Consent to Create Binding: Difference between revisions

From IDESG Wiki
Jump to navigation Jump to search
Line 22: Line 22:


Subject<blockquote>MANDITORY - this is the identifier from the user that will be the subject of the binding. It serves nearly the same purpose as the the DN of the X.509 certificate. Whether this subject identifier is to be bound to a real world entity (like a human being) is to be determined by the purposes to which the resulting entity statement will be put.</blockquote>
Subject<blockquote>MANDITORY - this is the identifier from the user that will be the subject of the binding. It serves nearly the same purpose as the the DN of the X.509 certificate. Whether this subject identifier is to be bound to a real world entity (like a human being) is to be determined by the purposes to which the resulting entity statement will be put.</blockquote>
Subject Contact and other information<blockquote>OPTIONAL - although a contact email might be a requirement for notices.</blockquote>
Issuer<blockquote>MANDITORY - URi OF the CSP (Audience of the request).</blockquote>
Issuer<blockquote>MANDITORY - URi OF the CSP (Audience of the request).</blockquote>
Consents<blockquote>MANDITORY - applies to above subject information. This is purely opt-in. No reference denotes no consent.</blockquote>
Entity Statement<blockquote>NOT PART OF REQUEST - this is the message returned by the CSP after the process has been completed. It is then made available to any legitimate request. It is signed by a well-known key belonging the the CSP.</blockquote>
Entity Statement<blockquote>NOT PART OF REQUEST - this is the message returned by the CSP after the process has been completed. It is then made available to any legitimate request. It is signed by a well-known key belonging the the CSP.</blockquote>
Device Statement<blockquote>MANDITORY for AAL2 and higher certifications. It is used by the CSP to verify the level of protection provided to the Private key of the certificate.</blockquote>
Device Statement<blockquote>MANDITORY for AAL2 and higher certifications. It is used by the CSP to verify the level of protection provided to the Private key of the certificate.</blockquote>

Revision as of 21:12, 8 September 2019

Full Title

The definition of a message to carry consent from a subject to a Credential Service Provider.

Goals

The goal is a certificate in the hands of the user which meets the security requirements of the intended purpose.

Context

In an environment where a subject is requesting the establishment of a binding between it's private key and a Provider of any identifier services, the implicit assumption has been that the action of the subject on the website is sufficient. In today's world of gathering a subject's most private information some better means of capturing subject consent is urgently needed.

Existing Methods

  1. While it is true that methods exist for individual subjects to acquire a certificate for signing emails and receiving encrypted email, the adoption of that method outside of th enterprise is essentially failed and will not be considered as a paradigm for this effort.
  2. The most common request today is for an SSL or EV certificate from a Certificate Authority (CA) which works reasonably well for what it is intended to do. While it is possible to set up a CA of your own, we will address the more common case of a CA that has been approved by the major browser vendors. Before the process begins the user selects a Distinguished Name for the site based on the rules established by the CA/B forum.

NIST levels of Assurance

External Definitions used in this Document

Credential Service Provider

Problems

Prevention of attacks (exploits)

Solution

The following is the current understanding of what needs to be included in a Consent for Binding Request.

Subject

MANDITORY - this is the identifier from the user that will be the subject of the binding. It serves nearly the same purpose as the the DN of the X.509 certificate. Whether this subject identifier is to be bound to a real world entity (like a human being) is to be determined by the purposes to which the resulting entity statement will be put.

Subject Contact and other information

OPTIONAL - although a contact email might be a requirement for notices.

Issuer

MANDITORY - URi OF the CSP (Audience of the request).

Consents

MANDITORY - applies to above subject information. This is purely opt-in. No reference denotes no consent.

Entity Statement

NOT PART OF REQUEST - this is the message returned by the CSP after the process has been completed. It is then made available to any legitimate request. It is signed by a well-known key belonging the the CSP.

Device Statement

MANDITORY for AAL2 and higher certifications. It is used by the CSP to verify the level of protection provided to the Private key of the certificate.

Identity Proof

MANDITORY unless the CSP is willing and able to provide it for the subject in IAL2 and higher assurance credentials.

Purpose

MANDATORY for any level of assurance greater than level one in any of the 3 categories of assurance.

ACR

OPTIONAL - this is only useful in the case where the Purpose is not adequate to establish the required levels of assurance of the resulting Entity Statement.

Issue Date

MANDITORY - Linux epoch date is default

Expiration Date

MANDITORY - Linux epoch date is default

Subject Public Key

MANDITORY - be be included directly or by reference.

Signature

MANDITORY - using the above key.

Encryption

MANDITORY??? - using the CSP key.