2023 07 31 Meeting Minutes

recording

Agenda

• Continue defining architecture components presented in the 2023-07-10 meeting

Discussion

• Digital Container Code Base - a digital container capable of managing cryptographic keys in its simplest term for a wallet, presenting credentials using different protocols and formats, and managing credentials

  
  • Conversation around using the hardware trusted execution environment or secure enclave to hold the encryption key that secures the credentials.
  • Concern raised that when you wrap the key using the hardware-backed key, you still must decrypt the key and it lives in memory which lends itself to possible attack vectors and 0-day exploits.
  • Recommend designing the system so the application runtime space is not the same as where the cryptographic material lives.
  • Bruno has volunteered to do a write-up on this topic and present at a future call.
  • Discussion about crypto agility and post-quantum crypto
    • Tom discussed Dilithium and Krystal as crypto-primitives that have been submitted to the NIST Post Quantum project (https://pq-crystals.org/index.shtml)
    • Two facets of crypt-agility: hardware vs. software and current crypto vs. tomorrow's crypto

• Credential Signature/Formats

  • Discussion around end-to-end profiles for how the credential gets issues to a wallet and from the wallet to a verifier.
  • It was discussed that we should depend on the work being done by the credential format comparison SIG and the matrix they are creating.

• Presentation Protocols

  • The "out of the wallet" indicates that it's the presentation of the credential. From what's in the wallet to the verifier as opposed to the issuance of the credential, which is the "into the wallet" described in Step 4. But the presentation protocol requires a request to first request to go to the wallet. Yeah, yes, it's not talking about the fact that only the wallet sends stuff out. It talks about the primary transfer of information is from out. So it so there's back and forth in that protocol.
  • Action item is to create a list of presentation protocols similar to what the credential format comparison SIG is doing.
  • Most of the presentation protocols are defined by the credential type and we should be looking at the end-to-end profiles.
  • Maybe this is a tree with remote flows and proximity flows for the different credential types.
  • The EU ARF has a powerful approach that has a diagram that makes it very easy to see the end-to-end flow.
  • Keep architecture flexible, but focus on some known profiles to start.
  • Presentation profiles for us to look into:
    • https://identity.foundation/jwt-vc-presentation-profile/
    • https://github.com/hyperledger/aries-rfcs/blob/main/concepts/0302-aries-interop-profile/README.md
    • https://digital-strategy.ec.europa.eu/en/library/european-digital-identity-architecture-and-reference-framework-outline
    • https://github.com/decentralized-identity/jwt-vc-issuance-profile
    • https://github.com/decentralized-identity/waci-didcomm

• Authentication

  • Juliana is going to detail out different authentication methods, contexts, and strengths and present at next week's call.