Embed Notice

HTML Code

<blockquote style="position: relative; padding-left: 55px;"><section><a href="https://mitra.social/objects/01914a83-70ad-8be7-38a9-629688c4b066">silverpill (silverpill@mitra.social)'s status on Tuesday, 13-Aug-2024 15:54:53 JST</a><a href="https://mitra.social/users/silverpill" title="silverpill@mitra.social"><img src="https://gnusocial.jp/avatar/85321-48-20230105202807.webp" width="48" height="48" alt="silverpill" style="position: absolute; left: 0; top: 0;">silverpill</a><div><a href="https://zotum.net/item/0dd2fa13-14e5-4855-a82c-0ed2bc55140e" rel="in-reply-to">in reply to</a><ul><li></ul></div></section><article><p><a href="https://zotum.net/channel/fentiger">@fentiger</a></p><p>&gt;What if the user has a FEP-ef61 nomadic actor?<br>&gt;perhaps the IdP could expose an access-controlled endpoint to generate a signature on the user's behalf</p><p>This should be possible with did:web authority (existing implementations use did:key). I haven't yet researched what our options are, but here are my bookmarks related to this problem:</p><p>- <a href="https://openid.net/specs/openid-connect-self-issued-v2-1_0.html">https://openid.net/specs/openid-connect-self-issued-v2-1_0.html</a><br>- <a href="https://w3c-ccg.github.io/vp-request-spec/#did-authentication">https://w3c-ccg.github.io/vp-request-spec/#did-authentication</a><br>- <a href="https://git.juici.ly/consensual/federated-auth-network/src/branch/master/SPEC.md">https://git.juici.ly/consensual/federated-auth-network/src/branch/master/SPEC.md</a></p><p>Alternatively, <a href="https://codeberg.org/fediverse/fep/src/branch/main/fep/ae97/fep-ae97.md">FEP-ae97</a> provides a different path to nomadic SSO where identity key is stored on a client side, so users can simply copy their key when switching clients. As long as activity integrity proof is valid, it would be accepted by servers.</p></article><footer><a rel="bookmark" href="https://gnusocial.jp/conversation/3503961#notice-6899926">In conversation</a><time datetime="2024-08-13T15:54:53+09:00" title="Tuesday, 13-Aug-2024 15:54:53 JST">about 10 months ago</time> <span>from <span><a href="https://mitra.social/objects/01914a83-70ad-8be7-38a9-629688c4b066" rel="external" title="Sent from mitra.social via ActivityPub">mitra.social</a></span></span><a href="https://mitra.social/objects/01914a83-70ad-8be7-38a9-629688c4b066">permalink</a><h4>Attachments</h4><ol><li><article><header><div>No result found on File_thumbnail lookup.</div><h5><a href="https://openid.net/specs/openid-connect-self-issued-v2-1_0.html">Self-Issued OpenID Provider v2 - draft 13</a></h5><div> from <span>Torsten Lodderstedt</span></div></header><div>OpenID Connect defines mechanisms by which an End-User can leverage an OpenID Provider (OP) to release identity information (such as authentication and claims) to a Relying Party (RP) which can act on that information. In this model, the RP trusts assertions made by the OP, i.e. the OP is the issuer of these assertions. 
       This specification extends OpenID Connect with the concept of a Self-Issued OpenID Provider (Self-Issued OP), an OP controlled by the End-User. The Self-Issued OP does not itself assert identity information about this End-User. Instead the End-User becomes the issuer of identity information. Using Self-Issued OPs, End-Users can authenticate themselves with Self-Issued ID Tokens signed with keys under the End-User's control and present self-attested claims directly to the RPs. 
       Self-Issued OPs can also present cryptographically verifiable claims issued by the third parties trusted by the RPs, when used with separate specifications such as  , or Aggregated and Distributed Claims defined in Section 5.6.2 of  . This allows End-Users to interact with RPs, without RPs interacting directly with claims issuers.</div><footer></footer></article></li><li><article><header><div>No result found on File_thumbnail lookup.</div><h5><a href="https://w3c-ccg.github.io/vp-request-spec/#did-authentication">Verifiable Presentation Request v0.2</a></h5><div></div></header><div></div><footer></footer></article></li><li><label><a rel="external" href="https://gnusocial.jp/attachment/3035904">Untitled attachment</a></label><br><div>Invalid filename.</div></li></ol></footer></blockquote>

Corresponding Notice

Embed this notice
silverpill (silverpill@mitra.social)'s status on Tuesday, 13-Aug-2024 15:54:53 JSTsilverpill
in reply to
- FenTiger
@fentiger
>What if the user has a FEP-ef61 nomadic actor?
>perhaps the IdP could expose an access-controlled endpoint to generate a signature on the user's behalf
This should be possible with did:web authority (existing implementations use did:key). I haven't yet researched what our options are, but here are my bookmarks related to this problem:
- https://openid.net/specs/openid-connect-self-issued-v2-1_0.html
- https://w3c-ccg.github.io/vp-request-spec/#did-authentication
- https://git.juici.ly/consensual/federated-auth-network/src/branch/master/SPEC.md
Alternatively, FEP-ae97 provides a different path to nomadic SSO where identity key is stored on a client side, so users can simply copy their key when switching clients. As long as activity integrity proof is valid, it would be accepted by servers.
In conversationabout 10 months ago from mitra.socialpermalink
Attachments
1. No result found on File_thumbnail lookup.
  Self-Issued OpenID Provider v2 - draft 13
  from Torsten Lodderstedt
  OpenID Connect defines mechanisms by which an End-User can leverage an OpenID Provider (OP) to release identity information (such as authentication and claims) to a Relying Party (RP) which can act on that information. In this model, the RP trusts assertions made by the OP, i.e. the OP is the issuer of these assertions. This specification extends OpenID Connect with the concept of a Self-Issued OpenID Provider (Self-Issued OP), an OP controlled by the End-User. The Self-Issued OP does not itself assert identity information about this End-User. Instead the End-User becomes the issuer of identity information. Using Self-Issued OPs, End-Users can authenticate themselves with Self-Issued ID Tokens signed with keys under the End-User's control and present self-attested claims directly to the RPs. Self-Issued OPs can also present cryptographically verifiable claims issued by the third parties trusted by the RPs, when used with separate specifications such as , or Aggregated and Distributed Claims defined in Section 5.6.2 of . This allows End-Users to interact with RPs, without RPs interacting directly with claims issuers.
2. No result found on File_thumbnail lookup.
  Verifiable Presentation Request v0.2
3. Untitled attachment
  Invalid filename.

Public

Embed Notice

HTML Code

Corresponding Notice