Authors:
Pierre Saha
1
;
Mohamed Mejri
1
and
Kamel Adi
2
Affiliations:
1
Laval University, Québec, Canada
;
2
University of Quebec in Outaouais, Québec, Canada
Keyword(s):
Verifiable Credentials, Authentication, Privacy, Pruduct Family Algebra, Satisfiability Modulo Theories.
Abstract:
Verifiable Credentials (VC) have become today a de facto digital credentials standard and play an increasingly important role in network exchanges. They often contain a large number of attributes that disclosure could have unfortunate consequences. Formally verifying whether the user can access the requested service and ensuring that their disclosed identity attributes generate the slightest risk, therefore, becomes very important. In this paper, using the product family algebra, we show how the consideration of verifiable credentials can help to easily and formally settle the question of whether a user can access a service and to respect the need-to-know principle. To this end, we propose a translation of product family algebra into first-order Boolean logic and vice versa. We then propose a Boolean equivalence of the product family algebra refinement operation. Using all these tools, we show how the problem of verifying a user’s ability to authenticate, expressed using product fami
ly algebra, easily translates into an SMT problem. In order to guarantee the preservation of privacy and ensure the need-to-know principle, we associate VC attributes with a risk score and show how the question of disclosing the attributes generating the least risk can easily be resolved with Maximum Weighted SMT. So we can easily use the z3 solver to solve these problems in SMT form.
(More)