1 files changed, 386 insertions, 0 deletions
diff --git a/draft-schanzen-reclaimid.xml b/draft-schanzen-reclaimid.xml
new file mode 100644
index 0000000..5141a39
--- /dev/null
+++ b/draft-schanzen-reclaimid.xml
@@ -0,0 +1,386 @@
+<?xml version='1.0' encoding='utf-8'?>
+<!DOCTYPE rfc SYSTEM "rfc2629-xhtml.ent" [
+<!ENTITY RFC1034 PUBLIC '' "http://xml.resource.org/public/rfc/bibxml/reference.RFC.1034.xml">
+<!ENTITY RFC1035 PUBLIC '' "http://xml.resource.org/public/rfc/bibxml/reference.RFC.1035.xml">
+<!ENTITY RFC2119 PUBLIC '' "http://xml.resource.org/public/rfc/bibxml/reference.RFC.2119.xml">
+<!ENTITY RFC2782 PUBLIC '' "http://xml.resource.org/public/rfc/bibxml/reference.RFC.2782.xml">
+<!ENTITY RFC3629 PUBLIC '' "http://xml.resource.org/public/rfc/bibxml/reference.RFC.3629.xml">
+<!ENTITY RFC3686 PUBLIC '' "http://xml.resource.org/public/rfc/bibxml/reference.RFC.3686.xml">
+<!ENTITY RFC3826 PUBLIC '' "http://xml.resource.org/public/rfc/bibxml/reference.RFC.3826.xml">
+<!ENTITY RFC3912 PUBLIC '' "http://xml.resource.org/public/rfc/bibxml/reference.RFC.3912.xml">
+<!ENTITY RFC5869 PUBLIC '' "http://xml.resource.org/public/rfc/bibxml/reference.RFC.5869.xml">
+<!ENTITY RFC5890 PUBLIC '' "http://xml.resource.org/public/rfc/bibxml/reference.RFC.5890.xml">
+<!ENTITY RFC5891 PUBLIC '' "http://xml.resource.org/public/rfc/bibxml/reference.RFC.5891.xml">
+<!ENTITY RFC6781 PUBLIC '' "http://xml.resource.org/public/rfc/bibxml/reference.RFC.6781.xml">
+<!ENTITY RFC6895 PUBLIC '' "http://xml.resource.org/public/rfc/bibxml/reference.RFC.6895.xml">
+<!ENTITY RFC6979 PUBLIC '' "http://xml.resource.org/public/rfc/bibxml/reference.RFC.6979.xml">
+<!ENTITY RFC7748 PUBLIC '' "http://xml.resource.org/public/rfc/bibxml/reference.RFC.7748.xml">
+<!ENTITY RFC8032 PUBLIC '' "http://xml.resource.org/public/rfc/bibxml/reference.RFC.8032.xml">
+<!ENTITY RFC8126 PUBLIC '' "http://xml.resource.org/public/rfc/bibxml/reference.RFC.8126.xml">
+]>
+<?xml-stylesheet type='text/xsl' href='rfc2629.xslt' ?>
+<?rfc strict="yes" ?>
+<?rfc toc="yes" ?>
+<?rfc symrefs="yes"?>
+<?rfc sortrefs="yes" ?>
+<?rfc compact="yes" ?>
+<?rfc subcompact="no" ?>
+<rfc xmlns:xi="http://www.w3.org/2001/XInclude" category="info" docName="draft-schanzen-reclaimid-00" ipr="trust200902" obsoletes="" updates="" submissionType="IETF" xml:lang="en" version="3">
+ <!-- xml2rfc v2v3 conversion 2.26.0 -->
+ <front>
+  <title abbrev="reclaimid">
+   re:claimID - A System for Self-sovereign, Decentralised Identity Management and Personal Data Sharing
+  </title>
+  <seriesInfo name="Internet-Draft" value="draft-schanzen-reclaimid-00"/>
+  <author fullname="Martin Schanzenbach" initials="M." surname="Schanzenbach">
+   <organization>GNUnet e.V.</organization>
+   <address>
+    <postal>
+     <street>Boltzmannstrasse 3</street>
+     <city>Garching</city>
+     <code>85748</code>
+     <country>DE</country>
+    </postal>
+    <email>schanzen@gnunet.org</email>
+   </address>
+  </author>
+  <author fullname="Christian Grothoff" initials="C." surname="Grothoff">
+   <organization>Berner Fachhochschule</organization>
+   <address>
+    <postal>
+     <street>Hoeheweg 80</street>
+     <city>Biel/Bienne</city>
+     <code>2501</code>
+     <country>CH</country>
+    </postal>
+    <email>grothoff@gnunet.org</email>
+   </address>
+  </author>
+  <author fullname="Bernd Fix" initials="B." surname="Fix">
+   <organization>GNUnet e.V.</organization>
+   <address>
+    <postal>
+     <street>Boltzmannstrasse 3</street>
+     <city>Garching</city>
+     <code>85748</code>
+     <country>DE</country>
+    </postal>
