STATUS: Withdrawn by the proponent for now in favor of the credentials work.

Identity Provider Task Force

Goals

Create an open standard interface for an Identity Provider such that:

• Credentials can be delivered in a secure way to a requesting party
• IdP can deliver tokens in place of any private data
• IdP's must be interoperable between IdP's with dissimilar technologies
• Any IdP standard must include end-to-end solution

Problem Statement

• Existing IdP are primarily limited to Single Sign-on.
• A standardized Identity Provider will be required for services like credentials and tokenization.
• Technologies like DLT (Distributed Ledger Technology/Blockchain) is using public/private keys as identity. These keys are stolen all the time causing a loss of digital assets.
• Regulatory landscape is changing quickly around the exchange of personal information over the internet. IdP must include standardized security mechanisms for the protection of said information.

Deliverables

• Description of a IdP
• Use cases for IdP
• High level requirements for IdP
• Rough Security requirements for web service exposing a tokenization service to the public internet
• List of ... that is outside the scope of a standard (such as authentication technology)
• List of Terms and Definition

Success criteria

• Successful creation of a IG

Task Force Operation

If formed, the IDIG Task Force will:

• Have weekly calls
• Work on completing the deliverables outlined above
• Presentable material for February F2F

Dependencies

• https://w3c.github.io/websec/web-authentication-charter
• https://w3c.github.io/websec/hasec-charter
• Verifiable Assets, Credentials, Tokenization

Concerns

• Creates a honey pot of identity information any hacker would love.
• Many legal and regulatory concerns that technology must address.

Milestones / Timelines

• Perform background research listed in deliverables