Meeting the Privacy Goals of NSTIC in the Short Term
-
Upload
elizabeth-mcguire -
Category
Documents
-
view
27 -
download
2
description
Transcript of Meeting the Privacy Goals of NSTIC in the Short Term
![Page 1: Meeting the Privacy Goals of NSTIC in the Short Term](https://reader035.fdocuments.in/reader035/viewer/2022062422/56813066550346895d963e45/html5/thumbnails/1.jpg)
05/03/2011 Pomcor1
Meeting the Privacy Goals of NSTIC in the Short Term
Presentation at the
2011 Internet Identity Workshop
Francisco Corella and Karen P. Lewison
Pomcor
![Page 2: Meeting the Privacy Goals of NSTIC in the Short Term](https://reader035.fdocuments.in/reader035/viewer/2022062422/56813066550346895d963e45/html5/thumbnails/2.jpg)
05/03/2011 Pomcor2
Contents
The following slides illustrate protocol steps described in the white paper “Achieving the Privacy Goals of NSTIC in the Short Term” available at
http://pomcor.com/whitepapers/NSTICWhitePaper.pdf
There are three protocol variations: Attribute verification Delegated authorization Social login
![Page 3: Meeting the Privacy Goals of NSTIC in the Short Term](https://reader035.fdocuments.in/reader035/viewer/2022062422/56813066550346895d963e45/html5/thumbnails/3.jpg)
05/03/2011 Pomcor3
Attribute Verification
![Page 4: Meeting the Privacy Goals of NSTIC in the Short Term](https://reader035.fdocuments.in/reader035/viewer/2022062422/56813066550346895d963e45/html5/thumbnails/4.jpg)
Attribute
Provider
Browser
Relying
Party
Attribute request
+Callback
URL
Step 1
![Page 5: Meeting the Privacy Goals of NSTIC in the Short Term](https://reader035.fdocuments.in/reader035/viewer/2022062422/56813066550346895d963e45/html5/thumbnails/5.jpg)
Attribute
Provider
Browser
Relying
Party
Attribute request
+one-time
PublicKey
Retains callback URL.
Produces one-time key pair,
retains one-time private key.
User’s long term
TLS certificate
Step 2
![Page 6: Meeting the Privacy Goals of NSTIC in the Short Term](https://reader035.fdocuments.in/reader035/viewer/2022062422/56813066550346895d963e45/html5/thumbnails/6.jpg)
Attribute
Provider
Browser
Relying
Party
One-time cert binding attribute to one-time
public key
Step 3
![Page 7: Meeting the Privacy Goals of NSTIC in the Short Term](https://reader035.fdocuments.in/reader035/viewer/2022062422/56813066550346895d963e45/html5/thumbnails/7.jpg)
Attribute
Provider
Browser
Relying
Party
Asks user’s permission to pass attribute
to relying party
Step 4
![Page 8: Meeting the Privacy Goals of NSTIC in the Short Term](https://reader035.fdocuments.in/reader035/viewer/2022062422/56813066550346895d963e45/html5/thumbnails/8.jpg)
Attribute
Provider
Browser
Relying
Party
Uses one-time private key in TLS handshake
Step 5
One-time cert used as TLS client cert
Targets callback
URL
Browser
Success
![Page 9: Meeting the Privacy Goals of NSTIC in the Short Term](https://reader035.fdocuments.in/reader035/viewer/2022062422/56813066550346895d963e45/html5/thumbnails/9.jpg)
05/03/2011 Pomcor9
Delegated Authorization
![Page 10: Meeting the Privacy Goals of NSTIC in the Short Term](https://reader035.fdocuments.in/reader035/viewer/2022062422/56813066550346895d963e45/html5/thumbnails/10.jpg)
Site holding user’s
account
Browser
Web application
Access request+
One-time public key+
Callback URL
Step 1
![Page 11: Meeting the Privacy Goals of NSTIC in the Short Term](https://reader035.fdocuments.in/reader035/viewer/2022062422/56813066550346895d963e45/html5/thumbnails/11.jpg)
Browser
Access request
+one-time
PublicKey
Retains callback
URL
User’s long term
TLS certificate
