-
Notifications
You must be signed in to change notification settings - Fork 1
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Minimal DID AuthN Proposal for Interop Project #1
Comments
Seems like the I don't like the idea of embedding the did_doc, but I can see why it might be valuable if the token is used in systems that don't want to resolve a did, as long as the embedded did_doc is signed by the controller of that doc, I think its ok. the I would expect the end result of this auth flow to result in a JWT that was signed by someone other than the did controller, that the RP trusts, and that the RP would rely on for id_tokens related to DIDs. is |
It might be helpful to consider SIOP for AuthN of a DID to a regular web server, just so we don't have multiple DIDs in the system. The standards OIDC configuration exposes the JWKs used by an OP, I would exepect the end result of SIOP to be signed with a key lists in |
@OR13 The SIOP does not require any server. |
@OR13 see my comments below:
This could be used for peer-DIDs.
The
I think you are talking about OpenID Connect? Neither in the minimal spec above, nor in the SIOP spec is any traditional OP required. Additional verifiable credentials are out-of-scope. In theory, a verifiable presentation could be added to the
yes -- it is not the |
@awoie thanks for these comments. As noted in the interop project, we have adopted the desire to implement a mimimal version of SIOP: decentralized-identity/interoperability#14 |
The DID AuthN SIOP Profile is not ready yet (still needs external review) but we have the need to come up with a protocol for the interop project. @OR13 proposed a simple challenge/response protocol based on JWT. The following is a reduced version of the SIOP DID AuthN Profile:
Simplified SIOP Request
Simplified SIOP Response
We could use this protocol as a starting point and then implement the remaining SIOP features on top once the review is finalized. I flagged two items as to-be-discussed because the natural way of naming these two parameters would be different.
The text was updated successfully, but these errors were encountered: