Jan Camenisch, Ioannis Krontiris, Anja Lehmann, Gregory Neven, Christian Paquin, Kai Rannenberg, and Harald Zwingelberg
The goal of ABC4Trust is to address the federation and interchangeability of technologies that support trustworthy yet privacy-preserving Attribute-based Credentials (ABC). Towards this goal, one of the main objectives of the project is to define a common, unified architecture for privacy-ABC systems to allow comparing their respective features and combining them on common platforms. The first version of this architecture is described in the deliverable at hand. Its main contribution is the specification of the data artifacts exchanged between the implicated entities (i.e. issuer, user, verifier, revocation authority, etc.), in such a way that the underlying differences of concrete Privacy-ABC implementations are abstracted away through the definition of formats that can convey information independently from the mechanism-specific cryptographic data. It also defines all technology-agnostic components and corresponding APIs a system needs to implement in order to perform the corresponding operations, i.e. to process an obtained issuance/presentation policy, perform the selection of applicable credentials for a given policy or to trigger the mechanism-specific generation of the cryptographic evidence. How Privacy-ABCs can be applied in existing identity protocols and frameworks such as WS-*, SAML, OpenID, OAuth and X.509 and how Privacy-ABCs can help to alleviate some of the security, privacy and scalability issues of these protocols is also discussed.
Available from https://abc4trust.eu/index.php/pub/107-d21architecturev1