Session Date/Time: 07 Nov 2023 08:30

spice

Summary

The SPICE (Secure Protocols for Identity Credentials) Birds of a Feather (BoF) session explored the need for secure and privacy-preserving identity credential protocols, particularly in the context of verifiable credentials and digital identity wallets. Presentations covered market drivers (EU Digital Identity Wallet), use cases, potential work items, privacy considerations, and the role of selective disclosure. The session aimed to gauge interest in forming an IETF working group focused on foundational standards for webflow credentials and to discuss the proposed charter and milestones. The results of the polling questions showed that there is significant interest in having a working group at IETF focusing on this space.

Key Discussion Points

EU Digital Identity Wallet (EUDI): The EU's legislative process for digital identity wallets and the need for interoperable standards. Lafe presented how the EUDI legislative process requires technical specifications masquerading as law.
Use Cases: Various use cases were discussed, including forklift certification, digital driver's licenses, securing supply chains, and educational credentials.
3-Party Model: The session spent time defining the holder, issuer, verifier relationship and it's variations.
Potential Work Items: Key exchange, selective disclosure, non-correlation, and the use of COSE (Concise Object Sequence Encoding) for compact representations.
Privacy Considerations: Minimal disclosure, not calling home, non-correlation, tracking, and zero-knowledge proofs were discussed as important privacy properties. Mike Jones explained different types of non correlation that could be applied in this context.
Selective Disclosure: The importance of selective disclosure for data minimization and privacy was emphasized, with examples of how it could be implemented using COSE structures.
Extensibility and Global Applicability: The need for extensibility to support various claims and regulatory requirements for global interoperability was addressed. Hank outlined the goal of creating protocols independent of the representation of the statements.
Scope Definition: Significant debate centered on the scope of the proposed working group, particularly the distinction between credential formats and transport protocols. The participants discussed the need to keep definitions clear. Participants expressed the goal of supporting both device and device-less (e.g. paper based) systems.
Accountability: The importance of designing systems with hooks for accountability, particularly for verifiers and issuers, was raised.

Decisions and Action Items

Charter Revision: The charter text needs to be refined to better define the problem space, the scope of work, and the relationship with other standards bodies (W3C, OpenID Foundation, Privacy Pass). Jonathan raised the concern that privacy-pass was excluded.
Mailing List Discussion: The revised charter will be circulated on the mailing list for further feedback.
Collaboration: Active engagement and collaboration with other standards organizations and stakeholders in relevant verticals is crucial.

Next Steps

The chairs will revise the charter based on the feedback received during the session and from the mailing list.
A revised charter will be circulated on the mailing list for further discussion and refinement.
The ISG will determine next steps based on the progress made on the mailing list, which may include a future BoF session or a decision to form a working group.