🛒Sharing OIDC Users Securely

In order to showcase the OIDC (Open ID Connect) Login use case, ShopSphere, and Krisna Bali serve as hypothetical representations for the roles of Data Issuer and Proof Verifier, respectively. It's crucial to state that all underlying components, such as the alliance partnership, ShopSphere and Krisna's authentication systems, and any other related artifacts, are purely hypothetical and fictitious, created solely for the objective of demonstration.

Background

In a strategic effort to accelerate revenue growth, the Krisna Bali store has entered into a strategic alliance with ShopSphere, a foremost player in the national online retail landscape. This collaboration offers a compelling advantage to customers of Krisna who also maintain ShopSphere accounts; they become eligible for up to a 10% discount on select items showcased on Krisna's online platform.

While there are additional facets and details to this partnership, the primary focus of this document is to elaborate on the technical aspects surrounding the login integration between Krisna and ShopSphere. The objective is to enable Krisna's backend server to validate whether a Krisna customer user also maintains an active ShopSphere account.

Integration Challenges

Merging the distinct user ecosystems of ShopSphere and Krisna presented a complex set of engineering hurdles. ShopSphere utilizes the industry-standard OpenID Connect (OIDC) for authentication, while Krisna employs a proprietary login system with its own dedicated user database. These two systems are inherently divergent and incompatible.

A seemingly straightforward integration strategy would be for Krisna to utilize the OIDC ID tokens from ShopSphere to confirm the identity of a mutual customer, cross-referencing their full name and date of birth. However, this raised justifiable security concerns, particularly from ShopSphere's Vice President of Engineering, about the ramifications of sharing ID tokens containing sensitive customer information with external parties. The concern is further validated by recent security incidents targeting the OAuth protocol, which is integral to OpenID Connect (OIDC), underscoring the importance of implementing robust security measures when sharing ID tokens.

The fundamental requirement for Krisna isn't necessarily accessing the ShopSphere's ID tokens but rather a secure and authenticated assertion that a user, identifiable by their full name and date of birth, is an active ShopSphere account holder. To overcome this challenge, both parties adopted the zkPass Proof-as-a-Service framework. This solution enables the secure, privacy-preserving verification of user credentials, thereby satisfying both parties' technical and security requirements.

Eligibility Criteria for the 10% Discount

To be eligible for the 10% discount on items sold in the Krisna store, a Krisna user account must also have an account with the ShopSphere system. In other words, the “ShopSphere Account Holder” requirement must be defined to determine if the two separate accounts actually belong to the same individual. The user must be able to log in to ShopSphere and Krisna stores, and user attributes of the two user accounts are compared with the following criteria:

  • The first name and last name must match

  • The driver's license number must match

Objectives of “ShopSphere Account Holder” Verification

The design of the ShopSphere account holder verification aims to achieve the following objectives:

  • Privacy Protection for ShopSphere Customers In order to safeguard customer data privacy, ShopSphere will not directly transfer any sensitive information to Krisna via its OIDC ID token. Rather, a proof-of-eligibility token, which confirms that the applicant satisfies the predefined “ShopSphere Account Holder” criteria, should be sent to Krisna's backend servers. This approach mitigates the risk of data exposure while maintaining the integrity of the application process.

The objective of this document is to provide a comprehensive blueprint for developing a “ShopSphere Account Holder” verification mechanism that maintains a good balance between operational efficiency, user data privacy, and verifiable query execution. Subsequent sections will delve into the intricate details of the technical architecture, data flow dynamics, and the integration strategies for zkPass.

Insecure Implementation Example

A straightforward but insecure implementation for the “ShopSphere Account Holder” verification system can be done by sharing the ShopSphere’s ID token with Krisna’s backend system. This is illustrated by the following diagram:

As illustrated in the above diagram, in step 10, Krisna's service receives the ShopSphere ID token. At this point, the Krisna service has some level of access to ShopSphere customer profiles defined in the token. This extraneous information is certainly not needed by Krisna service to determine if the user is a ShopSphere account holder.

Last updated