Atomize information for principle of least authority #7
Assignees
Labels
privacy-tracker
Group bringing to attention of Privacy, or tracked by the Privacy Group but not needing response.
Milestone
Comments
msporny
added
editorial
|
Manu, what do you mean by "issue abstract claims alongside actual data"? |
|
@talltree, I would guess that means when issuing, for example, a Passport credential with a birthdate (actual data), also issue a Proof of Age credential with an "age over 21" abstract claim. |
|
Perhaps the spec should go even further than this, and say that when issuing credentials, if it not technically possible for the user to selectively reveal single attributes (claims) from the credential, then the issuer should issue a set of credentials, each credential containing a single attribute (claim) only. The user may then aggregate these as necessary and as required by the inspector |
|
@David-Chadwick Yes, we will want to make a note of that in the privacy section. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
We should include information in the spec that states that when issuing information, one should issue it in the smallest pieces possible. When requesting information, only ask for the data points that you need. Issue abstract claims alongside actual data when possible.
The text was updated successfully, but these errors were encountered: