Comments (6)
On the contrary, short lived non-revocable claims can be more privacy preserving than long lived revocable ones, since the inspector does not have to contact the issuer to retrieve revocation information.
from vc-data-model.
On the contrary, short lived non-revocable claims can be more privacy preserving than long lived revocable ones
The frequency of use is related to #14, so it's still an issue.
does not have to contact the issuer to retrieve revocation information
Doesn't this assume centralized revocation lists? This isn't an issue for decentralized/TTP revocation lists, right?
from vc-data-model.
Correct, providing the user community is large enough. It each issuer only has a couple of users, and the dozen issuers issue very different types of credential, then it would still be possible to infer which user contacted which inspector.
from vc-data-model.
Expiry times need to be considered in context and based on privacy engineering principles. Here's a sequence that illustrates the design and use of a highly dynamic claim:
- Issuer public key is posted securely (DNS-CERT, DID)
- Dynamic claim example is a prescription
- Claim expires in minutes or has revocation method (anyone can spend coin)
- Subject ID may be single-origin (DID)
- Issuer verifies subject identity and stores it locally for records retention purposes
- IFF surveillance is required, issuer reports index property (License #) to auditor
- IFF verified ID is required, a subject index property is included (License #)
- Subject presents dynamic claim to inspector (pharmacy)
- IFF verified ID is required, inspector verifies identity and index property (License #)
- Inspector checks claim expiry and revocation method
- IFF surveillance is required, inspector reports index property (License #) to auditor
- Inspector delivers prescription to subject.
The sequence above illustrates the privacy engineering considerations around verifiable claims. Privacy is enhanced when:
- the issuer uses a convenient and secure signature verification method
- the issuer is willing to provide a claim on-demand (via an API)
- the subject can specify the expiration time (within limits set by law or inspector))
- the subject can conveniently provide any DID
- the issuer is willing to take responsibility for subject identity verification so the inspector doesn’t need to do that
- the claim uses a globally unique index property rather than probabilistic matching
- the issuer supports a privacy-preserving revocation method
- the inspector offers to not store subject identity even if they verify it
- if surveillance is required, it is done transparently to the subject so they can see errors
from vc-data-model.
@agropper This is useful, but we need to focus on item number 3 in your list, along with bullet item 2 and 3 in the list that is bulleted.
In short, we need 2-3 paragraphs only talking about highly dynamic claims and when it's a good idea to use them. We may not want to explain a full use case, as you've done above. Can you take what you've written above and write something that is more of the form here: #6 (comment)
from vc-data-model.
Highly dynamic information is subject to either short expiry or revocation lists. To avoid traffic analysis that would reveal to the issuer when or how a claim is being used, the issuer’s API could allow the subject to request the expiry time, within whatever parameters the issuer supports. Alternatively, the issuer could support a revocation mechanism that does not leak information when the revocation list is checked by an inspector.
For example, if an insurance company or employer benefits manager system offers an API for a prescription rebate coupon to a subject, the subject may not want that issuer to know which pharmacy dispensed the prescription and at what time. The coupon revocation list would be maintained by the prescriber who could also aggregate rebate payments to avoid analysis of coupon use by the issuer.
In another example, the subject might not want the prescriber to know if a rebate coupon was used at the pharmacy as inspector. In that case, the prescription claim issued by the prescriber would be presented together with a separate rebate claim issued by the benefits manager. The rebate claim would have a short expiry time and the decision to use a rebate or not would be entirely with the subject who might prefer to pay cash to avoid leakage of insurance information to the prescriber.
from vc-data-model.
Related Issues (20)
- Specify that it is important to validate the `issuer` value HOT 8
- Specify what kind of processing is safe on a returned document HOT 21
- Ensure `credentialStatus` `id` field is optional HOT 5
- Verifying a VC should return the same credential regardless of the verification method HOT 3
- Clarify embedded proof extension point HOT 3
- phrasing and/or punctuation for input "inputBytes or inputDocument and inputMediaType" needs work HOT 4
- reconsider `@id` for `mediaType` term HOT 17
- Does the specification need a normative "Credential Type Specifications" section? HOT 5
- (editorial) "bitstring" vs "bit string" HOT 1
- `Type-Specific Credential Processing` is better phrasing than `Credential Type-Specific Processing` HOT 2
- Backtick characters in Internationalization / Language examples HOT 2
- typo in Terms of Use HOT 2
- Support of SHACL Schema in Version 2.0 HOT 4
- "…" as a term name in the context file? HOT 2
- Unnecessary direction attribute? HOT 12
- EnvelopedVerifiablePresentation missing in data model HOT 5
- first example contains an http url identifying a credential HOT 5
- Remove at risk issue markers for property extension points. HOT 1
- What does the hash values in §B.2 mean? HOT 4
- Proposal: remove ambiguity and asymmetry as it relates to subject identifiers HOT 7
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from vc-data-model.