OpenID for Verifiable Credentials is a family of protocols supporting implementation of applications with Verifiable Credentials, i.e. verifiable credential issuance, credential presentation, and pseudonyms authentication.
How to Build Interoperable Decentralized Identity Systems with OpenID for Ver...Torsten Lodderstedt
This deck gives an overview of OpenID 4 Verifiable Credentials and shows how the specs can be tailored to the needs of a certain category of projects/ecosystems.
OpenID Connect 4 SSI aims at specifying a set of protocols based on OpenID Connect to enable SSI applications. The initiative is conducted at OpenID Foundation in liaison with the Decentralized Identity Foundation (DIF). One of the specifications is built up on DID-SIOP in DIDAuth WG in DIF and SIOP v1 in OIDC Core.
OpenID Connect 4 SSI is an initiative conducted at OpenID Foundation in liaison with the Decentralized Identity Foundation. It aims at specifying a set of protocols based on OpenID Connect to enable SSI applications.
Verifiable Credentials in Self-Sovereign Identity (SSI)Evernym
On our March 12, 2020 webinar, Evernym Chief Architect Daniel Hardman provided a great introduction to verifiable credentials and compared them to the physical credentials (passports, driver's licenses, loyalty cards) we use every day. He then identified six lessons we can learn from today's physical credentials and how we're applying each to the world of self-sovereign identity.
How to Build Interoperable Decentralized Identity Systems with OpenID for Ver...Torsten Lodderstedt
This deck gives an overview of OpenID 4 Verifiable Credentials and shows how the specs can be tailored to the needs of a certain category of projects/ecosystems.
OpenID Connect 4 SSI aims at specifying a set of protocols based on OpenID Connect to enable SSI applications. The initiative is conducted at OpenID Foundation in liaison with the Decentralized Identity Foundation (DIF). One of the specifications is built up on DID-SIOP in DIDAuth WG in DIF and SIOP v1 in OIDC Core.
OpenID Connect 4 SSI is an initiative conducted at OpenID Foundation in liaison with the Decentralized Identity Foundation. It aims at specifying a set of protocols based on OpenID Connect to enable SSI applications.
Verifiable Credentials in Self-Sovereign Identity (SSI)Evernym
On our March 12, 2020 webinar, Evernym Chief Architect Daniel Hardman provided a great introduction to verifiable credentials and compared them to the physical credentials (passports, driver's licenses, loyalty cards) we use every day. He then identified six lessons we can learn from today's physical credentials and how we're applying each to the world of self-sovereign identity.
What is a Verifiable Credential, and Why Does it Matter?
https://identiverse.com/idv2022/session/841421/
"A verifiable credential (VC) is an assertion with a secret weapon – called a verifiable presentation (VP). VCs and VPs are unique in that they enable users to directly hold and present claims about themselves, issued by many different authorities. This is an important addition to the domain-relative credentials that are presented today as part of federated sign-in or SSO contexts. You may ask – why is that direct presentation important? Kristina Yasuda will talk through how VCs and VPs work, what makes VCs different from common federated credentials, and what VCs could change about how we interact with data in the future."
The European Union’s regulation on Digital Identity, eIDAS, is currently being overhauled to adopt decentralized identity principles. The goal is to provide all citizens and residents across the EU with highly secure and privacy preserving digital wallets that can be used to manage various digital credentials, from eIDs to diplomas to payment instruments. Decentralized identity principles aim at giving freedom of choice and control to the end-user. Ensuring security and interoperability, however, will be challenging — especially in the enormous scale in terms of users and use cases the EU is aiming at. The choices made in eIDAS will have a huge impact on digital identity in the EU and beyond.
The so-called “Architecture and Reference Framework” (ARF) defines the technical underpinnings of eIDAS v2. Many experts from the member states and the Commission have been working on this framework over the last year, trying to select the best combination of technologies and standards out of the enormous number available in the market today. This talk will introduce the ARF and explain what architectural patterns and technical standards are adopted and how the challenges mentioned above are addressed in order to leverage on the vision of the eIDAS v2 regulation.
Hyperledger Aries: Open Source Interoperable Identity Solution – Nathan GeorgeSSIMeetup
https://ssimeetup.org/hyperledger-aries-open-source-interoperable-identity-solutions-nathan-george-webinar-30/
Nathan George, Sovrin Foundation CTO, and Hyperledger Contributor will explain what Hyperledger Aries is and how it will facilitate an open source infrastructure for interoperable identity solutions.