Step 2
Site holding user’s
account
Web application
![Page 12: Meeting the Privacy Goals of NSTIC in the Short Term](https://reader035.fdocuments.in/reader035/viewer/2022062422/56813066550346895d963e45/html5/thumbnails/12.jpg)
Browser
One-time cert binding access grant to one-time public key
Step 3
Site holding user’s
account
Web application
![Page 13: Meeting the Privacy Goals of NSTIC in the Short Term](https://reader035.fdocuments.in/reader035/viewer/2022062422/56813066550346895d963e45/html5/thumbnails/13.jpg)
Browser
Asks user’s permission to
grant access to application
Step 4
Site holding user’s
account
Web application
![Page 14: Meeting the Privacy Goals of NSTIC in the Short Term](https://reader035.fdocuments.in/reader035/viewer/2022062422/56813066550346895d963e45/html5/thumbnails/14.jpg)
Browser
Step 5
Browser
One-time cert with access grant Targets
callback URL
Site holding user’s
account
Web application
![Page 15: Meeting the Privacy Goals of NSTIC in the Short Term](https://reader035.fdocuments.in/reader035/viewer/2022062422/56813066550346895d963e45/html5/thumbnails/15.jpg)
Browser
Step 6
Browser
One-time cert with access grant used as TLS client cert
Site holding user’s
account
Web application
![Page 16: Meeting the Privacy Goals of NSTIC in the Short Term](https://reader035.fdocuments.in/reader035/viewer/2022062422/56813066550346895d963e45/html5/thumbnails/16.jpg)
05/03/2011 Pomcor16
Social Login
Combines attribute verification
And delegated authorization
![Page 17: Meeting the Privacy Goals of NSTIC in the Short Term](https://reader035.fdocuments.in/reader035/viewer/2022062422/56813066550346895d963e45/html5/thumbnails/17.jpg)
Attribute
Provider
Browser
Attribute request, access request,app’s one-time
public key,callback URL
Step 1
Web application
![Page 18: Meeting the Privacy Goals of NSTIC in the Short Term](https://reader035.fdocuments.in/reader035/viewer/2022062422/56813066550346895d963e45/html5/thumbnails/18.jpg)
Attribute
Provider
Browser
User’s long term
TLS certificate
Step 2
Retains callback URL.
Produces browser’s one-time key pair,
retainingprivate key.
Attribute request, browser’s one-time
public key,access request,app’s one-time
public key
Web application
![Page 19: Meeting the Privacy Goals of NSTIC in the Short Term](https://reader035.fdocuments.in/reader035/viewer/2022062422/56813066550346895d963e45/html5/thumbnails/19.jpg)
Attribute
Provider
Browser
One-time cert bindingattribute to browser’s one-time public key +one-time cert bindingaccess grant to app’s one-time public key
Step 3
Web application
![Page 20: Meeting the Privacy Goals of NSTIC in the Short Term](https://reader035.fdocuments.in/reader035/viewer/2022062422/56813066550346895d963e45/html5/thumbnails/20.jpg)
Attribute
Provider
Browser
Asks user’s permission to
pass attribute and grant access to
application
Step 4
Web application
![Page 21: Meeting the Privacy Goals of NSTIC in the Short Term](https://reader035.fdocuments.in/reader035/viewer/2022062422/56813066550346895d963e45/html5/thumbnails/21.jpg)
Attribute
Provider
Browser
Step 5
Browser
One-time cert with access grant
Uses one-time private key in TLS handshake
One-time cert with attribute used as TLS client cert
Targets callback
URL
Web application
![Page 22: Meeting the Privacy Goals of NSTIC in the Short Term](https://reader035.fdocuments.in/reader035/viewer/2022062422/56813066550346895d963e45/html5/thumbnails/22.jpg)
Attribute
Provider
Browser
Step 6
Browser
One-time cert with access grant used as TLS client cert
Web application