in the ID Token) - verifier’s identifier can also be a unique string (`client_id` in the request) Credential Format Any credential format (AnonCreds, LDP-VC, JWT-VC, ISO mDL, etc.) Revocation Any mechanism (Status List 2021, etc.) additional trust mechanisms Any mechanism (.well-known DID configuration, etc.) Cryptography Any cryptosuite (EdDSA, ES256K, etc.)
  • 8. Standard OpenID Connect vs SIOP v2 Self-Issued OP model ⓪ User tries to get access to a resource Website (RP) User Agent OP Trust in cryptographically verifiable identifier ② OP on the user device issues subject-signed ID Token Alice User-controlled OpenID Connect OP is able to self-sign ID Tokens and authenticate using the user-controlled key material (raw public keys or Decentralized identifiers (DIDs)) ① RP requests ID Token OpenID Connect standard model ⓪ User tries to log in Website (RP) User Agent OP (3P OpenID Provider) Trust in 3rd party Alice ② 3rd Party OP issues an ID Token ① RP requests ID Token
  • 9. OpenID Connect for Verifiable Presentations
  • 10. Credential Issuer ③ Verify Credential from Trusted Credential Issuer (obtain Issuer’s public key and optionally check revocation list) SIOP v2 + OpenID Connect 4 Verifiable Presentations Presenting Credentials Website or App (RP) User Agent OP Alice Trust in cryptographically authenticated identifier ⓪ User tries to get access to a resource Stored Verifiable Credentials Trust in Credential Issuer(s) ② SIOP issues ID Token & Verifiable Presentation(s) ① RP requests ID Token and Credential(s) Status list (revocation) Issuer’s Public Key
  • 11. - Protocol is credential/presentation format agnostic - Examples for AnonCreds and mDL in OIDC4VP spec - passing `presentation_definition` PE object by value or by reference - Support for Trust Schemes - for example, request credentials issued by an issuer that is part of a Trust Framework - Dynamic SIOP discovery and invocation via HTTPS URLs - enables use of app/universal links and web wallets - Leverages all OpenID Connect Flows - SIOP can be entirely locally hosted, have cloud components, be entirely cloud-based - Cross Device Flow enabled - Leverages OpenID Connect Metadata for verifiers and wallet management - Clarify that the key feature of SIOP is ability to sign ID Token using a subject-controlled key material (iss==sub in ID Token) - Ongoing: wallet & key attestation Credentials Presentation (Key & New Features)
  • 12. - First Implementer’s Drafts of OpenID Connect SIOPV2 and OIDC4VP approved. Targeting Second Implementer’s Draft by the end of 2022 - Latest Editor’s drafts can be published at: - https://openid.net/specs/openid-connect-self-issued-v2-1_0.html - https://openid.net/specs/openid-connect-4-verifiable-presentations-1_0.html - Existing & ongoing Implementations: - The European Blockchain Services Infrastructure (EBSI) - Microsoft - Workday - Ping Identity - Convergence.Tech - IDunion - walt.id (eSSIF-Lab)* - Sphereon - Gimly *Some ESSIF projects already utilizes SIOP (based on DID-SIOP & OpenID Connect 4 Identity Assurance) Credential Presentation (Status)
  • 14. IDunion Prototype •Implemented within IDunion project •Team: Sebastian Bickerle, Paul Wenzel, Fabian Hauck, & Dr. Daniel Fett •Use Case: Login to NextCloud using Verifiable Credentials •Based on • Existing NextCloud OpenID Connect Plugin • Lissi Wallet • Hyperledger Indy & Indy SDK & AnonCreds
  • 15. European Banking Identity Prototype •eSSIF-Lab founded project •Team: yes.com & walt.id • Presentation & Issuance via OIDC4SSI •Based on • walt.id Wallet (Web Wallet) • JSON LD based credentials • did:key (did:ebsi) eSSIF-Lab is funded by the European Commission, as part of the Horizon 2020 Research and Innovation Programme, under Grant Agreement Nº 871932 and it's framed under Next Generation Internet Initiative.