Aries was born out of the work on identity agents and identity wallets that began in the Hyperledger Indy project. Aries is, in fact, the second Hyperledger project to spin out of Hyperledger Indy. The first was Hyperledger Ursa, announced in December 2018.
Self-sovereign identity based on DIDs requires strong interoperability and pluggability at the infrastructure level. It also requires great applications that offer end-to-end functionality so that users can accomplish jobs with greater security, flexibility, and privacy. Aries is expected to be a major step forward in this direction.
Aries will be the industry’s first implementation of interoperable open source wallets for digital credentials that use the DKMS (Decentralized Key Management System) architecture that Evernym pioneered under a contract with the U.S. Department of Homeland Security.
This presentation gives an overview on the work that is going on at OpenID Foundation in Liaison with Decentralized Identity Foundation to enable SSI applications based on OpenID Connect.
Presented at GSMA Mobile Connect + FIDO Alliance: The Future of Strong Authentication
By: Rolf Lindemann, Senior Director of Technology and Products, Nok Nok Labs
Verifiable Credentials, Self Sovereign Identity and DLTs Vasiliy Suvorov
My talk from Crypto Valley Conference 2018 on emerging standards in Self-Sovereign Identity, Technology behind it, Overview of implementations and how to use it with blockchain and DLT systems.
The Shift from Federated to Decentralized IdentityEvernym
Up until recently, the majority of digital identity systems have been federated, where a small group of “identity providers” supply individuals with a digital identity that can be used to access other websites and services within the federation. Now we’re seeing the shift to decentralized identity solutions and open ecosystems based on verifiable credentials, where anyone can participate, issue, and verify.
In the first of a new series on digital identity and government, we invited leading experts from Accenture and Evernym to discuss the state of digital identity systems within the public sector and the reasons why government interest in decentralized models continues to increase.
We covered:
- The key differences between federated and decentralized identity systems
- An analysis of a few notable government-led projects, such as Aadhaar (India), Verify (UK), eIDAS (EU), and the Ontario Digital Identity Program (Canada)
- What decentralization means for portability, scalability, flexibility, and privacy
- How governments and commercial organizations can enhance existing federated identity systems with verifiable credentials
Decentralized Identifiers (DIDs): The Fundamental Building Block of Self-Sove...SSIMeetup
Drummond Reed, Chief Trust Officer at Evernym, will explain in our second Webinar "Decentralized Identifiers (DIDs) - Building Block of Self-Sovereign Identity (SSI)" giving us the background on how DIDs work, where they come from and why they are important for Blockchain based Digital Identity.
Self-issued OpenID Provider_OpenID Foundation Virtual Workshop Kristina Yasuda
Presentation I gave on Self-Issued OpenID Provider during the second OpenID Foundation Virtual Workshop covering:
1. What is Self-Issued OpenID Provider (SIOP) ?
2. SIOP Requirements (draft)
3. Initial discussion points deep-dive
Self-Issued OpenID Providers are personal OpenID Providers that issue self-signed ID Tokens, enabling portability of the identities among providers
What are decentralized identifiers (DIDs), how do they enable self-sovereign identity, and what does W3C standardization mean for interoperability and adoption?
Evernym's Drummond Reed and Brent Zundel discussed all this and more on our Sep 26, 2019 webinar.
Verifiable Credentials for Travel & HospitalityEvernym
In this webinar, Evernym's Jamie Smith and Andrew Tobin discuss how verifiable credentials and digital wallets can reduce fraud, automate workflows, and transform customer experiences across the travel and hospitality industries.
Slides from the session about the emerging work on extending OpenID Connect for requesting and presenting Verifiable Credentials and Verifiable Presentations
apidays LIVE India 2022_Standardizing Biometric Device Integration for Identi...apidays
apidays LIVE India 2022: Accelerating India’s digitisation with APIs
May 11 & 12, 2022
Building a Modular Open Source Identity Platform
Sanath Kumar Varambally, Knowledge Management Consultant & Vishwanath V, Architect at Modular Open Source Identity Platform (MOSIP)
------------
Check out our conferences at https://www.apidays.global/
Do you want to sponsor or talk at one of our conferences?
https://apidays.typeform.com/to/ILJeAaV8
Learn more on APIscene, the global media made by the community for the community:
https://www.apiscene.io
Explore the API ecosystem with the API Landscape:
https://apilandscape.apiscene.io/
Deep dive into the API industry with our reports:
https://www.apidays.global/industry-reports/
Subscribe to our global newsletter:
https://apidays.typeform.com/to/i1MPEW
What is a Verifiable Credential, and Why Does it Matter?
https://identiverse.com/idv2022/session/841421/
"A verifiable credential (VC) is an assertion with a secret weapon – called a verifiable presentation (VP). VCs and VPs are unique in that they enable users to directly hold and present claims about themselves, issued by many different authorities. This is an important addition to the domain-relative credentials that are presented today as part of federated sign-in or SSO contexts. You may ask – why is that direct presentation important? Kristina Yasuda will talk through how VCs and VPs work, what makes VCs different from common federated credentials, and what VCs could change about how we interact with data in the future."
