- From: David Chadwick <d.w.chadwick@kent.ac.uk>
- Date: Mon, 23 Nov 2015 09:51:41 +0000
- To: Anders Rundgren <anders.rundgren.net@gmail.com>, public-credentials@w3.org
On 23/11/2015 05:40, Anders Rundgren wrote: > On 2015-11-22 18:53, David Chadwick wrote: >> >> >> On 22/11/2015 16:33, Anders Rundgren wrote: >>> On 2015-11-22 17:10, David Chadwick wrote: >>>> Hi Anders >>> >>> Hi David, >>> >>> <snip> >>> >>>>>> The user sends the consumer SOP public key to the issuer and the >>>>>> issuer >>>>>> assigns the attribute to that. >>>>> >>>>> I think you lost me here, at least with respect to the NASCAR problem. >>>> >>>> This is because the user does not go to any third party to authenticate >>>> to a site. A new key pair is generated for the site, and this >>>> authenticates the user each time he calls. Note however that FIDO does >>>> not provide any identity or authz information, just an authn key, which >>>> is why we need to add this functionality using issuers. >>> >>> It is this sending of the consumer public key to issuer by the user >>> which >>> I don't quite understand :( >> >> The user can prove possession of all the public keys his device has >> issued. This is how he authenticates. The consumer only knows it is the >> user at the other end of the connection because a challenge from the >> consumer was signed by the private key corresponding to the user's >> consumer public key. >> >> Now if the consumer receives an attribute signed by an issuer, it proves >> that the issuer issued it, but not who it belongs it. By using the >> consumer public key as the ID of the user, the consumer now knows that >> the user it has authenticated is the righful owner of the attributes. > > Pardon me for being unclear. I understand the concept on this level, > I was only curious about the user processes needed for this to work. > > Anyway, I have considerable faith in the augmented key model where > issuer-defined attributes are used to enhance a key's usage. > > The "only" problem is how to deal with such keys on the Web without > creating [close to] unresolvable privacy, usability, or security problems. You are correct that there are some privacy issues, but I do not believe they are that big if everyone plays by the rules. If they do not, then there can never be any privacy guarantees as Edward has kindly revealed. Usability is always hard to get right, but we have experimented with a GUI for over a year and think it is intuitive and easy to use. I am not aware of any additional security issues with this scheme that are not always present when users and technology are involved. regards David > > Regards > Anders > >> >> regards >> >> David >>> >>> Anders >>> > >
Received on Monday, 23 November 2015 09:51:43 UTC