Date post: | 26-Dec-2015 |
Category: |
Documents |
Upload: | bertha-cummings |
View: | 216 times |
Download: | 0 times |
Stefan Thomas, CTO
Agenda
• Goals
• Terminology
• What can decentralized networks contribute?
– Better Identity Provider
– Public attestation
Stefan Thomas, CTO
Goals
• Authentication
How can users securely authorize transactions?
• Attestation
How can we enable users to prove their trustworthiness?
What are we trying to solve?
Stefan Thomas, CTO
Our role
• We’re not identity experts. We’re payments experts.
• What are our unique challenges around identity?
• How does the emergence of distributed networks affect identity?
W3C Web Payments Community Group
Stefan Thomas, CTO
Terminology
Entity Identity
TheMark72
Identity Provider (IdP)
Reference: ISO 29115; OpenID Connect 1.0 Core
Stefan Thomas, CTO
Terminology
Identity
TheMark72
Claim
name: “Mark Dinkel”
Claim Provider
Reference: draft-ietf-oauth-json-web-token-19; OpenID Connect 1.0 Core
Stefan Thomas, CTO
Advantages
• Authentication mechanism agnostic
• Cryptographically secure
• Granular sharing of information and permissions
• Supports discovery
The good news first
OpenID Connect is pretty good!
Stefan Thomas, CTO
Reliance on IdPs
• They are a target
• Difficult to switch
• Right to own your identity
Why care?
Stefan Thomas, CTO
Self-issued IdP
• OpenID Connect 1.0 Core - Section 7
• https://self-issued.me
• Suggested use case: Mobile phone
• Open issues: backup, security
The other option
Stefan Thomas, CTO
Peer-assisted Key Derivation (PAKDF)Trustless login using blind signatures
“pw”
blinding
unblinding
blind signature
Reference: justmoon.github.io/pakdf
Stefan Thomas, CTO
Peer-assisted Key Derivation (PAKDF)
• Full benefits of identity provider (multi-factor authentication, rate-limiting,
fingerprinting)
• If using multiple peers provides strong protections against bad IdPs
Trustless login using blind signatures
“pw”
Stefan Thomas, CTO
Switching providers
Global distributed namespace
~aliceacmebank.com
rNb721TdNHN37yoURrMYDiQ
~alice
Stefan Thomas, CTO
Switching providers
Global distributed namespace
~alicefoobank.com
rNb721TdNHN37yoURrMYDiQ
~alice
Stefan Thomas, CTO
Service Discovery
How to pay alice?
~alice
acct:[email protected]
"links": [{ "rel": "https://ripple.com/specs/pay/1.0", "href": "https://foobank.com/api/ripple/pay"}]
Reference: RFC 7033 WebFinger
Stefan Thomas, CTO
Service Discovery
GET /api/ripple/pay?uri=alice%3Ffoobank.com…[{ “uri": “ripple:[email protected]“, “currency”: “CAD”}, { “uri": “ripple:rNb721TdNHN37yoURrMYDiQF?dt=1234”, “currency”: “BTC”}, …]
Stefan Thomas, CTO
Reputation
Identity
Claim
name: “Mark Dinkel”
Claim Provider
Reference: draft-ietf-oauth-json-web-token-19; OpenID Connect 1.0 Core
Stefan Thomas, CTO
Reputation
Identity
Claim
{ reviewer: “[email protected]”, score: 9.5, comment: “Great guy!”}
Claim Provider