The European Union’s regulation on Digital Identity, eIDAS, is currently being overhauled to adopt decentralized identity principles. The goal is to provide all citizens and residents across the EU with highly secure and privacy preserving digital wallets that can be used to manage various digital credentials, from eIDs to diplomas to payment instruments. Decentralized identity principles aim at giving freedom of choice and control to the end-user. Ensuring security and interoperability, however, will be challenging — especially in the enormous scale in terms of users and use cases the EU is aiming at. The choices made in eIDAS will have a huge impact on digital identity in the EU and beyond.
The so-called “Architecture and Reference Framework” (ARF) defines the technical underpinnings of eIDAS v2. Many experts from the member states and the Commission have been working on this framework over the last year, trying to select the best combination of technologies and standards out of the enormous number available in the market today. This talk will introduce the ARF and explain what architectural patterns and technical standards are adopted and how the challenges mentioned above are addressed in order to leverage on the vision of the eIDAS v2 regulation.
Hyperledger Aries: Open Source Interoperable Identity Solution – Nathan GeorgeSSIMeetup
https://ssimeetup.org/hyperledger-aries-open-source-interoperable-identity-solutions-nathan-george-webinar-30/
Nathan George, Sovrin Foundation CTO, and Hyperledger Contributor will explain what Hyperledger Aries is and how it will facilitate an open source infrastructure for interoperable identity solutions.
Aries was born out of the work on identity agents and identity wallets that began in the Hyperledger Indy project. Aries is, in fact, the second Hyperledger project to spin out of Hyperledger Indy. The first was Hyperledger Ursa, announced in December 2018.
Self-sovereign identity based on DIDs requires strong interoperability and pluggability at the infrastructure level. It also requires great applications that offer end-to-end functionality so that users can accomplish jobs with greater security, flexibility, and privacy. Aries is expected to be a major step forward in this direction.
Aries will be the industry’s first implementation of interoperable open source wallets for digital credentials that use the DKMS (Decentralized Key Management System) architecture that Evernym pioneered under a contract with the U.S. Department of Homeland Security.
This presentation gives an overview on the work that is going on at OpenID Foundation in Liaison with Decentralized Identity Foundation to enable SSI applications based on OpenID Connect.
Presented at GSMA Mobile Connect + FIDO Alliance: The Future of Strong Authentication
By: Rolf Lindemann, Senior Director of Technology and Products, Nok Nok Labs
Verifiable Credentials, Self Sovereign Identity and DLTs Vasiliy Suvorov
My talk from Crypto Valley Conference 2018 on emerging standards in Self-Sovereign Identity, Technology behind it, Overview of implementations and how to use it with blockchain and DLT systems.
The Shift from Federated to Decentralized IdentityEvernym
Up until recently, the majority of digital identity systems have been federated, where a small group of “identity providers” supply individuals with a digital identity that can be used to access other websites and services within the federation. Now we’re seeing the shift to decentralized identity solutions and open ecosystems based on verifiable credentials, where anyone can participate, issue, and verify.
In the first of a new series on digital identity and government, we invited leading experts from Accenture and Evernym to discuss the state of digital identity systems within the public sector and the reasons why government interest in decentralized models continues to increase.
We covered:
- The key differences between federated and decentralized identity systems
- An analysis of a few notable government-led projects, such as Aadhaar (India), Verify (UK), eIDAS (EU), and the Ontario Digital Identity Program (Canada)
- What decentralization means for portability, scalability, flexibility, and privacy
- How governments and commercial organizations can enhance existing federated identity systems with verifiable credentials
Decentralized Identifiers (DIDs): The Fundamental Building Block of Self-Sove...SSIMeetup
Drummond Reed, Chief Trust Officer at Evernym, will explain in our second Webinar "Decentralized Identifiers (DIDs) - Building Block of Self-Sovereign Identity (SSI)" giving us the background on how DIDs work, where they come from and why they are important for Blockchain based Digital Identity.
Self-issued OpenID Provider_OpenID Foundation Virtual Workshop Kristina Yasuda
Presentation I gave on Self-Issued OpenID Provider during the second OpenID Foundation Virtual Workshop covering:
1. What is Self-Issued OpenID Provider (SIOP) ?
2. SIOP Requirements (draft)
3. Initial discussion points deep-dive
Self-Issued OpenID Providers are personal OpenID Providers that issue self-signed ID Tokens, enabling portability of the identities among providers
What are decentralized identifiers (DIDs), how do they enable self-sovereign identity, and what does W3C standardization mean for interoperability and adoption?
Evernym's Drummond Reed and Brent Zundel discussed all this and more on our Sep 26, 2019 webinar.
Verifiable Credentials for Travel & HospitalityEvernym
In this webinar, Evernym's Jamie Smith and Andrew Tobin discuss how verifiable credentials and digital wallets can reduce fraud, automate workflows, and transform customer experiences across the travel and hospitality industries.
Slides from the session about the emerging work on extending OpenID Connect for requesting and presenting Verifiable Credentials and Verifiable Presentations
apidays LIVE India 2022_Standardizing Biometric Device Integration for Identi...apidays
apidays LIVE India 2022: Accelerating India’s digitisation with APIs
May 11 & 12, 2022
Building a Modular Open Source Identity Platform
Sanath Kumar Varambally, Knowledge Management Consultant & Vishwanath V, Architect at Modular Open Source Identity Platform (MOSIP)
------------
Check out our conferences at https://www.apidays.global/
Do you want to sponsor or talk at one of our conferences?
https://apidays.typeform.com/to/ILJeAaV8
Learn more on APIscene, the global media made by the community for the community:
https://www.apiscene.io
Explore the API ecosystem with the API Landscape:
https://apilandscape.apiscene.io/
Deep dive into the API industry with our reports:
https://www.apidays.global/industry-reports/
Subscribe to our global newsletter:
https://apidays.typeform.com/to/i1MPEW
WSO2 SMART TALK 2023 #2 Novità di WSO2 Identity Server
Nel secondo appuntamento di WSO2 smart talk 2023 Matteo ci racconta tutte le novità di WSO2 Identity Server 6.2. Per ulteriori informazioni scrivete a sales@profesia.it
Identity Server ha sido durante mucho tiempo el framework para OpenIdConnect y OAuth 2 más utilizado en el ámbito de .NET. Usándolo conectábamos de modo seguro front y back, conseguíamos Single Sign-On y en general manejábamos aspectos relativos a la seguridad de nuestras aplicaciones.
Pero nada es eterno, y en Octubre de 2020, desde Duende Software, fundada por los mantainers de Identity Server anunciaban que el soporte se acabaría junto al de .NET Core 3.1 ¡Y eso se acerca! En noviembre de 2022 dejará de mantenerse, y por tanto dejaremos de recibir actualizaciones de seguridad.
¿Qué opciones tenemos?
Veremos algunas de ellas, entre las que están otros paquetes open source y soluciones que Microsoft nos ofrece en Azure, como Azure AD B2C.
Value proposition of SSI tech providers - Self-Sovereign IdentitySSIMeetup
Talk with Vladimir Vujovic, Senior Digital Innovation Manager from SICPA about product definition and value proposition of Issuer/Holder/Verifier software of SSI tech providers. Why is it hard to convey the right message to the audience coming from outside of SSI domain. How different SSI tech providers define their offering and the language they use to convey the message. What is really the value proposition of SSI tech providers who are offering their Issuer/Verifier software to the market. How big regulation initiatives like the one in Europe for eIDAS v2 are driving the market and roadmaps for SSI tech providers and how will such initiative will have impact to the rest of the world in terms of regulation, but some of the underlying technical standards. What is the place of SSI platforms in the broader Identity landscape and when are we going to see more maturity from the market.
This work is part of the open source testbed setup for Cloud interoperability & portability. Cloud Security Workgroup will further review and generate complete working set as we move along. This is part I of the effort.
Las organizaciones necesitan evolucionar más allá del nombre de usuario y contraseña básico y asegurar las transacciones en línea con un abanico de opciones de autenticación segura.
As the industry’s first enterprise identity bus (EIB), WSO2 Identity Server is the central backbone that connects and manages multiple identities across applications, APIs, the cloud, mobile, and Internet of Things devices, regardless of the standards on which they are based. The multi-tenant WSO2 Identity Server can be deployed directly on servers or in the cloud, and has the ability to propagate identities across geographical and enterprise borders in a connected business environment.
WSO2 IoT Server is one of the most adaptive Apache licensed open source IoT platforms available today. It provides best of breed technologies for device manufacturers to develop connected products as well as rich integration and smart analytics capabilities for system integrators to adopt devices into systems they build.
WSO2 IoT Server continues to evolve and introduces key capabilities in its upcoming release: version 3.1.0 Join Sumedha as he explores these new features which include.
A complete API-driven device type definition eliminating the necessity to create deployable plugins
Support for location based services such as Geo-fencing and alerting as a reusable functionality
A redesigned device overview page for better user experience
Improved product profiles for scalable deployment
Performance enhancements
Enhancements to prebuilt agents
'Claims-based identity' is known and well-documented. However I tend to encounter the same questions again and again. These slides tell what claims-based identity means to me.
Mobile Devices & BYOD Security – Deployment & Best PracticesCisco Canada
Subjects covered will include mobile devices OS security, state of malware on mobile devices, data loss prevention, VPN and remote access, 802.1x and certificate deployment, profiling, posture, web security, MDMs and others. For more information please visit our website: http://www.cisco.com/web/CA/index.html
PKI in DevOps: How to Deploy Certificate Automation within CI/CDDevOps.com
DevOps and CI/CD make for faster code releases, but they also create new challenges for security practices. Think about TLS and code-signing certificates. Almost every component in CI/CD – binaries, builds, web servers and containers – needs certificates to authenticate and verify trust, but traditional PKI processes just can't scale in DevOps environments.
Join Keyfactor and Infinite Ranges to learn how PKI and certificate management fits within the CI/CD pipeline and why an integrated and automated approach is key to success. In this webinar, we'll discuss:
How applications in the DevOps toolchain use PKI (i.e. Jenkins, Kubernetes, Istio, etc.)
The risks of unmanaged or untracked certificates in DevOps environments
Best practices to support visibility, compliance and automation of certificates in CI/CD
Enterprise internet data privacy protection with encryption in transit, in process and at rest with secure infrastructure perimeter for authentication and authorization
OpenID Connect 4 Identity Assurance is an extension to OpenID Connect Core enabling RPs to request and OP to provide End-User claims along with metadata about the verification proecss and status of the claims.
The talk gives an introduction to the NextGenPSD2 OAuth SCA mode and explains security considerations implementors should take into account when implementing it. This advice will go beyond the text of the NextGenPSD2 Spec and will be based on the latest OAuth Security Guidelines (https://tools.ietf.org/html/draft-ietf-oauth-security-topics) and work being conducted at OpenID Foundations FAPI working group.
Rich Authorization Requests allows clients to pass fine grained authorization data in the OAuth authorization request. It's been developed based on experiences in open banking and other security sensitive areas.
Pushed authorization requests allow clients to push the payload of an OAuth 2.0 authorization request to the authorization server via a direct request and provides them with a request URI that is used as reference to the data in a subsequent authorization request.
OpenID Connect for Identity Assurance allows IDPs explicit attestation of verification status of
Claims (what, how, when, according to what rules, using what evidence). It's intended to be used for use cases requiring strong identity assurance, such as Anti-money Laundering, eGovernment & eSigning.
PLEASE NOTE: there is an updated version of this deck at https://www.slideshare.net/TorstenLodderstedt/nextgenpsd2-oauth-sca-mode-security-recommendations-186812074
The talk gives an introduction to the NextGenPSD2 OAuth SCA mode and explains security considerations implementors should take into account when implementing it. This advice will go beyond the text of the NextGenPSD2 Spec and will be based on the latest OAuth Security Guidelines (https://tools.ietf.org/html/draft-ietf-oauth-security-topics) and work being conducted at OpenID Foundations FAPI working group.
Identiverse: PSD2, Open Banking, and Technical InteroperabilityTorsten Lodderstedt
The Payment Service Directive 2 (PSD2) is a huge leap forward for Open Banking as it obliges every financial institution operating in the European Union to provide APIs for Access to Account Information and Payment Initiation. The need for more then six thousand financial institutions to provide APIs caused a tremendous push forward for financial API design and accompanying authorization and authentication technologies. Based on the experiences gathered while supporting some of the PSD2 API initiatives in the context of OpenID Foundation’s FAPI working group, this talk will give an introduction to PSD2 and related technical standards, dig into some remarkable aspects of authorization for financial APIs and points out the potential impact on the future of OAuth.
The OAuth working group recently decided to discourage use of the implicit grant. But that’s just the most prominent recommendation the working group is about to publish in the upcoming OAuth 2.0 Security Best Current Best Practice (https://tools.ietf.org/html/draft-ietf-oauth-security-topics), which will elevate OAuth security to the next level. The code flow shall be used with PKCE only and tokens should be sender constraint to just mention a few. Development of this enhanced recommendations was driven by several factors, including experiences gathered in the field, security research results, the increased dynamics and sensitivity of the use cases OAuth is used protect and technological changes. This session will present the new security recommendations in detail along with the underlying rationales.
A slide deck I prepared for a session at Internet Identity Workshop describing use cases, requirements and a solution for requesting and representing verified user data.
This 7-second Brain Wave Ritual Attracts Money To You.!nirahealhty
Discover the power of a simple 7-second brain wave ritual that can attract wealth and abundance into your life. By tapping into specific brain frequencies, this technique helps you manifest financial success effortlessly. Ready to transform your financial future? Try this powerful ritual and start attracting money today!
APNIC Foundation, presented by Ellisha Heppner at the PNG DNS Forum 2024APNIC
Ellisha Heppner, Grant Management Lead, presented an update on APNIC Foundation to the PNG DNS Forum held from 6 to 10 May, 2024 in Port Moresby, Papua New Guinea.
1.Wireless Communication System_Wireless communication is a broad term that i...JeyaPerumal1
Wireless communication involves the transmission of information over a distance without the help of wires, cables or any other forms of electrical conductors.
Wireless communication is a broad term that incorporates all procedures and forms of connecting and communicating between two or more devices using a wireless signal through wireless communication technologies and devices.
Features of Wireless Communication
The evolution of wireless technology has brought many advancements with its effective features.
The transmitted distance can be anywhere between a few meters (for example, a television's remote control) and thousands of kilometers (for example, radio communication).
Wireless communication can be used for cellular telephony, wireless access to the internet, wireless home networking, and so on.
Bridging the Digital Gap Brad Spiegel Macon, GA Initiative.pptxBrad Spiegel Macon GA
Brad Spiegel Macon GA’s journey exemplifies the profound impact that one individual can have on their community. Through his unwavering dedication to digital inclusion, he’s not only bridging the gap in Macon but also setting an example for others to follow.
Multi-cluster Kubernetes Networking- Patterns, Projects and GuidelinesSanjeev Rampal
Talk presented at Kubernetes Community Day, New York, May 2024.
Technical summary of Multi-Cluster Kubernetes Networking architectures with focus on 4 key topics.
1) Key patterns for Multi-cluster architectures
2) Architectural comparison of several OSS/ CNCF projects to address these patterns
3) Evolution trends for the APIs of these projects
4) Some design recommendations & guidelines for adopting/ deploying these solutions.
# Internet Security: Safeguarding Your Digital World
In the contemporary digital age, the internet is a cornerstone of our daily lives. It connects us to vast amounts of information, provides platforms for communication, enables commerce, and offers endless entertainment. However, with these conveniences come significant security challenges. Internet security is essential to protect our digital identities, sensitive data, and overall online experience. This comprehensive guide explores the multifaceted world of internet security, providing insights into its importance, common threats, and effective strategies to safeguard your digital world.
## Understanding Internet Security
Internet security encompasses the measures and protocols used to protect information, devices, and networks from unauthorized access, attacks, and damage. It involves a wide range of practices designed to safeguard data confidentiality, integrity, and availability. Effective internet security is crucial for individuals, businesses, and governments alike, as cyber threats continue to evolve in complexity and scale.
### Key Components of Internet Security
1. **Confidentiality**: Ensuring that information is accessible only to those authorized to access it.
2. **Integrity**: Protecting information from being altered or tampered with by unauthorized parties.
3. **Availability**: Ensuring that authorized users have reliable access to information and resources when needed.
## Common Internet Security Threats
Cyber threats are numerous and constantly evolving. Understanding these threats is the first step in protecting against them. Some of the most common internet security threats include:
### Malware
Malware, or malicious software, is designed to harm, exploit, or otherwise compromise a device, network, or service. Common types of malware include:
- **Viruses**: Programs that attach themselves to legitimate software and replicate, spreading to other programs and files.
- **Worms**: Standalone malware that replicates itself to spread to other computers.
- **Trojan Horses**: Malicious software disguised as legitimate software.
- **Ransomware**: Malware that encrypts a user's files and demands a ransom for the decryption key.
- **Spyware**: Software that secretly monitors and collects user information.