  • 16. Architecture Verifier Ledger Frontend Wallet redirects (HTTPS GET) (3) “response” (HTTPS POST) Backend polling on device cross device ledger access (1) QR Code e.g. DID resolution, revocation info, schema and credential definition (2) Request payload (GET request_uri)
  • 17. Request Example ESSIF Lab (W3C VC) { "response_type" :"id_token", "client_id":"https://example.com/callback" , "scope":"openid", "redirect_uri" :"https://example.com/callback" , "nonce":"67473895393019470130" , ... "claims":{ "vp_token":{ "presentation_definition" :{ "id":"1", "input_descriptors" :[ { "id":"1", "schema":{ "uri":"https://raw.githubusercontent.com/…/EuropeanBankIdentity.json" } } ] } } } }
  • 18. Response Example ESSIF Lab (W3C VC) { "iss": "https://self-issued.me/v2", "aud": "https://example.com/callback", "sub": "did:key:z6MkqUDiu3MHxAm...mscLT8E9R5CKdbtr7gwR8", "exp": 1645469476, "iat": 1645465876, "nonce": "cdb97870-a3be-49b4-aa55-8c7c7122178a", "_vp_token": { "presentation_submission": { "descriptor_map": [ { "path": "$", "format": "ldp_vp", "path_nested": { "path": "$.verifiableCredential[0]", "format": "ldp_vc" } ], "definition_id": "1", "id": "1" } } } { "@context" :[ "https://www.w3.org/2018/credentials/v1" ], "holder" :"did:key:z6MkqUDiu3MHxAmuMQ8jjkLiUu1mscLT8E9R5CKdbtr7gwR8" , "id":"urn:uuid:04816f2a-85f1-45d7-a66d-51764d39a569" , "proof":{ "domain" :"https://example.com/callback" , "jws" :"...", "nonce":"cdb97870-a3be-49b4-aa55-8c7c7122178a" , "proofPurpose" :"authentication" , "type":"Ed25519Signature2018" , "verificationMethod" :"did:key:z6MkqUDiu3 ..." }, "type":[ "VerifiablePresentation" ], "verifiableCredential" :[ { … "type":[ "VerifiableCredential" , "EuropeanBankIdentity" ], "credentialSubject" :{ "id":"did:key:z6MkqUDiu3MHxAmuMQ8jjkLiUu1mscLT8E9R5CKdbtr7gwR8" , "familyName" :"Family001" , "givenName" :"Given001" , "birthDate" :"1950-01-01" , "placeOfBirth" :{ "country" :"DE", "locality" :"Berlin" } }, ID Token VP Token
  • 19. Request Example IDunion (AnonCred) { "response_type" :"id_token" , "client_id" :"https://example.com/callback" , "scope":"openid" , "redirect_uri" :"https://example.com/callback ", "nonce":"67473895393019470130" , ... "claims" :{ "vp_token" :{ "presentation_definition" :{ "id":"NextcloudLogin" , "input_descriptors" :[ { "id":"ref2", "name":"NextcloudCredential" , "format" : { "ac_vc": { "proof_type" : ["CLSignature2019" ] } }, "constraints" :{ "limit_disclosure" :"required" , "fields":[{ "path": [ "$.schema_id" ], "filter": { "type": "string" , "pattern": "did:indy:idu:test:3QowxFtwciWceMFr7WbwnM:2:BasicScheme:0.1" } }, {"path":[ "$.values.email" ]}, { "path":["$.values.first_name" ]}, { "path":["$.values.last_name" ]}] } }
  • 20. Response Example IDunion (AnonCred) { "aud": "https://example.com/callback ", "sub": "9wgU5CR6PdgGmvBfgz_CqAtBxJ33ckMEwvij-gC6Bcw" , "auth_time" : 1638483344 , "iss": "https://self-issued.me/v2" , "sub_jwk" : { "x": "cQ5fu5VmG…dA_5lTMGcoyQE78RrqQ6" , "kty": "EC", "y": "XHpi27YMA…rnF_-f_ASULPTmUmTS" , "crv": "P-384" }, "exp": 1638483944 , "iat": 1638483344 , "nonce": "67473895393019470130 ", "_vp_token" : { "presentation_submission" : { "descriptor_map" : [ { "id": "ref2", "path": "$", "format" : "ac_vp", "path_nested" : { "path": "$.requested_proof.revealed_attr_groups.ref2", "format" : "ac_vc" } } ], "definition_id" : "NextcloudLogin" , "id": "NexcloudCredentialPresentationSubmission" } } } { "proof": {...}, "requested_proof": { "revealed_attrs" : {}, "revealed_attr_groups": { "ref2": { "sub_proof_index" : 0, "values" : { "email": { "raw": "alice@example.com" , "encoded" : "115589951…83915671017846" }, "last_name" : { "raw": "Wonderland" , "encoded" : "167908493…94017654562035" }, "first_name" : { "raw": "Alice", "encoded" : "270346400…99344178781507" } } } }, … }, "identifiers" : [ { "schema_id" : "3QowxFtwciWceMFr7WbwnM:2:BasicScheme:0.1" , "cred_def_id" : "CsiDLAiFkQb9N4NDJKUagd:3:CL:4687:awesome_cred" , "rev_reg_id" : null, "timestamp" : null } ] } ID Token VP Token
  • 22. Credential Issuer ③ Verify Credential from Trusted Credential Issuer (obtain Issuer’s public key and optionally check revocation) OpenID Connect 4 Verifiable Credentials Issuance Issuing Credentials Website or App (RP) User Agent OP Alice Trust in cryptographically authenticated identifier ⓪ User tries to log in RP Stored Verifiable Credentials Trust in Credential Issuer(s) ② SIOP issues ID Token & Verifiable Presentation(s) ① RP requests ID Token and Credential(s) ⓪ User requests Credential ① Credential Issuer issues credential
  • 23. - Issuance via OAuth-protected Credential Endpoint - Currently two authorization flows: - Code flow (others possible) ■ invoked by Wallet requesting authorization for one or more credentials at the Authorization Endpoint (may trigger by presentation request during the issuance) ■ Issuer takes screen control and can authenticate/identify user with means at Issuer’s discretion - Pre-authorized code flow (new grant type) ■ Wallet is invoked after completion of process with the Issuer (QR Code or redirect) Design Principles
  • 24. - Protocol is credential format agnostic - W3C Verifiable Credentials, ISO mobile Driving Licence/electronic ID, SMART Health Cards - Can be customized to use different methods for proofs of possession of key material - for example, `jwt` proof type that includes a signature by a key material tied to a DID - Allows Credential Issuance during Presentation Request (inline issuance) - Requested credential not found in the wallet - Allows just-in-time and batch credential issuance as well as credential refresh - Allows Presentation Request during Credential Issuance - Issuer is requesting to present a VC as a way to identify a user during Issuance - Can be built on top of existing OAuth/OpenID implementations - Leverages OpenID Connect Metadata for wallet & issuer management - Ongoing: wallet & key attestation to build Issuer’s trust in the wallet Credential Issuance (Key Features)
  • 25. - Specification adopted by the working group. Targeting First Implementer’s draft by the end of 2022. - https://openid.net/specs/openid-connect-4-verifiable-credential-issuance-1_0.html - Planned and ongoing implementations: - The European Blockchain Services Infrastructure (EBSI) - Microsoft - Mattr - IDunion - walt.id & yes.com & BCDiploma (eSSIF-Lab) - Sphereon - Talao.io - Convergence.Tech Credential Issuance (Status)
  • 27. European Banking Identity Prototype •eSSIF-Lab founded project •Team: yes.com & walt.id • Presentation & Issuance via OIDC4SSI •Based on • walt.id Wallet (Web Wallet) • JSON LD based credentials • did:key (did:ebsi) eSSIF-Lab is funded by the European Commission, as part of the Horizon 2020 Research and Innovation Programme, under Grant Agreement Nº 871932 and it's framed under Next Generation Internet Initiative.
  • 28. Authorization Request HTTP/1.1 302 Found Location: https://server.example.com/authorize? response_type=code &client_id=s6BhdRkqt3 &code_challenge=E9Melhoa2OwvFrEMTJguCHaoeK1t8URWbuGJSstw-cM &code_challenge_method=S256 &scope=openid_credential:ttps://…/EuropeanBankIdentity.json &redirect_uri=https://client.example.org/cb
  • 29. Credential Issuance (W3C VC) HTTP/1.1 200 OK Content-Type: application/json Cache-Control: no-store Pragma: no-cache { "format": "ldp_vc", "credential" : "eyJjcmVkZW50a...d0MifQ==" } POST /credential HTTP/1.1 Host: server.example.com Content-Type: application/x-www-form-urlencoded Authorization: BEARER czZCaGRSa3F0MzpnWDFmQmF0M2JW type=https://…/EuropeanBankIdentity.json format=ldp_vc did=did:key:z6MkqUDiu3MHxAmuMQ8jjkLiUu1mscLT8E9R5CKdbtr7gwR8 proof=%7B%22type%22:%22jwt%22…0aW9EkL1nOzM%22%7D Request Response
  • 30. Issued Credential { ... "issuer": "did:key:z6MkgF2pvVNEFXCksupWKrdPhL6ubecis3AWbWVsr9bNAbwC", "type": [ "VerifiableCredential", "EuropeanBankIdentity" ], "credentialSchema": { "id": "https://raw.githubusercontent.com/…/EuropeanBankIdentity.json", }, "credentialSubject": { "placeOfBirth": { "country": "DE", "locality": "Berlin" }, "familyName": "Family001", "givenName": "Given001", "id": "did:key:z6MkmY9NFeyqNTS6nYN1tSeuxg6Sbxi7ntt2wR4Upy9HHSDS", "birthDate": "1950-01-01" } ... }
  • 31. - Interoperability profile relying on SIOP v2 and OIDC4VP - Microsoft - Workday - Ping Identity - (Mattr) - (IBM) Demo 2
  • 32. Using OIDC4SSI as an authentication protocol to present and issue credentials allows implementers to choose a combination of DID methods, credential formats and other components of the SSI tech stack. OIDC4SSI allows variety of choices in the SSI tech stack SSI Tech Stack component Implementer’s choices when using OIDC4SSI as a protocol Identifiers Any DID method - user’s identifier can also be a JWK Thumbprint (`sub` in the ID Token) - verifier’s identifier can also be a unique string (`client_id` in the request) Credential Format Any credential format (AnonCreds, LDP-VC, JWT-VC, ISO mDL, etc.) Revocation Any mechanism (Status List 2021, etc.) additional trust mechanisms Any mechanism (.well-known DID configuration, etc.) Cryptography Any cryptosuite (EdDSA, ES256K, etc.)
  • 33. Announcements - OIDF Slack channel #wg-connect
  • 34. Q&A