[kwlug-disc] Ontarians are getting digital ID this fall: All you need to know

[Mikalai Birukou]

>> https://www.itworldcanada.com/article/ontarians-are-getting-digital-id-this-fall-all-you-need-to-know/458633

I'll draw your attention in this article to mentioning of OpenID 
identity provider, v2. Looking at 
https://openid.net/specs/openid-connect-self-issued-v2-1_0.html section 
12.2.1 is called "Selective disclosure and un-linkable presentations":

"""

Usage of decentralized identifiers does not automatically prevent 
possible RP correlation. If a status check of the presentation is done, 
IdP / SIOP correlation can occur.

Consider supporting selective disclosure and un-linkable presentations 
using zero-knowledge proofs or single-use credentials instead of 
traditional correlatable signatures.

"""

Basta! Already smells like tracking everything with digital id.


Every time you open https site, you are a relying party. Did you have to 
register with an identity provider to check cert for domain name? No, 
you didn't. We are relying on root certificates.

Clerk is not calling government issuing office every time she checks my 
driver's id now. In fact, she isn't registered as a relying party. My 
use of id with her stays between us.


> >From the article:
>
> ----
>
> First, the holder requests a digital ID and goes through an ID proving
> process to establish their identity. Once the ID requirements are
> satisfied, the issuer will create a digital ID credential, issue it to
> the holder and publish the public cryptographic keys associated with
> that digital ID to the verifiable data registry, which uses
> distributed ledger technology, the provincial government explained.
>
> ----
>
> Did you catch that? "distributed ledger technology"? For some reason
> our digital ID needs a blockchain even though the Ontario government
> is the single source of trust? Sigh.
>