User Apps with Identifiers: Difference between revisions
Jump to navigation
Jump to search
Line 21: | Line 21: | ||
===Web App Solutions=== | ===Web App Solutions=== | ||
* The app is loaded from a trusted web site and has access to the service broker features in the DOM. | * The app is loaded from a trusted web site and has access to the service broker features in the DOM. | ||
* Also known as a Progressive Web App or PWA. | |||
* The app is only available then running on a smartphone, but the web address will respond if the if app is not running. | * The app is only available then running on a smartphone, but the web address will respond if the if app is not running. | ||
===Hybrid App Solutions=== | ===Hybrid App Solutions=== | ||
*The app works with a website that can present information about user choices at all times. | *The app works with a website that can present information about user choices at all times. |
Revision as of 23:42, 12 January 2021
Full Title
This article addresses the various solutions to creation of a synchronized Identifier between a user app and a Relying Party
Context
The example addressed here is a Smartphone app that is uses to establish a user's identifier with a Website over the internet.
Problems
- The user needs to trust that the app will honor the user's wishes.
- The web site needs to trust that the app correctly informs it of the user's preferred identifier with:
- the appropriate Identity Assurance Level (IAL) aka identity proofing.
- the appropriate Authentication Assurance Level (AAL) aka proof of presence and control by the user.
- the appropriate Federation Assurance Level (FAL) aka follows the federation rule and regulations. (optional)
Solutions
Two major category of app are consider along with a hybrid that lies between the two.
Native App Solutions
- The app is loaded from a trusted app store and has full access to the features of the device.
- If the smart phone browser is available, (the assumption is that) it will be able to start the app.
Web App Solutions
- The app is loaded from a trusted web site and has access to the service broker features in the DOM.
- Also known as a Progressive Web App or PWA.
- The app is only available then running on a smartphone, but the web address will respond if the if app is not running.
Hybrid App Solutions
- The app works with a website that can present information about user choices at all times.