Re: Data Minimisation (was Re: [AGENDA] W3C Credentials Community Call - 18 July 2017 12pm ET) from David Chadwick on 2017-07-25 (public-credentials@w3.org from July 2017)

From: David Chadwick <D.W.Chadwick@kent.ac.uk>
Date: Tue, 25 Jul 2017 08:46:50 +0100
To: Manu Sporny <msporny@digitalbazaar.com>, Christopher Allen <ChristopherA@blockstream.com>, Kim Hamilton Duffy <kim@learningmachine.com>
Cc: "W3C Credentials CG (Public List)" <public-credentials@w3.org>, "W3C Digital Verification CG (Public List)" <public-digital-verification@w3.org>
Message-ID: <c6fff448-0318-85e1-685d-af1f624760d4@kent.ac.uk>

On 24/07/2017 15:37, Manu Sporny wrote:
> On 07/23/2017 12:16 PM, David Chadwick wrote:
>> Why doesn't the issuer simply issue each VC containing one attribute 
>> only?
> 
> This is the approach that Digital Bazaar has taken, and the one that we
> have modelled the Verifiable Claims Data Model spec after. The upside
> with this approach is that it doesn't require advanced cryptography to
> accomplish.
> 
>> This will actually cater for the vast majority of VCs (such as club 
>> memberships, credit cards etc). For those complex VCs that do require
>> several attributes as a group, such as driving licence, passport etc,
>> then the issuer can issue a set of VCs, each containing one attribute
>> from the group, plus a group attribute that contains a random number
>> allowing the holder/subject to release one, two or more attributes as
>> a set, and proving that they all belong to the same set as the group
>> attribute is the same in each VC.
> 
> This is an interesting approach, why the random number... unless what
> you're doing is a bearer token, at which point the random number makes
> sense. For non-bearer tokens, we just use the Subject ID as the binding
> identifier.

The reason is that one issuer may issue two or more complex attributes
e.g. The university of kent issues:
Staff member in dept of computing
PG Student in dept of economics

If it issued single attributes it would issue 4 VCs
Staff member
Student
Dept Computing
Dept Economics

and then the holder could release Staff member and Dept of Economics to
a relying party, which would be false.

If every VC contained a single attribute and the group ID (this is
necessary so that RPs cannot tell the difference between a single
attribute and a more complex one) then the RP can easily link together
the components of a complex attribute.

BTW, this case applies to passport holders who today might be issued two
passports by the same government e.g. one for travel to Israel, and one
to Arab countries.

regards

David

> 
> -- manu
>

Received on Tuesday, 25 July 2017 07:47:15 UTC