ABC4Trust released today a new heartbeat document H2.1 (download PDF, XML schema) on the architecture that focuses on application developers. In particular, compared to D2.1, this heartbeat removes the details of how the ABCE layer looks internally and gives a simpler and more modular explanation of its functionality. Correspondingly, it presents an updated "external" API that the ABCE layer offers to the application layer, as well as an updated version of the data formats. It also presents some updates in the definition of concepts and features of ABCs. This document takes into account early feedback from the implementation and pilot work packages, and describes the functionality realized by the first reference implementation.
The important differences with deliverable D2.1 are listed below.
- Key binding now replaces and unifies the previous concepts of user binding and device binding. A credential can optionally be bound to at most one secret key. Knowledge of the secret key is required to create a valid presentation token from a key-bound credential and to derive pseudonyms. The secret key could be stored on a trusted device like a smart card, which effectively realizes the previous concept of device binding.
- A list of supported attribute encodings is now included in the document, together with the implications for which predicates can be used in combination with these encodings, and whether the encoded attribute values will be inspectable.
- New issuance data formats and interfaces are introduced to let the user-side ABCE return a description of the newly issued credential, and to let the issuer-side ABCE store the issuance token for future reference, together with all issuer-chosen attribute values of the new credential. In particular, the stored issuance token contains the revocation handle of the issued credential, by means of which the credential can later be revoked so required.
- Human-friendly names for credentials and attributes as well as graphical representations (icons) for credentials have been added to the credential specification. This enables the issuer to pass additional information to the identity selection user interface, so that the user can better understand the different options and so that the issuer can brand its issued credentials with custom images. See Section 4.2.1 for more details.
- Minor XML schema changes to simplify XML parsing in the ABCE.
The next update on the architecture will be in D2.2 which will release the final version. D2.2 will be released in beginning of 2014.