New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add content to section on selective disclosure #53
Conversation
index.html
Outdated
Selective disclosure is a technique that enables the sender of a pre-signed | ||
message to reveal parts of the message without revealing the entire message. For | ||
example, selectively disclosing a digital driver's license for the purposes of | ||
renting a car might involve the entity presenting the license to only reveal the | ||
issuing authority, license number, birthday, and authorized motor vehicle class. | ||
Note that in this case, the license number is correlatable information that is | ||
being shared but some amount of privacy is still being preserved because the | ||
driver's full name and address are not being shared. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Selective disclosure is a technique that enables the sender of a pre-signed | |
message to reveal parts of the message without revealing the entire message. For | |
example, selectively disclosing a digital driver's license for the purposes of | |
renting a car might involve the entity presenting the license to only reveal the | |
issuing authority, license number, birthday, and authorized motor vehicle class. | |
Note that in this case, the license number is correlatable information that is | |
being shared but some amount of privacy is still being preserved because the | |
driver's full name and address are not being shared. | |
Selective disclosure is a technique where the sender of a pre-signed | |
message reveals only parts of the whole message without the receiver | |
losing confidence in their authenticity. For example, one might selectively | |
disclose a digital driver's license for the purpose of renting a car. This could | |
involve revealing only the issuing authority, license number, birthday, and | |
authorized motor vehicle class from the license. Note that in this case, the | |
license number is correlatable information, but some amount of privacy | |
is preserved because the driver's full name and address are not shared. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Hmm, "without the receiver losing confidence in their authenticity" is a little unclear to me. Perhaps something like "....reveals only parts of the whole message without the receiver losing confidence in the authenticity of the parts"
or "....reveals only parts of the whole message while maintaining confidence in the authenticity of each of the parts"
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
fwiw, I prefer Ted's suggestion over this one
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
index.html
Outdated
example, selectively disclosing a digital driver's license for the purposes of | ||
renting a car might involve the entity presenting the license to only reveal the | ||
issuing authority, license number, birthday, and authorized motor vehicle class. | ||
Note that in this case, the license number is correlatable information that is |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
the correlation message is important. I know there are selective disclosure schemes which are correlation-resistant, such as https://github.com/decentralized-identity/crypto-wg/blob/main/work_items/spartan_zkSNARK_signatures.md -- maybe some language noting that this capability is implementation specific and correlation is a separate problem to solve for?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
would should also add language that notes that there are cases involving selective disclosure to meet need to know requirements, but that also require correlation - for example inspection results related to a shipment - the shipment id or lot number is correlatable, and must be for regulatory means, but you may wish to selectively release just the pass/fail result, rather than the details of the inspection to certain parties
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@decentralgabe I added language pointing to the section on unlinkability to address your concern in 355186b.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@decentralgabe I added language pointing to the section on unlinkability to address your concern in 355186b.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
index.html
Outdated
</p> | ||
|
||
<p> | ||
Selective disclosure is a technique that not all cryptosuites provide. It is |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
what do you think about a note mentioning that not only does the creator of the initial message needs to utilize this capability, but the holder (receiver) needs to support it too (in a wallet, or however they may receive it), and also any potential verifiers -- or is this implied?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Done in c238ace.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Will need another read-over after the suggestions above have been acted upon.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
generally approve - we will want to update and PR again after some of the suggestions are covered - especially around correlation and selective disclosure
index.html
Outdated
example, selectively disclosing a digital driver's license for the purposes of | ||
renting a car might involve the entity presenting the license to only reveal the | ||
issuing authority, license number, birthday, and authorized motor vehicle class. | ||
Note that in this case, the license number is correlatable information that is |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
would should also add language that notes that there are cases involving selective disclosure to meet need to know requirements, but that also require correlation - for example inspection results related to a shipment - the shipment id or lot number is correlatable, and must be for regulatory means, but you may wish to selectively release just the pass/fail result, rather than the details of the inspection to certain parties
Probably need to mention that some requirements around selective disclosure include that if a property is to be disclosed an accompanying property must also be disclosed. (not sure of the term/wording for something like this) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
would like ted's intro added.
4994c5b
to
70a88f3
Compare
55bf768
to
854a003
Compare
@mkhraisha wrote:
Done in 6b48a93. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thanks for managing all of the suggestions people have made here! Approved with... a few more suggestions. :)
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
thanks for the changes Manu, this looks good.
5ddec64
to
6a02ab7
Compare
Co-authored-by: Ted Thibodeau Jr <tthibodeau@openlinksw.com>
Co-authored-by: Ted Thibodeau Jr <tthibodeau@openlinksw.com>
Co-authored-by: Dave Longley <dlongley@digitalbazaar.com>
Editorial, multiple reviews, changes requested and made, no objections, merging. |
This PR adds content to the section on selective disclosure.
Preview | Diff