+    <email>fix@gnunet.org</email>
+   </address>
+  </author>
+  <!-- Meta-data Declarations -->
+  <area>General</area>
+  <workgroup>Independent Stream</workgroup>
+  <keyword>identity management</keyword>
+  <abstract>
+   <t>This document contains the re:claimID technical specification.</t>
+  </abstract>
+ </front>
+ <middle>
+   <section anchor="introduction" numbered="true" toc="default">
+     <name>Introduction</name>
+     <t>
+       re:claimID is a decentralized, self-sovereign identity management
+       system. It allows users to be in control over their digital identities
+       without having to rely on central identity provider services (IdPs) in
+       order to share personal data.
+     </t>
+     <t>
+       re:claimID is built upon the GNU Name System <xref target="GNS"/>
+       for data sharing and storage.
+       It leverages the zone privacy and key blinding properties of the name
+       system in order to provide a secure sharing and authorization mechanism.
+     </t>
+     <t>
+       The system supports both "self-asserted" as well as third party asserted
+       identity attributes. The assertion mechanisms are out of scope of this
+       document.
+     </t>
+     <t>
+       The re:claimID system can used and integrated into the OpenID Connect
+       protocol.
+     </t>
+     <t>
+       This document defines the normative wire format of resource records, resolution processes,
+       cryptographic routines and security considerations for use by implementors.
+     </t>
+     <t>
+       The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL
+       NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and
+       "OPTIONAL" in this document are to be interpreted as described
+       in <xref target="RFC2119"/>.
+     </t>
+   </section>
+   <section anchor="identities" numbered="true" toc="default">
+     <name>Identities</name>
+     <t>
+       An identity in re:claimID is defined through a zone in GNS.
+       As such, the creation of a zone in GNS implicitly also creates
+       a re:claimID identity.
+     </t>
+     <section anchor="attributes" numbered="true" toc="default">
+       <name>Attributes</name>
+       <t>
+         A re:claimID identity attribute is stored in GNS under records
+         of type "RECLAIM_ATTRIBUTE". An attribute consists of an identifier,
+         an optional attestation identifier, a type, a flag, a name and data.
+         The record format of a RECLAIM_ATTRIBUTE is as follows:
+       </t>
+         <figure anchor="figure_gnsattribute">
+           <artwork name="" type="" align="left" alt=""><![CDATA[
+0     8     16    24    32    40    48    56
+-----+-----+-----+-----+-----+-----+-----+-----+
+|         TYPE          |         FLAG          |
+-----+-----+-----+-----+-----+-----+-----+-----+
+|                      ID                       |
+-----+-----+-----+-----+-----+-----+-----+-----+
+|                    ATTESTATION                |
+-----+-----+-----+-----+-----+-----+-----+-----+
+|         NSIZE         |          DSIZE        |
+-----+-----+-----+-----+-----+-----+-----+-----+
+/                  NAME + DATA                  /
+/                                               /
+-----------------------------------------------+
+             ]]></artwork>
+           <!--        <postamble>which is a very simple example.</postamble>-->
+         </figure>
+         <t>
+           where:
+         </t>
+         <dl>
+           <dt>TYPE</dt>
+           <dd>
+             Is the 32 bit attribute type as defined in the GANA registry.
