User Apps with Identifiers
Full Title
This article addresses the various solutions to creation of a synchronized Identifier between a user app and a Relying Party
Context
The example addressed here is a Smartphone app that is uses to establish a user's identifier with a Website over the internet.
Problems
- The user needs to trust that the app will honor the user's wishes.
- The web site needs to trust that the app correctly informs it of the user's preferred identifier with:
- the appropriate Identity Assurance Level (IAL) aka identity proofing.
- the appropriate Authentication Assurance Level (AAL) aka proof of presence and control by the user.
- the appropriate Federation Assurance Level (FAL) aka follows the federation rule and regulations. (optional)
Solutions
Two major category of app are consider along with a hybrid that lies between the two.
Native App Solutions
- The app is loaded from a trusted app store and has full access to the features of the device.
- If the smart phone browser is available, (the assumption is that) it will be able to start the app.
Web App Solutions
- The app is loaded from a trusted web site and has access to the service broker features in the DOM.
- The user on a web browser can be redirected to get a token from the web site, which the browser redirects to the web app.
- Also known as a Progressive Web App or PWA.
- The app is only available when running on a smartphone, but the web address will respond if the if app is not running.
Hybrid App Solutions
- The app works with a website that can present information about user choices at all times.
- For an example, in the solid project, a user stores personal data in "pods" (personal online data stores) hosted wherever the user desires.