8.1. Introduction

Today, authentication massively relies on digital signature mechanisms that act as real electronic stamps, as we saw in Chapter 2. Each of us uses these on a daily basis, whether browsing the Internet, paying by credit card or presenting official documentation with an electronic chip (passport, etc).

This approach modeled on traditional authentication methods (handwritten signatures, stamps, etc.) forms the implicit hypothesis that the problems of the real and digital worlds are the same. A simple example illustrates the limits of this reasoning. When going to the checkout, presenting the ID card to verify one’s age does not create too many worries, since it is reasonable to think that the cashier will not keep hold of all the information contained in the ID card for tracing purposes or for other processes. This hypothesis unfortunately does not hold in the digital world where each piece of data is generally held automatically. In particular, it is legitimate to think that the same customer would have more qualms about sending a copy of their ID card via the Internet to access, for example, a website with adult-only content.

This example demonstrates two essential needs that we encounter in many cases of use that require authentication. There is first of all the need to limit the information revealed only to what is strictly necessary. When a person has to prove that they are an adult, it is ...