From 1eb49c21d23bc710796cf1209eb4828f6a126688 Mon Sep 17 00:00:00 2001 From: "andrea.vesco" Date: Mon, 13 Nov 2023 15:09:23 +0100 Subject: [PATCH] intro refinements --- draft-vesco-vcauthtls.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/draft-vesco-vcauthtls.md b/draft-vesco-vcauthtls.md index 35332be..e6f11e9 100644 --- a/draft-vesco-vcauthtls.md +++ b/draft-vesco-vcauthtls.md @@ -75,7 +75,7 @@ After that, the node can request a VC from one of the Issuers available in the s The combination of the key pair ($sk, pk$), the DID and at least one VC forms the identity compliant with the SSI model. A node requests access to services by presenting a Verfiable Presentation [VP](https://www.w3.org/TR/vc-data-model-2.0/). The VP is an envelop of the VC signed by the node holding the VC with its $sk$. The verifier authenticates the node checking the authenticity of the VP and the validity and authenticity of the inner VC before granting or denying access to the requesting node. -The current implementations of the authentication process involves the combination of two different identity technologies. A client node estabhlishes a TLS channel authenticating the server node with the server's X.509 certificate. Then the server node authenticate the client node that sends its VP at application layer (i.e. over the TLS channel already established). The mutual authentication with VPs occours when also the server node exchange its VP with the client node again at application layer. +The current implementations of the authentication process run at the Application layer. A client node estabhlishes a TLS channel authenticating the server node with the server's X.509 certificate. Then the server node authenticate the client node that sends its VP at application layer (i.e. over the TLS channel already established). The mutual authentication with VPs occours when also the server node exchange its VP with the client node again at application layer. SSI is emerging as an identity option for Internet of Thing and Edge nodes in computing continuum environments. In this scenarios, (mutual) authentication with VP can be directly done at TLS protocol layer making the the peer-to-peer model of interaction, envisioned by the SSI model, a reality. This document describes the extensions to TLS protocol to support the use of VCs for authentication while preserving the interoperability with TLS endpoints that use X.509 certificates.