+           </dd>
+           <dt>FLAG</dt>
+           <dd>
+             Is a 32 bit attribute flag combination as defined in the GANA registry
+           </dd>
+           <dt>ID</dt>
+           <dd>
+             Is a 64 bit attribute identifier.
+           </dd>
+           <dt>ATTESTATION</dt>
+           <dd>
+             Is the 64 bit credential identifier which asserts this attribute.
+             0 means no attestation.
+           </dd>
+           <dt>NSIZE</dt>
+           <dd>
+             32 bit length of the attribute name in bytes.
+           </dd>
+           <dt>DSIZE</dt>
+           <dd>
+             32 bit length of the attribute data.
+           </dd>
+           <dt>NAME</dt>
+           <dd>
+             The attribute name. A UTF-8 string.
+           </dd>
+           <dt>DATA</dt>
+           <dd>
+             The attribute data.
+           </dd>
+         </dl>
+     </section>
+     <section anchor="credentials" numbered="true" toc="default">
+       <name>Credentials</name>
+       <t>
+         A re:claimID credential is stored in GNS under records
+         of type "RECLAIM_CREDENTIAL". A credential consists of an identifier,
+         a type, a flag, a name and data.
+         The record format of a RECLAIM_CREDENTIAL is as follows:
+       </t>
+         <figure anchor="figure_gnscred">
+           <artwork name="" type="" align="left" alt=""><![CDATA[
+0     8     16    24    32    40    48    56
+-----+-----+-----+-----+-----+-----+-----+-----+
+|         TYPE          |         FLAG          |
+-----+-----+-----+-----+-----+-----+-----+-----+
+|                      ID                       |
+-----+-----+-----+-----+-----+-----+-----+-----+
+|         NSIZE         |          DSIZE        |
+-----+-----+-----+-----+-----+-----+-----+-----+
+/                  NAME + DATA                  /
+/                                               /
+-----------------------------------------------+
+             ]]></artwork>
+           <!--        <postamble>which is a very simple example.</postamble>-->
+         </figure>
+         <t>
+           where:
+         </t>
+         <dl>
+           <dt>TYPE</dt>
+           <dd>
+             Is the 32 bit credential type as defined in the GANA registry.
+           </dd>
+           <dt>FLAG</dt>
+           <dd>
+             Is a 32 bit credential flag combination as defined in the GANA registry
+           </dd>
+           <dt>ID</dt>
+           <dd>
+             Is a 64 bit credential identifier.
+           </dd>
+           <dt>NSIZE</dt>
+           <dd>
+             32 bit length of the credential name in bytes.
+           </dd>
+           <dt>DSIZE</dt>
+           <dd>
+             32 bit length of the credential data.
+           </dd>
+           <dt>NAME</dt>
+           <dd>
+             The credential name. A UTF-8 string.
+           </dd>
+           <dt>DATA</dt>
+           <dd>
+             The credential data.
+           </dd>
+         </dl>
+    </section>
+    <section anchor="tickets" numbered="true" toc="default">
+      <name>Tickets</name>
+      <section anchor="attrrefs" numbered="true" toc="default">
+        <name>Attribute References</name>
+      </section>
+      <section anchor="credpres" numbered="true" toc="default">
+        <name>Credential Presentations</name>
+      </section>
+    </section>
+  </section>
+   <section anchor="access" numbered="true" toc="default">
+     <name>Access Management</name>
+     <section anchor="authorization" numbered="true" toc="default">
+       <name>Authorization</name>
+     </section>
+     <section anchor="revocation" numbered="true" toc="default">
+       <name>Revocation</name>
+     </section>
+   </section>
+   <section anchor="openid" numbered="true" toc="default">
+     <name>OpenID Connect Integration</name>
+     <section anchor="openidclientreg" numbered="true" toc="default">
+       <name>Client Registration</name>
+     </section>
+     <section anchor="AuthorizationCode" numbered="true" toc="default">
+       <name>Authorization Code</name>
+     </section>
+     <section anchor="IDToken" numbered="true" toc="default">
+       <name>ID Token</name>
+     </section>
+     <section anchor="UserinfoEndpoint" numbered="true" toc="default">
+       <name>Userinfo Endpoint</name>
+     </section>
+   </section>
+   <section anchor="encoding" numbered="true" toc="default">
+     <name>Internationalization and Character Encoding</name>
+     <t>
+         All attribute names in re:claimID are encoded in UTF-8
+       <xref target="RFC3629" />.
