WIP: Identities #79
WIP: Identities #79
Conversation
Fixed typo and added missing changelog entry for changes in CONTRIBUTING.md
Adding the Structure for the communication guide and moving the infomodel to a new location.
tidy up formatting
…ation Add more foundational standards
* Adding prelimmary figure and source Adding entities and realtionship of dataspaces as png and draw.io source * Linking the entity model to the Communication Guide * Add Catalog section to the CommunicationGuide * Add Catalog section to the CommunicationGuide Co-authored-by: Sebastian Bader <[email protected]> Co-authored-by: Anil Turkmayali <[email protected]>
* Issue 46: Bugfix adding necessary JSON-LD context elements (#49) * Bugfix adding necessary JSON-LD context elements Co-authored-by: Sebastian Steinbuss <[email protected]> * Add specification input documents * Remove uneccessary restrictions * Add numbering * Fix cardinality typo * Add mapping section Co-authored-by: sebbader-sap <[email protected]> Co-authored-by: Jim Marino <[email protected]>
…n-guide-identities
|
isn't this pull request obsolete since the respective changes have been merged to another branch by: #83? |
Communication/Identities/README.md
Outdated
| # Identities | ||
|
|
||
| Connector identities according to this specification are typically represented by some sort of token. | ||
| This token contains statements about properties of the connector ("claims"), like its membership in one or more data spaces. |
There was a problem hiding this comment.
and it's trust level as well as it's assurance level (e.g., trust level 1 for base connector with assurance level 1 for a self-assessment).
There was a problem hiding this comment.
Please tell the exact claim names for the token.
Communication/Identities/README.md
Outdated
| In order to establish trust via these tokens, two requirements have to be met: | ||
|
|
||
| - Security-relevant claims within the token, or the entire token as a whole, MUST be signed by one or more trusted entities. | ||
| - There MUST exist a sound mechanism that enables a connector to proof ownership over the tokens or claims issued for this particular connector. |
There was a problem hiding this comment.
So this means, the token belongs to the connector that is trying to establish a connection? Should we mention binding the base identity/certificate to the token?
There was a problem hiding this comment.
We would also have to somehow signal the used version of a DAT to the other connector. This is facilitated by the version encoded in the issuer URL at the moment. Should we consider requirements for that?
There was a problem hiding this comment.
TODO: Talk with @bellebaum about versioning schema and whether this makes sense.
There was a problem hiding this comment.
So this means, the token belongs to the connector that is trying to establish a connection? Should we mention binding the base identity/certificate to the token?
I think the point right below this one is supposed to express exactly this, but making the channel binding (That's what some authentication mechanisms call it) explicit may be less subtle.
We would also have to somehow signal the used version of a DAT to the other connector. This is facilitated by the version encoded in the issuer URL at the moment. Should we consider requirements for that?
As far as I am aware, there is as of now no versioning scheme for the DAT, just for the DAPS. I feel like the more appropriate thing to do is to ensure the DAT claims stay backwards compatible, and update the verification routines to include checks on newer included information.
If applicable, some sort of critical array can also be defined marking certain keys in the DAT as critical. The idea here would be that any connector MUST reject DATs for which it does not know how to handle/check a certain claim. This should of course only be done with claims adding additional proofs of applicability to the connector (like new forms of binding). C.t. https://www.rfc-editor.org/rfc/rfc5280#section-4.2
There was a problem hiding this comment.
If applicable, some sort of
criticalarray can also be defined marking certain keys in the DAT as critical. The idea here would be that any connector MUST reject DATs for which it does not know how to handle/check a certain claim. This should of course only be done with claims adding additional proofs of applicability to the connector (like new forms of binding). C.t. https://www.rfc-editor.org/rfc/rfc5280#section-4.2
Interesting idea. This is however not yet part of any existing OAuth-related standard, is it? If we do this, should we explain it here in the IDS-G as well?
| Each implementation of identity tokens MUST at least implement the following claims: | ||
|
|
||
| - `securityProfile`: Reflects the `SecurityProfile` of the owning connector according to IDS certification criteria. | ||
| Valid values are `idsc:BASE_SECURITY_PROFILE`, `idsc:TRUST_SECURITY_PROFILE` and `idsc:TRUST_PLUS_SECURITY_PROFILE` as given by the members of https://international-data-spaces-association.github.io/InformationModel/docs/index.html#SecurityProfile. |
There was a problem hiding this comment.
See comment above, potentially also still not reflected in the info model.
There was a problem hiding this comment.
Introduce trustLevel instead to be consistent with certification.
| The claim MUST NOT contain any property that reflects a security level lower than the requirements of the stated `SecurityProfile`. | ||
| The claim MAY contain one or more values represented by members of `SecurityGuarantee` subclasses. | ||
| For a comprehensive list, see https://international-data-spaces-association.github.io/InformationModel/docs/index.html#SecurityGuarantee. | ||
|
|
There was a problem hiding this comment.
The info model will have to be updated in a number of ways to comply with the current certification proceedings.
There was a problem hiding this comment.
Should we continue maintaining this opportunity for security guarantees extending the trustLevel?
@mokamhuber Do will still have such an extension concept?
There was a problem hiding this comment.
The "official" certification levels for components:
https://github.com/International-Data-Spaces-Association/IDS-RAM_4_0/blob/main/documentation/4_Perspectives_of_the_Reference_Architecture_Model/4_2_Certification_Perspective/4_2_4_Component_Certification.md
So we have trust level 1-3 and assurance Level 1-3.
We can just keep the security profile as an option for future use.
No, according to @ssteinbuss it is still relevant. |
|
@ssteinbuss How can we proceed from here? This has been stale for a while now. |
|
We will discuss in the next Working Group meeting in September |
Work in progress.
Definition of requirements and properties of connector identities.