### Phishing
Phishing is a social engineering attack that aims to steal sensitive information such as usernames, passwords, and credit card details. Attackers often masquerade as trusted entities in email or other communication channels, tricking victims into providing their information.
### Man-in-the-Middle (MitM) Attacks
MitM attacks occur when an attacker intercepts and potentially alters communication between two parties without their knowledge. This can lead to the unauthorized acquisition of sensitive information.
### Denial-of-Service (DoS) and Distributed Denial-of-Service (DDoS) Attacks
3. #identiverse
Verifiable Credentials: A Paradigm Shift
Issuer
(Website)
Verifier
(Website)
Holder
(Digital Wallet)
Can be hosted locally on the
user’s device, have cloud
components, or be entirely
hosted in the cloud
Issue
Credentials
Present
Credentials
● Verifiable credential is a tamper-evident credential with a cryptographically verifiable
authorship that contains claims about a subject.
● This enables
○ decoupling issuance from presentation
○ multi-use of the credentials
○ combination of multiple credentials in one presentation
5. #identiverse
Verifiable Credentials: Benefits
- End-Users gain more control, privacy, and portability over their identity
information.
- Cheaper, faster, and more secure identity verification, when transforming
physical credentials into digital ones using verifiable credentials.
- Universal approach to handle identification, authentication, and
authorization in digital and physical space
- Issuers gain more flexibility :
- No need for public service with high availability depending on the process
- Diverse presentation channels offered by the wallet
6. #identiverse
③ OpenID for Credential Issuance (Issuance
of verifiable credentials)
Components of the “OpenID for Verifiable Credentials”
specification family
Issuer
(Website)
Verifier
(Website)
Holder
(Digital Wallet)
Can be hosted locally on the
user’s device, have cloud
components, or be entirely
hosted in the cloud
Issue
Credentials
Present
Credentials
① OpenID Connect for Verifiable Presentations
(Presentation of verifiable credentials)
② Self-Issued OP v2 (authentication using identifiers
not namespaced to the third-party identity providers)
7. #identiverse
- Self-Issued OP (SIOP) has been in OpenID Connect Core from
ratification and provides a good starting point
- Leverages simplicity and security of OpenID Connect and OAuth 2.0
- Existing libraries, only HTTPS communication, developer familiarity
- Great for mobile applications, no firewall hassles
- Security of OpenID Connect has been tested and formally analysed
- Existing OpenID Connect RPs can receive verifiable credentials;
Existing OpenID Connect OPs can issue verifiable credentials
Why use OpenID Connect & OAuth2.0 as a basis?
11. #identiverse
① RP requests
Credential(s)*
OpenID for Verifiable Presentations
Website or App
(Verifier)
Wallet
OP
Alice
⓪ User tries to access
a resource
Stored
Verifiable Credentials
② Wallet returns Verifiable
Presentation(s) in VP Token
- Query language to granularly specify what kind
of credential Verifier wants. (utilizes DIF
Presentation Exchange 2.0)
- Verifiable Presentations* are returned in a newly
defined VP Token
- Simple overall architecture, e.g. device local
communication when same device flow is used
*can be any credential/presentation format, not limited to not limited to W3C Verifiable Credentials.
12. #identiverse
OpenID4VPs allows choices across components
in the VC Tech Stack.
Component Implementer’s choices when using OpenID4VP
Credential Format Any format (W3C JWT-VC or LDP-VC, ISO mDL, SD-JWT, …)
Method to obtain
Public Keys
Any DID method, raw keys, or X.509 certs
Cryptography Any cryptosuite (EdDSA, ES256K, etc.)
Revocation Any mechanism (Status List 2021, Revocation List 2020, Accumulators,
etc.)
Trust Management Any mechanism for managing trusted Issuers, Wallets and Relying Parties
(Trusted Registries, Ledgers, …)
15. #identiverse
Self-Issued OP v2
Website (RP)
User
Agent
OP
Alice
⓪ User tries to access
a resource
- ID Tokens are signed with user-controlled key
material (pseudonymous authentication with
pairwise subject identifiers)
- Identifiers are user controlled and do not depend
on a third-party identity provider
- Can be used in combination with OpenID4VPs,
when the use case requires end-user
authentication, i.e. the features of OpenID
Connect, such as issuance of ID Tokens.
