update

author: Martin Schanzenbach <mschanzenbach@posteo.de> 2020-09-23 18:08:02 +0200
committer: Martin Schanzenbach <mschanzenbach@posteo.de> 2020-09-23 18:08:02 +0200
commit: 2e9de288510fb3f710d75711a7e50cb4c778ec85 (patch)
tree: 07eab45344f1b35f609e4469119dcbba8c1830a9
parent: dfa127ddb2fd429e337f0180bc9e0c53a5b72347 (diff)
download: lsd0002-2e9de288510fb3f710d75711a7e50cb4c778ec85.tar.gz
lsd0002-2e9de288510fb3f710d75711a7e50cb4c778ec85.zip
1 files changed, 53 insertions, 0 deletions
diff --git a/draft-schanzen-reclaimid.xml b/draft-schanzen-reclaimid.xml
index 5141a39..f0ddb3a 100644
--- a/draft-schanzen-reclaimid.xml
+++ b/draft-schanzen-reclaimid.xml
@@ -244,6 +244,59 @@
    </section>
    <section anchor="tickets" numbered="true" toc="default">
      <name>Tickets</name>
+      <t>
+        In order to share a set of identity attributes with a third party,
+        re:claimID introduces the concept of "Tickets". A Ticket may be
+        issued by a user for an identity to a relying party.
+        The Ticket may then be used by the relying party to retrieve the
+        shared attributes from the name system.
+        The record wire format of a Ticket is as follows:
+      </t>
+       <figure anchor="figure_ticket">
+         <artwork name="" type="" align="left" alt=""><![CDATA[
+0     8     16    24    32    40    48    56
+-----+-----+-----+-----+-----+-----+-----+-----+
+|                    IDENTITY                   |
+|                                               |
+|                                               |
+|                                               |
+-----+-----+-----+-----+-----+-----+-----+-----+
+|                    AUDIENCE                   |
+|                                               |
+|                                               |
+|                                               |
+-----+-----+-----+-----+-----+-----+-----+-----+
+|                      TID                      |
+-----+-----+-----+-----+-----+-----+-----+-----+
+             ]]></artwork>
+           <!--        <postamble>which is a very simple example.</postamble>-->
+       </figure>
+       <t>
+         where:
+       </t>
+       <dl>
+         <dt>IDENTITY</dt>
+         <dd>
+           Is the 256 bit identity public zone key of the user.
+         </dd>
+         <dt>AUDIENCE</dt>
+         <dd>
+           Is the 256 bit audience public zone key of the relying party.
+         </dd>
+         <dt>TID</dt>
+         <dd>
+           Is a 64 bit ticket identifier.
+         </dd>
+       </dl>
+       <t>
+         The TID essentially serves as a shared secret between user and
+         relying party. knowledge of the IDENTITY key and the TID allows
+         the relying party to iteratively query attribute data in GNS.
+         Tickets are stored as RECLAIM_TICKET records under a label derived
+         from the TID by applying a Base64-encoding. In addition to the ticket,
+         the record set also contains references to the shared attributes as
+         well as any credential presentations which attest attribute values.
+      </t>
      <section anchor="attrrefs" numbered="true" toc="default">
        <name>Attribute References</name>
      </section>
author	Martin Schanzenbach <mschanzenbach@posteo.de>	2020-09-23 18:08:02 +0200
committer	Martin Schanzenbach <mschanzenbach@posteo.de>	2020-09-23 18:08:02 +0200
commit	2e9de288510fb3f710d75711a7e50cb4c778ec85 (patch)
tree	07eab45344f1b35f609e4469119dcbba8c1830a9
parent	dfa127ddb2fd429e337f0180bc9e0c53a5b72347 (diff)
download	lsd0002-2e9de288510fb3f710d75711a7e50cb4c778ec85.tar.gz lsd0002-2e9de288510fb3f710d75711a7e50cb4c778ec85.zip

diff --git a/draft-schanzen-reclaimid.xml b/draft-schanzen-reclaimid.xml index 5141a39..f0ddb3a 100644 --- a/draft-schanzen-reclaimid.xml +++ b/draft-schanzen-reclaimid.xml
@@ -244,6 +244,59 @@
244	</section>	244	</section>
245	<section anchor="tickets" numbered="true" toc="default">	245	<section anchor="tickets" numbered="true" toc="default">
246	<name>Tickets</name>	246	<name>Tickets</name>
		247	<t>
		248	In order to share a set of identity attributes with a third party,
		249	re:claimID introduces the concept of "Tickets". A Ticket may be
		250	issued by a user for an identity to a relying party.
		251	The Ticket may then be used by the relying party to retrieve the
		252	shared attributes from the name system.
		253	The record wire format of a Ticket is as follows:
		254	</t>
		255	<figure anchor="figure_ticket">
		256	<artwork name="" type="" align="left" alt=""><![CDATA[
		257	0 8 16 24 32 40 48 56
		258	+-----+-----+-----+-----+-----+-----+-----+-----+
		259	\| IDENTITY \|
		260	\| \|
		261	\| \|
		262	\| \|
		263	+-----+-----+-----+-----+-----+-----+-----+-----+
		264	\| AUDIENCE \|
		265	\| \|
		266	\| \|
		267	\| \|
		268	+-----+-----+-----+-----+-----+-----+-----+-----+
		269	\| TID \|
		270	+-----+-----+-----+-----+-----+-----+-----+-----+
		271	]]></artwork>
		272	<!-- <postamble>which is a very simple example.</postamble>-->
		273	</figure>
		274	<t>
		275	where:
		276	</t>
		277	<dl>
		278	<dt>IDENTITY</dt>
		279	<dd>
		280	Is the 256 bit identity public zone key of the user.
		281	</dd>
		282	<dt>AUDIENCE</dt>
		283	<dd>
		284	Is the 256 bit audience public zone key of the relying party.
		285	</dd>
		286	<dt>TID</dt>
		287	<dd>
		288	Is a 64 bit ticket identifier.
		289	</dd>
		290	</dl>
		291	<t>
		292	The TID essentially serves as a shared secret between user and
		293	relying party. knowledge of the IDENTITY key and the TID allows
		294	the relying party to iteratively query attribute data in GNS.
		295	Tickets are stored as RECLAIM_TICKET records under a label derived
		296	from the TID by applying a Base64-encoding. In addition to the ticket,
		297	the record set also contains references to the shared attributes as
		298	well as any credential presentations which attest attribute values.
		299	</t>
247	<section anchor="attrrefs" numbered="true" toc="default">	300	<section anchor="attrrefs" numbered="true" toc="default">
248	<name>Attribute References</name>	301	<name>Attribute References</name>
249	</section>	302	</section>