lsd0002

LSD0002: re:claimID
Log | Files | Refs | README
commit 2e9de288510fb3f710d75711a7e50cb4c778ec85
parent dfa127ddb2fd429e337f0180bc9e0c53a5b72347
Author: Martin Schanzenbach <mschanzenbach@posteo.de>
Date:   Wed, 23 Sep 2020 18:08:02 +0200

update

Diffstat:

Mdraft-schanzen-reclaimid.xml | 53+++++++++++++++++++++++++++++++++++++++++++++++++++++


1 file changed, 53 insertions(+), 0 deletions(-)

diff --git a/draft-schanzen-reclaimid.xml b/draft-schanzen-reclaimid.xml
@@ -244,6 +244,59 @@
     </section>
     <section anchor="tickets" numbered="true" toc="default">
       <name>Tickets</name>
+      <t>
+        In order to share a set of identity attributes with a third party,
+        re:claimID introduces the concept of "Tickets". A Ticket may be
+        issued by a user for an identity to a relying party.
+        The Ticket may then be used by the relying party to retrieve the
+        shared attributes from the name system.
+        The record wire format of a Ticket is as follows:
+      </t>
+       <figure anchor="figure_ticket">
+         <artwork name="" type="" align="left" alt=""><![CDATA[
+0     8     16    24    32    40    48    56
++-----+-----+-----+-----+-----+-----+-----+-----+
+|                    IDENTITY                   |
+|                                               |
+|                                               |
+|                                               |
++-----+-----+-----+-----+-----+-----+-----+-----+
+|                    AUDIENCE                   |
+|                                               |
+|                                               |
+|                                               |
++-----+-----+-----+-----+-----+-----+-----+-----+
+|                      TID                      |
++-----+-----+-----+-----+-----+-----+-----+-----+
+             ]]></artwork>
+           <!--        <postamble>which is a very simple example.</postamble>-->
+       </figure>
+       <t>
+         where:
+       </t>
+       <dl>
+         <dt>IDENTITY</dt>
+         <dd>
+           Is the 256 bit identity public zone key of the user.
+         </dd>
+         <dt>AUDIENCE</dt>
+         <dd>
+           Is the 256 bit audience public zone key of the relying party.
+         </dd>
+         <dt>TID</dt>
+         <dd>
+           Is a 64 bit ticket identifier.
+         </dd>
+       </dl>
+       <t>
+         The TID essentially serves as a shared secret between user and
+         relying party. knowledge of the IDENTITY key and the TID allows
+         the relying party to iteratively query attribute data in GNS.
+         Tickets are stored as RECLAIM_TICKET records under a label derived
+         from the TID by applying a Base64-encoding. In addition to the ticket,
+         the record set also contains references to the shared attributes as
+         well as any credential presentations which attest attribute values.
+      </t>
       <section anchor="attrrefs" numbered="true" toc="default">
         <name>Attribute References</name>
       </section>