+     </t>
+   </section>
+   <section anchor="security" numbered="true" toc="default">
+     <name>Security Considerations</name>
+   </section>
+   <section anchor="gana" numbered="true" toc="default">
+       <name>GANA Considerations</name>
+       <t>
+         GANA is requested to populate this registry as follows:
+       </t>
+       <figure anchor="figure_rrtypenums">
+         <artwork name="" type="" align="left" alt=""><![CDATA[
+Number: 65549
+Name: RECLAIM_TICKET
+Contact: N/A
+References: [This.I-D]
+Description: Ticket
+Number: 65549
+Name: RECLAIM_ATTRIBUTE
+Contact: N/A
+References: [This.I-D]
+Description: Identity attribute
+Number: 65550
+Name: RECLAIM_ATTRIBUTE_REF
+Contact: N/A
+References: [This.I-D]
+Description: Refrerence to identity attribute
+Number: 65551
+Name: RECLAIM_OIDC_CLIENT
+Contact: N/A
+References: [This.I-D]
+Description: OIDC client description
+Number: 65552
+Name: RECLAIM_OIDC_REDIRECT
+Contact: N/A
+References: [This.I-D]
+Description: OIDC client redirect(s)
+Number: 65553
+Name: RECLAIM_CREDENTIAL
+Contact: N/A
+References: [This.I-D]
+Description: Credential
+Number: 65554
+Name: RECLAIM_PRESENTATION
+Contact: N/A
+References: [This.I-D]
+Description: Credential presentation
+           ]]></artwork>
+       </figure>
+       <t>
+         GANA is requested to amend the "GNUnet Signature Purpose" registry
+         as follows:
+       </t>
+       <figure anchor="figure_purposenums">
+         <artwork name="" type="" align="left" alt=""><![CDATA[
+Purpose: 27
+Name: RECLAIM_CODE_SIGN
+References: [This.I-D]
+Description: Signature in OIDC authorization code
+           ]]></artwork>
+       </figure>
+     </section>
+     <!-- gana -->
+     <section>
+       <name>Test Vectors</name>
+     </section>
+   </middle>
+   <back>
+     <references>
+       <name>Normative References</name>
+       &RFC2119;
+       &RFC3629;
+       <reference anchor="GNS" target="https://lsd.gnunet.org/lsd0001">
+         <front>
+           <title>The GNU Name System</title>
+          <author initials="M." surname="Schanzenbach" fullname="Martin Schanzenbach">
+            <organization>GNUnet e.V.</organization>
+          </author>
+          <author initials="C." surname="Grothoff" fullname="Christian Grothoff">
+            <organization>GNUnet e.V.</organization>
+          </author>
+          <author initials="B." surname="Fix"
+            fullname="Bernd Fix">
+            <organization>GNUnet e.V.</organization>
+          </author>
+           <date year="2020" month="March"/>
+         </front>
+       </reference>
+     </references>
+   </back>
+ </rfc>

diff --git a/draft-schanzen-reclaimid.xml b/draft-schanzen-reclaimid.xml new file mode 100644 index 0000000..5141a39 --- /dev/null +++ b/draft-schanzen-reclaimid.xml
@@ -0,0 +1,386 @@
	1	<?xml version='1.0' encoding='utf-8'?>
	2	<!DOCTYPE rfc SYSTEM "rfc2629-xhtml.ent" [
	3	<!ENTITY RFC1034 PUBLIC '' "http://xml.resource.org/public/rfc/bibxml/reference.RFC.1034.xml">
	4	<!ENTITY RFC1035 PUBLIC '' "http://xml.resource.org/public/rfc/bibxml/reference.RFC.1035.xml">
	5	<!ENTITY RFC2119 PUBLIC '' "http://xml.resource.org/public/rfc/bibxml/reference.RFC.2119.xml">
	6	<!ENTITY RFC2782 PUBLIC '' "http://xml.resource.org/public/rfc/bibxml/reference.RFC.2782.xml">
