Add content to section on selective disclosure #53
Conversation
msporny
requested review from
TallTed,
dlongley,
brentzundel,
decentralgabe,
mkhraisha and
Sakurann
and removed request for
mprorock
index.html
Outdated
| Selective disclosure is a technique that enables the sender of a pre-signed | ||
| message to reveal parts of the message without revealing the entire message. For | ||
| example, selectively disclosing a digital driver's license for the purposes of | ||
| renting a car might involve the entity presenting the license to only reveal the | ||
| issuing authority, license number, birthday, and authorized motor vehicle class. | ||
| Note that in this case, the license number is correlatable information that is | ||
| being shared but some amount of privacy is still being preserved because the | ||
| driver's full name and address are not being shared. |
There was a problem hiding this comment.
| Selective disclosure is a technique that enables the sender of a pre-signed | |
| message to reveal parts of the message without revealing the entire message. For | |
| example, selectively disclosing a digital driver's license for the purposes of | |
| renting a car might involve the entity presenting the license to only reveal the | |
| issuing authority, license number, birthday, and authorized motor vehicle class. | |
| Note that in this case, the license number is correlatable information that is | |
| being shared but some amount of privacy is still being preserved because the | |
| driver's full name and address are not being shared. | |
| Selective disclosure is a technique where the sender of a pre-signed | |
| message reveals only parts of the whole message without the receiver | |
| losing confidence in their authenticity. For example, one might selectively | |
| disclose a digital driver's license for the purpose of renting a car. This could | |
| involve revealing only the issuing authority, license number, birthday, and | |
| authorized motor vehicle class from the license. Note that in this case, the | |
| license number is correlatable information, but some amount of privacy | |
| is preserved because the driver's full name and address are not shared. |
There was a problem hiding this comment.
Hmm, "without the receiver losing confidence in their authenticity" is a little unclear to me. Perhaps something like "....reveals only parts of the whole message without the receiver losing confidence in the authenticity of the parts"
or "....reveals only parts of the whole message while maintaining confidence in the authenticity of each of the parts"
There was a problem hiding this comment.
fwiw, I prefer Ted's suggestion over this one
index.html
Outdated
| example, selectively disclosing a digital driver's license for the purposes of | ||
| renting a car might involve the entity presenting the license to only reveal the | ||
| issuing authority, license number, birthday, and authorized motor vehicle class. | ||
| Note that in this case, the license number is correlatable information that is |
There was a problem hiding this comment.
the correlation message is important. I know there are selective disclosure schemes which are correlation-resistant, such as https://github.com/decentralized-identity/crypto-wg/blob/main/work_items/spartan_zkSNARK_signatures.md -- maybe some language noting that this capability is implementation specific and correlation is a separate problem to solve for?
There was a problem hiding this comment.
would should also add language that notes that there are cases involving selective disclosure to meet need to know requirements, but that also require correlation - for example inspection results related to a shipment - the shipment id or lot number is correlatable, and must be for regulatory means, but you may wish to selectively release just the pass/fail result, rather than the details of the inspection to certain parties
There was a problem hiding this comment.
@decentralgabe I added language pointing to the section on unlinkability to address your concern in 355186b.
There was a problem hiding this comment.
@decentralgabe I added language pointing to the section on unlinkability to address your concern in 355186b.
index.html
Outdated
| </p> | ||
|
|
||
| <p> | ||
| Selective disclosure is a technique that not all cryptosuites provide. It is |
There was a problem hiding this comment.
what do you think about a note mentioning that not only does the creator of the initial message needs to utilize this capability, but the holder (receiver) needs to support it too (in a wallet, or however they may receive it), and also any potential verifiers -- or is this implied?
index.html
Outdated
| example, selectively disclosing a digital driver's license for the purposes of | ||
| renting a car might involve the entity presenting the license to only reveal the | ||
| issuing authority, license number, birthday, and authorized motor vehicle class. | ||
| Note that in this case, the license number is correlatable information that is |
There was a problem hiding this comment.
would should also add language that notes that there are cases involving selective disclosure to meet need to know requirements, but that also require correlation - for example inspection results related to a shipment - the shipment id or lot number is correlatable, and must be for regulatory means, but you may wish to selectively release just the pass/fail result, rather than the details of the inspection to certain parties
|
Probably need to mention that some requirements around selective disclosure include that if a property is to be disclosed an accompanying property must also be disclosed. (not sure of the term/wording for something like this) |
msporny
force-pushed
the
msporny-pc-unlinkability
branch
from
4994c5b
to
70a88f3
Compare
msporny
force-pushed
the
msporny-pc-sd
branch
from
55bf768
to
854a003
Compare
|
@mkhraisha wrote:
Done in 6b48a93. |
msporny
force-pushed
the
msporny-pc-unlinkability
branch
from
5ddec64
to
6a02ab7
Compare
Co-authored-by: Ted Thibodeau Jr <tthibodeau@openlinksw.com>
Co-authored-by: Ted Thibodeau Jr <tthibodeau@openlinksw.com>
Co-authored-by: Dave Longley <dlongley@digitalbazaar.com>
|
Editorial, multiple reviews, changes requested and made, no objections, merging. |
This PR adds content to the section on selective disclosure.
Preview | Diff