diff options
Diffstat (limited to 'draft-schanzen-reclaimid.xml')
-rw-r--r-- | draft-schanzen-reclaimid.xml | 53 |
1 files changed, 53 insertions, 0 deletions
diff --git a/draft-schanzen-reclaimid.xml b/draft-schanzen-reclaimid.xml index 5141a39..f0ddb3a 100644 --- a/draft-schanzen-reclaimid.xml +++ b/draft-schanzen-reclaimid.xml | |||
@@ -244,6 +244,59 @@ | |||
244 | </section> | 244 | </section> |
245 | <section anchor="tickets" numbered="true" toc="default"> | 245 | <section anchor="tickets" numbered="true" toc="default"> |
246 | <name>Tickets</name> | 246 | <name>Tickets</name> |
247 | <t> | ||
248 | In order to share a set of identity attributes with a third party, | ||
249 | re:claimID introduces the concept of "Tickets". A Ticket may be | ||
250 | issued by a user for an identity to a relying party. | ||
251 | The Ticket may then be used by the relying party to retrieve the | ||
252 | shared attributes from the name system. | ||
253 | The record wire format of a Ticket is as follows: | ||
254 | </t> | ||
255 | <figure anchor="figure_ticket"> | ||
256 | <artwork name="" type="" align="left" alt=""><![CDATA[ | ||
257 | 0 8 16 24 32 40 48 56 | ||
258 | +-----+-----+-----+-----+-----+-----+-----+-----+ | ||
259 | | IDENTITY | | ||
260 | | | | ||
261 | | | | ||
262 | | | | ||
263 | +-----+-----+-----+-----+-----+-----+-----+-----+ | ||
264 | | AUDIENCE | | ||
265 | | | | ||
266 | | | | ||
267 | | | | ||
268 | +-----+-----+-----+-----+-----+-----+-----+-----+ | ||
269 | | TID | | ||
270 | +-----+-----+-----+-----+-----+-----+-----+-----+ | ||
271 | ]]></artwork> | ||
272 | <!-- <postamble>which is a very simple example.</postamble>--> | ||
273 | </figure> | ||
274 | <t> | ||
275 | where: | ||
276 | </t> | ||
277 | <dl> | ||
278 | <dt>IDENTITY</dt> | ||
279 | <dd> | ||
280 | Is the 256 bit identity public zone key of the user. | ||
281 | </dd> | ||
282 | <dt>AUDIENCE</dt> | ||
283 | <dd> | ||
284 | Is the 256 bit audience public zone key of the relying party. | ||
285 | </dd> | ||
286 | <dt>TID</dt> | ||
287 | <dd> | ||
288 | Is a 64 bit ticket identifier. | ||
289 | </dd> | ||
290 | </dl> | ||
291 | <t> | ||
292 | The TID essentially serves as a shared secret between user and | ||
293 | relying party. knowledge of the IDENTITY key and the TID allows | ||
294 | the relying party to iteratively query attribute data in GNS. | ||
295 | Tickets are stored as RECLAIM_TICKET records under a label derived | ||
296 | from the TID by applying a Base64-encoding. In addition to the ticket, | ||
297 | the record set also contains references to the shared attributes as | ||
298 | well as any credential presentations which attest attribute values. | ||
299 | </t> | ||
247 | <section anchor="attrrefs" numbered="true" toc="default"> | 300 | <section anchor="attrrefs" numbered="true" toc="default"> |
248 | <name>Attribute References</name> | 301 | <name>Attribute References</name> |
249 | </section> | 302 | </section> |