	7	<!ENTITY RFC3629 PUBLIC '' "http://xml.resource.org/public/rfc/bibxml/reference.RFC.3629.xml">
	8	<!ENTITY RFC3686 PUBLIC '' "http://xml.resource.org/public/rfc/bibxml/reference.RFC.3686.xml">
	9	<!ENTITY RFC3826 PUBLIC '' "http://xml.resource.org/public/rfc/bibxml/reference.RFC.3826.xml">
	10	<!ENTITY RFC3912 PUBLIC '' "http://xml.resource.org/public/rfc/bibxml/reference.RFC.3912.xml">
	11	<!ENTITY RFC5869 PUBLIC '' "http://xml.resource.org/public/rfc/bibxml/reference.RFC.5869.xml">
	12	<!ENTITY RFC5890 PUBLIC '' "http://xml.resource.org/public/rfc/bibxml/reference.RFC.5890.xml">
	13	<!ENTITY RFC5891 PUBLIC '' "http://xml.resource.org/public/rfc/bibxml/reference.RFC.5891.xml">
	14	<!ENTITY RFC6781 PUBLIC '' "http://xml.resource.org/public/rfc/bibxml/reference.RFC.6781.xml">
	15	<!ENTITY RFC6895 PUBLIC '' "http://xml.resource.org/public/rfc/bibxml/reference.RFC.6895.xml">
	16	<!ENTITY RFC6979 PUBLIC '' "http://xml.resource.org/public/rfc/bibxml/reference.RFC.6979.xml">
	17	<!ENTITY RFC7748 PUBLIC '' "http://xml.resource.org/public/rfc/bibxml/reference.RFC.7748.xml">
	18	<!ENTITY RFC8032 PUBLIC '' "http://xml.resource.org/public/rfc/bibxml/reference.RFC.8032.xml">
	19	<!ENTITY RFC8126 PUBLIC '' "http://xml.resource.org/public/rfc/bibxml/reference.RFC.8126.xml">
	20	]>
	21	<?xml-stylesheet type='text/xsl' href='rfc2629.xslt' ?>
	22	<?rfc strict="yes" ?>
	23	<?rfc toc="yes" ?>
	24	<?rfc symrefs="yes"?>
	25	<?rfc sortrefs="yes" ?>
	26	<?rfc compact="yes" ?>
	27	<?rfc subcompact="no" ?>
	28	<rfc xmlns:xi="http://www.w3.org/2001/XInclude" category="info" docName="draft-schanzen-reclaimid-00" ipr="trust200902" obsoletes="" updates="" submissionType="IETF" xml:lang="en" version="3">
	29	<!-- xml2rfc v2v3 conversion 2.26.0 -->
	30	<front>
	31	<title abbrev="reclaimid">
	32	re:claimID - A System for Self-sovereign, Decentralised Identity Management and Personal Data Sharing
	33	</title>
	34	<seriesInfo name="Internet-Draft" value="draft-schanzen-reclaimid-00"/>
	35	<author fullname="Martin Schanzenbach" initials="M." surname="Schanzenbach">
	36	<organization>GNUnet e.V.</organization>
	37	<address>
	38	<postal>
	39	<street>Boltzmannstrasse 3</street>
	40	<city>Garching</city>
	41	<code>85748</code>
	42	<country>DE</country>
	43	</postal>
	44	<email>schanzen@gnunet.org</email>
	45	</address>
	46	</author>
	47	<author fullname="Christian Grothoff" initials="C." surname="Grothoff">
	48	<organization>Berner Fachhochschule</organization>
	49	<address>
	50	<postal>
	51	<street>Hoeheweg 80</street>
	52	<city>Biel/Bienne</city>
	53	<code>2501</code>
	54	<country>CH</country>
	55	</postal>
	56	<email>grothoff@gnunet.org</email>
	57	</address>
	58	</author>
	59	<author fullname="Bernd Fix" initials="B." surname="Fix">
	60	<organization>GNUnet e.V.</organization>
	61	<address>
	62	<postal>
	63	<street>Boltzmannstrasse 3</street>
	64	<city>Garching</city>
	65	<code>85748</code>
	66	<country>DE</country>
	67	</postal>
	68	<email>fix@gnunet.org</email>
	69	</address>
	70	</author>
	71
	72	<!-- Meta-data Declarations -->
	73	<area>General</area>
	74	<workgroup>Independent Stream</workgroup>
	75	<keyword>identity management</keyword>
	76	<abstract>
	77	<t>This document contains the re:claimID technical specification.</t>
