User Apps with Identifiers: Difference between revisions
Jump to navigation
Jump to search
Line 18: | Line 18: | ||
* The app is loaded from a trusted app store and has full access to the features of the device. | * The app is loaded from a trusted app store and has full access to the features of the device. | ||
* If the smart phone browser is available, (the assumption is that) it will be able to start the app. | * If the smart phone browser is available, (the assumption is that) it will be able to start the app. | ||
====Unsolved Problem=== | ====Unsolved Problem==== | ||
The redirection code (e.g. openid://) can be registered, or hijacked) by any app that the user downloads. | The redirection code (e.g. openid://) can be registered, or hijacked) by any app that the user downloads. | ||
Line 26: | Line 26: | ||
* Also known as a Progressive Web App or PWA. | * Also known as a Progressive Web App or PWA. | ||
* The app is only available when running on a smartphone, but the web address will respond if the if app is not running. | * The app is only available when running on a smartphone, but the web address will respond if the if app is not running. | ||
====Unsolved Problem==== | |||
# Each app has its own URL which corresponds to the site where it was loaded. The RP needs to know which app are loaded in order to redirect the request to the app for authentication. | |||
===Hybrid App Solutions=== | ===Hybrid App Solutions=== | ||
* The app works with a website that can present information about user choices at all times. | * The app works with a website that can present information about user choices at all times. | ||
* For an example, in the solid project, a user stores personal data in "pods" (personal online data stores) hosted wherever the user desires. | * For an example, in the solid project, a user stores personal data in "pods" (personal online data stores) hosted wherever the user desires. | ||
====Unsolved Problem==== | |||
# Who pays for hosting the PODS | |||
==References== | ==References== |
Revision as of 00:00, 13 January 2021
Full Title
This article addresses the various solutions to creation of a synchronized Identifier between a user app and a Relying Party
Context
The example addressed here is a Smartphone app that is uses to establish a user's identifier with a Website over the internet.
Problems
- The user needs to trust that the app will honor the user's wishes.
- The web site needs to trust that the app correctly informs it of the user's preferred identifier with:
- the appropriate Identity Assurance Level (IAL) aka identity proofing.
- the appropriate Authentication Assurance Level (AAL) aka proof of presence and control by the user.
- the appropriate Federation Assurance Level (FAL) aka follows the federation rule and regulations. (optional)
Solutions
Two major category of app are consider along with a hybrid that lies between the two.
Native App Solutions
- The app is loaded from a trusted app store and has full access to the features of the device.
- If the smart phone browser is available, (the assumption is that) it will be able to start the app.
Unsolved Problem
The redirection code (e.g. openid://) can be registered, or hijacked) by any app that the user downloads.
Web App Solutions
- The app is loaded from a trusted web site and has access to the service broker features in the DOM.
- The user on a web browser can be redirected to get a token from the web site, which the browser redirects to the web app.
- Also known as a Progressive Web App or PWA.
- The app is only available when running on a smartphone, but the web address will respond if the if app is not running.
Unsolved Problem
- Each app has its own URL which corresponds to the site where it was loaded. The RP needs to know which app are loaded in order to redirect the request to the app for authentication.
Hybrid App Solutions
- The app works with a website that can present information about user choices at all times.
- For an example, in the solid project, a user stores personal data in "pods" (personal online data stores) hosted wherever the user desires.
Unsolved Problem
- Who pays for hosting the PODS