Service Provider Accreditation with Attribute Constraints

posted in #eID & eSignature on the 29.04.2024

In credential-based authentication systems, users transmit personally identifiable and potentially sensitive data to Service Providers (SP; also called Relying Parties, RP). In doing so, users often must rely on the assumption that they are communicating with a legitimate Service Provider and trust that the SP has a legitimate reason for requesting all the attributes about the user. In the event of data misuse, it can be difficult to identify and hold the SP accountable. One solution to this is to implement mutual authentication before transferring sensitive data. To fully authenticate a SP and establish trust in it, the SP gets accredited by a party trusted by all users. To ensure that the SP can only access data based on a legal basis, these accreditations are combined with a set of access constraints, i.e., a policy that restricts the queryable data.

The motivations for this work are privacy demands as well as legal requirements (e.g., GDPR: Article 5 “Personal data shall be collected for specified, explicit and legitimate purposes”, Article 6 “Processing shall be lawful only if […] processing is necessary”).

This project aims to analyze the accreditation of service providers, focusing on limiting the attributes that an SP can request from a user based on provided evidence of the reason for the request.
This report also discusses enforcement of pseudonym-support by SPs. Further, the report incorporates privacy-enhancing measures into the constraints, such as limiting executable zero-knowledge predicates.