Skip to main content

Secure Patterns for Internet CrEdentials (SPICE)
bofreq-prorock-secure-patterns-for-internet-credentials-spice-00

The information below is for an older version of this BOF request.
Document Type Proposed BOF request Snapshot
Title Secure Patterns for Internet CrEdentials (SPICE)
Last updated 2023-09-01
State Proposed
Editors
Responsible leadership
Send notices to (None)
bofreq-prorock-secure-patterns-for-internet-credentials-spice-00

Name: Secure Patterns for Internet CrEdentials (SPICE)

Description

There is a need to more clearly document verifiable credentials - that is credentials that utilize the issuer, holder, and verifier (three party) model across various work IETF, ISO, W3C, and other SDOs. This need particularly arises in use cases for verifiable credentials that do not involve human-in-the-loop interactions, need strong and long lived identifiers for business entities, and for those that require CBOR encoding, and those that leverage the cryptographic agility properties of COSE. Based on these use cases, there is a need to clearly define message formats and supporting mechanisms. Additionally, multiple groups at the IETF need a clear definition for what architectures might exist and should be leveraged for certain use cases related to credentials following this three party model, and to identify where there are gaps or new architectural concepts that need to be defined.

By ensuring that we cover those topics and directly point to appropriate standards developed in other groups at IETF and elsewhere, we can also help avoid the re-creation of existing items and re-introduction of security concerns that have already been dealt with in broadly deployed and well-understood standards.

This work will answer the need for a common set of language for use in describing broader concepts related to the use of verifiable credentials with the three-party model (issuer, holder, verifier) with optional selective disclosure, external status representation, and other privacy-focused capabilities within a variety of credential presentation scenarios, while ensuring that adequate review from across the IETF / IRTF occurs for this work.

Required Details

Information for IAB/IESG

To allow evaluation of your proposal, please include the following items:

Agenda

Problem Statement (30 min)

  • Problem Area and introduction to verifiable credentials
  • Known Use Cases
  • How is SPICE related to other IETF Work

Scope and Proposed Work Items (45 min)

  • SPICE Use Cases Documentation
  • Selective Disclosure with CWTs
  • Architecture
  • Other Items that might be considered for inclusion in this group

Discussion (45 min)

  • Is the IETF the right place to do this work?
  • Which organizations and SDOs need to be involved/collaborated with?
  • What are the expected technical challenges?
  • Is there interest in implementing such specifications?
  • Is the technology likely to get deployed?
  • Is there enough interest in helping with the work (spec editing, reviewing, implementing, deploying)?