- From: Kaliya Identity Woman <kaliya@identitywoman.net>
- Date: Wed, 16 Aug 2023 10:06:31 -0700
- To: Credentials Community Group <public-credentials@w3.org>
- Message-ID: <CANez3f6eG5ArwvSATTKyxtdcTiWwhSpZ9zxvDCSbXuHOrwwATw@mail.gmail.com>
Hi folks, I recently attended IETF in SF. It was really an amazing meeting the collective intelligence embodied in that group is quite amazing. There was also an interesting amount of identity related/adjacent work that seemed unaware of work going on within the IETF let along outside of it. I attended the TIGRES <https://datatracker.ietf.org/wg/tigress/about/>S meeting at the F2F and subsequently had the chair follow up asking me for any comments I might have on their threat model <https://datatracker.ietf.org/doc/draft-lassey-tigress-threat-model/> and/or requirements <https://datatracker.ietf.org/doc/draft-ietf-tigress-requirements/> documents. They are seeking to find ways to move "credentials" which in their case is key material mainly from one person's phone to another person's phone. Think they cryptographic key material for an automatic lock on a car or a hotel door. Key sentences from the spec. *Today, there is no widely accepted way of transferring Digital Credentials securely between two Digital Wallets independent of hardware and software manufacturer.* *Digital Credential - Cryptographic material and other data used to authorize User with an access point. The cryptographic material can also be used for mutual authentication between user device and access point.* When I read it it sounds like OCaps without naming that paradigm. I thought some folks here who have worked on credential exchange protocols and considered the issues they are considering may have helpful input. - Kaliya
Received on Wednesday, 16 August 2023 17:07:15 UTC