Episode 098: 03‐25‐2025 Eclipse Decentralized Claims Protocol - GluuFederation/identerati-office-hours GitHub Wiki
Title: Eclipse Decentralized Claims Protocol
-
Host: Mike Schwartz, Founder/CEO Gluu
-
Guest: Peter Koen, Principal Cloud Standards Architect at Microsoft
-
Guest: Jim Marino, founder of Metaform Systems
Description
The Eclipse Decentralized Claims specification defines "Dataspaces" which enable participants to secure data access using credentials associated with an identity. The specification defines a set of protocols for asserting participant identities, issuing verifiable credentials, and presenting verifiable credentials using a decentralized architecture for verification and trust. Is this an example of TBAC? Join the discussion to find out!
Homework
- Dataspaces Peter recommends to skip the intro and peruse the functional requirements.
- Decentralized Claims Protocol Latest Draft
- Decentralized Claims Protocol Github Home
Takeaways
-
⚡ The Eclipse Decentralized Claims Protocol will help organizations share data by specifing a protocol for organizations to request credentials from an issuer, and to create derivative self-issued identity tokens, presented as Verifiable Credentials. Note: these are organizational credentials -- not human-person credentials. The use of Verifiable Credentials enables the Holder to present a token to any number of Verifiers without disclosing the relationship to the issuer.
-
⚡ Previous identity federations (e.g. Higher Ed, Open Banking) are two party: issuer and verifier. The federations conceived by the Eclipse Decentralized Claims Protocol will be the first federations to address a three party issuer-verifier-holder trust model. The holder is the org that wants data; the verifier is the org that holds the data; the issuer is verifying the trust-worthiness of the holder.
-
⚡ People have digital wallets on their phone. But what is an "organization wallet"? Isn't that an IDP? For example, an IDP already mints signed JWTs based on protected private keys.
-
⚡ Peter equates JWTs with "evidence." TBAC seems to align with their security model, because they envision complex policy evaluations based on a bunch of evidence.
-
⚡ This wasn't in the livestream, but this ecosystem is inclined to use the ORDL policy syntax, which is not safe, because it cannot be verified by static analysis like Cedar. Too bad in an ecosystem where secure data sharing is the goal, they are using an insecure policy syntax.