	78	</abstract>
	79	</front>
	80	<middle>
	81	<section anchor="introduction" numbered="true" toc="default">
	82	<name>Introduction</name>
	83	<t>
	84	re:claimID is a decentralized, self-sovereign identity management
	85	system. It allows users to be in control over their digital identities
	86	without having to rely on central identity provider services (IdPs) in
	87	order to share personal data.
	88	</t>
	89	<t>
	90	re:claimID is built upon the GNU Name System <xref target="GNS"/>
	91	for data sharing and storage.
	92	It leverages the zone privacy and key blinding properties of the name
	93	system in order to provide a secure sharing and authorization mechanism.
	94	</t>
	95	<t>
	96	The system supports both "self-asserted" as well as third party asserted
	97	identity attributes. The assertion mechanisms are out of scope of this
	98	document.
	99	</t>
	100	<t>
	101	The re:claimID system can used and integrated into the OpenID Connect
	102	protocol.
	103	</t>
	104	<t>
	105	This document defines the normative wire format of resource records, resolution processes,
	106	cryptographic routines and security considerations for use by implementors.
	107	</t>
	108	<t>
	109	The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL
	110	NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and
	111	"OPTIONAL" in this document are to be interpreted as described
	112	in <xref target="RFC2119"/>.
	113	</t>
	114	</section>
	115	<section anchor="identities" numbered="true" toc="default">
	116	<name>Identities</name>
	117	<t>
	118	An identity in re:claimID is defined through a zone in GNS.
	119	As such, the creation of a zone in GNS implicitly also creates
	120	a re:claimID identity.
	121	</t>
	122	<section anchor="attributes" numbered="true" toc="default">
	123	<name>Attributes</name>
	124	<t>
	125	A re:claimID identity attribute is stored in GNS under records
	126	of type "RECLAIM_ATTRIBUTE". An attribute consists of an identifier,
	127	an optional attestation identifier, a type, a flag, a name and data.
	128	The record format of a RECLAIM_ATTRIBUTE is as follows:
	129	</t>
	130	<figure anchor="figure_gnsattribute">
	131	<artwork name="" type="" align="left" alt=""><![CDATA[
	132	0 8 16 24 32 40 48 56
	133	+-----+-----+-----+-----+-----+-----+-----+-----+
	134	\| TYPE \| FLAG \|
	135	+-----+-----+-----+-----+-----+-----+-----+-----+
	136	\| ID \|
	137	+-----+-----+-----+-----+-----+-----+-----+-----+
	138	\| ATTESTATION \|
	139	+-----+-----+-----+-----+-----+-----+-----+-----+
	140	\| NSIZE \| DSIZE \|
	141	+-----+-----+-----+-----+-----+-----+-----+-----+
	142	/ NAME + DATA /
	143	/ /
	144	+-----------------------------------------------+
	145	]]></artwork>
	146	<!-- <postamble>which is a very simple example.</postamble>-->
	147	</figure>
	148	<t>
	149	where:
	150	</t>
	151	<dl>
	152	<dt>TYPE</dt>
	153	<dd>
	154	Is the 32 bit attribute type as defined in the GANA registry.
	155	</dd>
	156	<dt>FLAG</dt>
	157	<dd>
	158	Is a 32 bit attribute flag combination as defined in the GANA registry
	159	</dd>
	160	<dt>ID</dt>
	161	<dd>
	162	Is a 64 bit attribute identifier.
	163	</dd>
	164	<dt>ATTESTATION</dt>
	165	<dd>
	166	Is the 64 bit credential identifier which asserts this attribute.
	167	0 means no attestation.
