Hi folks, I could be making a big mistake but I don't really understand the need for JWP or SD-JWT.
Let me ask two questions about the Issuer-Holder-Verifier model that JWP and SD-JWT are premised on. 1. How does a Holder confirm the validity of a Verifier before the selective disclosure? In the typical use case where a Holder selectively discloses some claims to a Verifier using a QR code or NFC, is there any way to prevent or mitigate disclosure by mistake if the Verifier is malicious or infected with malware? It is impossible for a user to visually determine whether the QR code reader device (or app) is malicious or not. In order to confirm the validity of the Verifier (as in the general OAuth flow), I suppose that the Verifier must be authenticated by the Issuer each time before the Holder's claims are disclosed. At least, it looks to me that SD-JWT is a dangerous solution because it discloses linkable personal data without any Verifier validation. 2. How does an Issuer fulfill its responsibility as a personal data controller? My understanding is that the Issuer is responsible for the Holders' personal data management because the Issuer is providing selective disclosure of the personal data as a service. This means that the Issuer can be regarded, for example, as a 'controller' as defined in GDPR. At this time, the Issuer has various responsibilities regarding the protection of the personal data. The following is a partial list: - Record and maintain logs of the data disclosures to third parties (the Verifiers) for a certain period of time. - Notify a supervisory authority of the scope of impact and countermeasures in the event of an incident, such as a personal data breach. - Demonstrate that the Holder has consented to the disclosure of his or her personal data. - etc. In this Issuer-Holder-Verifier model where an Issuer is not necessarily involved in the disclosure transaction between a Holder and a Verifier, how does the Issuer fulfill the above responsibilities? I suppose that in order to preserve the audit log containing the Holder's consent in a manner that even the Holder cannot repudiate, the Issuer would have to be involved in the disclosure transaction each time, similar to question 1. I have seen some people say that it is a kind of privacy invasion for an Issuer to be able to track every disclosure transaction by a Holder, but I think that is false. The Issuer is recording the transaction data for compliance with a legal obligation as a personal data controller, and any deviation from this should be prohibited by law. I think that preventing data breach to malicious or compromised Verifier is much more privacy protective. Anyway, my point is that in light of the obvious security measures that an Issuer should take (Question 1) and the general personal data protection legislation (Question 2), in the selective disclosure transaction, only a Holder can be offline, while an Issuer and a Verifier have to be online. If this assumption is correct, then neither JWP nor SD-JWT is necessary, and the solution to be adopted may vary greatly. For example, a solution where (1) a Holder generates and passes to a Verifier an short-lived token indicating the user's consent to the selective disclosure protected by end-to-end encryption between the Issuer and the Holder, and (2) the Issuer provides endpoints for the selective disclosure that requires the short-lived token and Verifier authentication is simpler and more secure than JWP or SD-JWT. It is also more compliant with a general personal data protection regulation. Furthermore, in the end-to-end encryption, the Holder generally uses an ephemeral public key so the unlinkability of the disclosed claims is also achieved naturally. I would appreciate your feedback on the above. Sorry for the long post. Best regards, Ajitomi, Daisuke
_______________________________________________ jose mailing list [email protected] https://www.ietf.org/mailman/listinfo/jose