② OP on the user
device issues subject-
signed ID Token
① RP requests ID
Token
16. #identiverse
Why use OpenID4VPs & SIOP v2
- Credential format/crypto suite agnostic
- Same device and cross device scenarios
- Mutual authentication of RP and wallet
- Pseudonymous authentication to RPs through SIOP v2
- Works well with OAuth for authorization of API-based payments and remote signature
creation
- Offline - work in progress (MOSIP)
- Selective disclosure (if supported by credential format)
- Note: referenced by ISO/IEC 18013-7 and 23220-4 Mobile Driving Licences related draft
standards as a data release method
17. #identiverse
- First Implementer’s Drafts approved (both SIOP v2 and OpenID4VPs)
- Can be implemented with IPR protection
- Targeting Second Implementer’s Draft by the end of 2022
- Existing & ongoing Implementations:
- The European Blockchain Services Infrastructure (EBSI)
- Microsoft
- Workday
- Ping Identity
- Convergence.Tech
- IDunion
- walt.id (eSSIF-Lab)*
- Sphereon
- Gimly
Status: Credential Presentation
22. #identiverse
OpenID 4 Verifiable Credentials Issuance
Credentia
l Issuer
Website or App
(RP)
Wallet
OP
Alice
⓪ User tries to log in
RP
Stored
Verifiable Credentials
② Wallet issues
Verifiable Presentation(s)
① RP requests
Credential(s)
⓪ Wallet requests & User
authorizes credential issuance
③ Credential is issued
① access token(, refresh
token)
② Wallet requests credential
issuance
Credential issuance via simple OAuth-authorized API
23. #identiverse
- Defined a new OAuth-protected Credential Endpoint
- in addition to Authorization/Token Endpoints
- Two authorization flows:
- Code flow (others OAuth 2.0 grant types possible): authorization for one or
more credentials at the Authorization Endpoint once the wallet is invoked
- Pre-authorized code flow (new grant type): authorization for one or more
credentials prior to the Wallet being invoked.
- Supports different methods for the Wallet to prove possession of key material used to
bind credential
Design Principles
24. #identiverse
Why use OpenID4VCI?
- Credential format/crypto suite agnostic
- Hardware-backed key material for cryptographic binding of attribute
attestations (leveraging HSMs, SEs, TEEs)
- Same device and cross device scenarios
- Mutual authentication of wallet and issuer
- Can extend existing OAuth/OpenID deployments, simple way for existing
AS/IDPs to become PID/(Q)EAA issuers
- Note: will be added to ISO 23220-3 electronic ID standards
25. #identiverse
- Targeting First Implementer’s draft by the end of 2022.
- https://openid.net/specs/openid-connect-4-verifiable-credential-issuance-1_0.html
- Planned and ongoing implementations:
- The European Blockchain Services Infrastructure (EBSI)
- Microsoft
- Mattr
- IDunion
- walt.id & yes.com & BCDiploma (eSSIF-Lab)
- Sphereon
- Talao.io
- Convergence.Tech
Status of the Issuance specification
26. #identiverse
Whitepaper “OpenID for Verifiable Credentials”
- Aims to assist decision-makers, architects and
implementers in the decision-making process when
building verifiable credentials ecosystem.
- Some popular sections…
- Demystifying myths about verifiable credentials
- Various scopes of “decentralization”
- Shift in the trust model brought by verifiable
credentials
- Business drivers
- Use-Cases
27. #identiverse
- Security and simplicity guaranteed – OAuth/OpenID Connect deployment experience
(3B+ users, millions applications), and OpenID Foundation Certification program
- Fast, scalable adoption - easy integration/deployment on existing infrastructure given the
familiarity of the developers and administrators with OAuth/OpenID
- Adoption underway
- Projects in the EU (EBSI/ESSIF, Secure Digital Identities Showcase)
- Incorporated into major participant’s products (e.g. Microsoft, Ping Identity, walt.id)
- Global Assured Identity Network PoC
- Could meet high security requirements with FAPI Security Profile
- Interoperability on the protocol layer that is both credential format agnostic, and allows for
interoperability between markets
Why use OpenID for Verifiable Credentials?
28. #identiverse
Call to Action
1. Implement the specifications to unlock your use cases and provide us
feedback
2. Read the whitepaper and stay up to date with the recent developments
30. Example: Authorization Request
HTTP/1.1 302 Found
Location: https://server.example.com/authorize?
response_type=code //any other grant type
&client_id=s6BhdRkqt3
&code_challenge=E9Melhoa2OwvFrEMTJguCHaoeK1t8URWbuGJSstw-cM
&code_challenge_method=S256
&scope=openid_credential:https://example.org/idcard
&redirect_uri=https://client.example.org/cb