	168	</dd>
	169	<dt>NSIZE</dt>
	170	<dd>
	171	32 bit length of the attribute name in bytes.
	172	</dd>
	173	<dt>DSIZE</dt>
	174	<dd>
	175	32 bit length of the attribute data.
	176	</dd>
	177	<dt>NAME</dt>
	178	<dd>
	179	The attribute name. A UTF-8 string.
	180	</dd>
	181	<dt>DATA</dt>
	182	<dd>
	183	The attribute data.
	184	</dd>
	185	</dl>
	186	</section>
	187	<section anchor="credentials" numbered="true" toc="default">
	188	<name>Credentials</name>
	189	<t>
	190	A re:claimID credential is stored in GNS under records
	191	of type "RECLAIM_CREDENTIAL". A credential consists of an identifier,
	192	a type, a flag, a name and data.
	193	The record format of a RECLAIM_CREDENTIAL is as follows:
	194	</t>
	195	<figure anchor="figure_gnscred">
	196	<artwork name="" type="" align="left" alt=""><![CDATA[
	197	0 8 16 24 32 40 48 56
	198	+-----+-----+-----+-----+-----+-----+-----+-----+
	199	\| TYPE \| FLAG \|
	200	+-----+-----+-----+-----+-----+-----+-----+-----+
	201	\| ID \|
	202	+-----+-----+-----+-----+-----+-----+-----+-----+
	203	\| NSIZE \| DSIZE \|
	204	+-----+-----+-----+-----+-----+-----+-----+-----+
	205	/ NAME + DATA /
	206	/ /
	207	+-----------------------------------------------+
	208	]]></artwork>
	209	<!-- <postamble>which is a very simple example.</postamble>-->
	210	</figure>
	211	<t>
	212	where:
	213	</t>
	214	<dl>
	215	<dt>TYPE</dt>
	216	<dd>
	217	Is the 32 bit credential type as defined in the GANA registry.
	218	</dd>
	219	<dt>FLAG</dt>
	220	<dd>
	221	Is a 32 bit credential flag combination as defined in the GANA registry
	222	</dd>
	223	<dt>ID</dt>
	224	<dd>
	225	Is a 64 bit credential identifier.
	226	</dd>
	227	<dt>NSIZE</dt>
	228	<dd>
	229	32 bit length of the credential name in bytes.
	230	</dd>
	231	<dt>DSIZE</dt>
	232	<dd>
	233	32 bit length of the credential data.
	234	</dd>
	235	<dt>NAME</dt>
	236	<dd>
	237	The credential name. A UTF-8 string.
	238	</dd>
	239	<dt>DATA</dt>
	240	<dd>
	241	The credential data.
	242	</dd>
	243	</dl>
	244	</section>
	245	<section anchor="tickets" numbered="true" toc="default">
	246	<name>Tickets</name>
	247	<section anchor="attrrefs" numbered="true" toc="default">
	248	<name>Attribute References</name>
	249	</section>
	250	<section anchor="credpres" numbered="true" toc="default">
	251	<name>Credential Presentations</name>
	252	</section>
	253	</section>
	254	</section>
	255	<section anchor="access" numbered="true" toc="default">
	256	<name>Access Management</name>
	257	<section anchor="authorization" numbered="true" toc="default">
	258	<name>Authorization</name>
	259	</section>
	260	<section anchor="revocation" numbered="true" toc="default">
	261	<name>Revocation</name>
	262	</section>
	263	</section>
	264	<section anchor="openid" numbered="true" toc="default">
	265	<name>OpenID Connect Integration</name>
	266	<section anchor="openidclientreg" numbered="true" toc="default">
	267	<name>Client Registration</name>
	268	</section>
	269	<section anchor="AuthorizationCode" numbered="true" toc="default">
	270	<name>Authorization Code</name>
	271	</section>
	272	<section anchor="IDToken" numbered="true" toc="default">
	273	<name>ID Token</name>
	274	</section>
	275	<section anchor="UserinfoEndpoint" numbered="true" toc="default">
	276	<name>Userinfo Endpoint</name>
	277	</section>
	278
	279	</section>
	280	<section anchor="encoding" numbered="true" toc="default">
	281	<name>Internationalization and Character Encoding</name>
	282	<t>
	283	All attribute names in re:claimID are encoded in UTF-8
	284	<xref target="RFC3629" />.
