- From: David Chadwick <d.w.chadwick@kent.ac.uk>
- Date: Sun, 22 Nov 2015 13:58:44 +0000
- To: Anders Rundgren <anders.rundgren.net@gmail.com>, public-credentials@w3.org
On 22/11/2015 05:19, Anders Rundgren wrote: > On 2015-11-21 22:57, David Chadwick wrote: >> On 21/11/2015 21:32, Manu Sporny wrote: > > <snip> > >>>> No discovery of IdPs or AAs is needed, as AAs are recorded in the >>>> FIDO metadata. >>> >>> I'd be interested to understand how this works with multiple FIDO >>> devices. What happens when you lose a FIDO device? What does the AA set >>> as the subject of the attribute assertion (how does it identify the user >>> that the attribute belongs to)? >> >> The user is identified by the SOP key associated with the Issuer > > This is the core part from the NASCAR perspective. > As far as I understand this information is currently not available to SPs. > Sorry my answer was ambiguous/unclear. The user is identified to the Issuer by the SOP key associated with the issuer. The user is identified to the consumer by the SOP key associated with the consumer. The user sends the consumer SOP public key to the issuer and the issuer assigns the attribute to that. The issuer has no idea who the consumer is since this key is unique to the user. But the consumer knows the user possesses the attribute since the assertion is signed by the issuer, and the attribute is attached to its SOP key. regards David > > Anders >
Received on Sunday, 22 November 2015 13:58:48 UTC