Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

(SIOP) Analyise the relationship between k-anonymity and wallet #3

Open
OIDF-automation opened this issue Mar 10, 2023 · 2 comments
Open

(SIOP) Analyise the relationship between k-anonymity and wallet #3

OIDF-automation opened this issue Mar 10, 2023 · 2 comments
Labels
major task

Comments

@OIDF-automation
Copy link

Imported from AB/Connect bitbucket: https://bitbucket.org/openid/connect/issues/1871

Original Reporter: Nat

In the case of cloud based wallet (aka IdP), not only k-anonymity but pairwise pseudonymity is lost if there is only one user. My IdP is like that.

It probably is worth analysing if similar risk exists for mobile wallets / SIOP.

Whether or not if the risk exists, it a summary of the analysis should go into the Privacy Consideration.

I have marked the component as SIOP but it may also have impacts on OIDC4VP.
@OIDF-automation
Copy link
Author

Imported from AB/Connect bitbucket - Original Commenter: tlodderstedt

A SIOP v2 implementation does not need to reveal a IDP identifier but only the keys managed on behalf of the user. There are circumstances where the verifier needs to know and validate the provider of the SIOP in order to establish trust into its ability to securely manage keys. The currently recommended way for doing so is by requesting a JARM protected response (which would need to include an identifier the verifier can use to resolve/match the key used to sign the response). In the setup you describe, that would result in a user specific, global identifier.

The obvious recommendation would be that the SIOP in the setup you describe does not support this feature. Another way to cope with the challenge would be the SIOP presenting ephemeral/pairwise credentials to proof whatever needs to be proven. We are thinking along those lines for wallet attestation towards credential issuers.

The same risk holds true for OID4VP, however the feature is not as important as in SIOP since trust can be established through the issuer of the credential.

I think the risk associated with this mode should be pointed out in the privacy considerations section of the respective specifications.

@OIDF-automation
Copy link
Author

Imported from AB/Connect bitbucket - Original Commenter: KristinaYasuda

why is k-anonymity related only to the wallet’s (IdP’s) identifier and not holder’s identifier?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
major task
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@OIDF-automation