W3C home > Mailing lists > Public > public-credentials@w3.org > November 2015

Re: Solutions to the NASCAR problem?

From: David Chadwick <d.w.chadwick@kent.ac.uk>
Date: Sun, 22 Nov 2015 13:58:44 +0000
To: Anders Rundgren <anders.rundgren.net@gmail.com>, public-credentials@w3.org
Message-ID: <5651CA14.3070109@kent.ac.uk>

On 22/11/2015 05:19, Anders Rundgren wrote:
> On 2015-11-21 22:57, David Chadwick wrote:
>> On 21/11/2015 21:32, Manu Sporny wrote:
> <snip>
>>>> No discovery of IdPs or AAs is needed, as AAs are recorded in the
>>>> FIDO metadata.
>>> I'd be interested to understand how this works with multiple FIDO
>>> devices. What happens when you lose a FIDO device? What does the AA set
>>> as the subject of the attribute assertion (how does it identify the user
>>> that the attribute belongs to)?
>> The user is identified by the SOP key associated with the Issuer
> This is the core part from the NASCAR perspective.
> As far as I understand this information is currently not available to SPs.

Sorry my answer was ambiguous/unclear. The user is identified to the
Issuer by the SOP key associated with the issuer. The user is identified
to the consumer by the SOP key associated with the consumer.
The user sends the consumer SOP public key to the issuer and the issuer
assigns the attribute to that. The issuer has no idea who the consumer
is since this key is unique to the user. But the consumer knows the user
possesses the attribute since the assertion is signed by the issuer, and
the attribute is attached to its SOP key.



> Anders
Received on Sunday, 22 November 2015 13:58:48 UTC

This archive was generated by hypermail 2.3.1 : Wednesday, 11 July 2018 21:19:26 UTC