- From: Dave Longley <dlongley@digitalbazaar.com>
- Date: Tue, 3 Jan 2017 13:53:35 -0500
- To: Phil Archer <phila@w3.org>, Credentials Community Group <public-credentials@w3.org>
On 12/30/2016 05:42 AM, Phil Archer wrote: > Dear all, > > Can I ask this group for a view on U-Prove [1] please? In particular, > the privacy aspects that appear to be superior to the architecture > proposed for the VCWG. The issue boils down to trackability. > > Thanks The quick answer is that the VCWG data model/syntax is signature/tokenization scheme agnostic. We've looked at U-Prove and don't yet see a reason why it can't be compatible with the data model and syntax work we've proposed. U-Prove attribute values must be transmitted (in addition to U-Prove tokens) when selectively disclosing and verifying and the format recommended by the VCWG could be used here. Also, there's nothing in the proposed architecture that prohibits the use of similar unlinkability/untrackability characteristics as in U-Prove. For example, the proposed data model does not require long-lived or cross-domain identifiers. They may be randomly generated, blind-signed, or even non-existent in some cases. The model also does not prohibit the use of one-per-credential/token, blind-signed public keys. There has been significant discussion of privacy considerations in this group (some documented here [1]) and during Rebooting Web of Trust Workshops that representatives from this group have attended. Furthermore, the use cases covered by the VCWG include but extend beyond simple pseudonymity scenarios such as proof-of-age. There are other cases where stronger identity is required and where U-Prove's additional (cryptographic and otherwise) complexity may not provide sufficient benefit to justify its use. We're not presently taking a strong stance on signature mechanisms used to secure verifiable claims. There is an expectation, however, per the charter, that some mechanisms will be recommended by the WG after careful consideration of the available technologies and use cases. In short, we believe that the VCWG work is not competitive with U-Prove but complimentary. 1. https://opencreds.github.io/vc-data-model/#privacy-considerations -- Dave Longley CTO Digital Bazaar, Inc. http://digitalbazaar.com
Received on Tuesday, 3 January 2017 18:54:03 UTC