	285	</t>
	286	</section>
	287
	288	<section anchor="security" numbered="true" toc="default">
	289	<name>Security Considerations</name>
	290	</section>
	291	<section anchor="gana" numbered="true" toc="default">
	292	<name>GANA Considerations</name>
	293	<t>
	294	GANA is requested to populate this registry as follows:
	295	</t>
	296	<figure anchor="figure_rrtypenums">
	297	<artwork name="" type="" align="left" alt=""><![CDATA[
	298	Number: 65549
	299	Name: RECLAIM_TICKET
	300	Contact: N/A
	301	References: [This.I-D]
	302	Description: Ticket
	303
	304	Number: 65549
	305	Name: RECLAIM_ATTRIBUTE
	306	Contact: N/A
	307	References: [This.I-D]
	308	Description: Identity attribute
	309
	310	Number: 65550
	311	Name: RECLAIM_ATTRIBUTE_REF
	312	Contact: N/A
	313	References: [This.I-D]
	314	Description: Refrerence to identity attribute
	315
	316	Number: 65551
	317	Name: RECLAIM_OIDC_CLIENT
	318	Contact: N/A
	319	References: [This.I-D]
	320	Description: OIDC client description
	321
	322	Number: 65552
	323	Name: RECLAIM_OIDC_REDIRECT
	324	Contact: N/A
	325	References: [This.I-D]
	326	Description: OIDC client redirect(s)
	327
	328	Number: 65553
	329	Name: RECLAIM_CREDENTIAL
	330	Contact: N/A
	331	References: [This.I-D]
	332	Description: Credential
	333
	334	Number: 65554
	335	Name: RECLAIM_PRESENTATION
	336	Contact: N/A
	337	References: [This.I-D]
	338	Description: Credential presentation
	339	]]></artwork>
	340	</figure>
	341	<t>
	342	GANA is requested to amend the "GNUnet Signature Purpose" registry
	343	as follows:
	344	</t>
	345	<figure anchor="figure_purposenums">
	346	<artwork name="" type="" align="left" alt=""><![CDATA[
	347	Purpose: 27
	348	Name: RECLAIM_CODE_SIGN
	349	References: [This.I-D]
	350	Description: Signature in OIDC authorization code
	351	]]></artwork>
	352	</figure>
	353	</section>
	354	<!-- gana -->
	355	<section>
	356	<name>Test Vectors</name>
	357	</section>
	358	</middle>
	359	<back>
	360	<references>
	361	<name>Normative References</name>
	362
	363	&RFC2119;
	364	&RFC3629;
	365
	366	<reference anchor="GNS" target="https://lsd.gnunet.org/lsd0001">
	367	<front>
	368	<title>The GNU Name System</title>
	369	<author initials="M." surname="Schanzenbach" fullname="Martin Schanzenbach">
	370	<organization>GNUnet e.V.</organization>
	371	</author>
	372
	373	<author initials="C." surname="Grothoff" fullname="Christian Grothoff">
	374	<organization>GNUnet e.V.</organization>
	375	</author>
	376
	377	<author initials="B." surname="Fix"
	378	fullname="Bernd Fix">
	379	<organization>GNUnet e.V.</organization>
	380	</author>
	381	<date year="2020" month="March"/>
	382	</front>
	383	</reference>
	384	</references>
	385	</back>
	386	</rfc>