- From: Adrian Gropper <agropper@healthurl.com>
- Date: Thu, 4 Jan 2018 17:36:03 -0500
- To: Manu Sporny <msporny@digitalbazaar.com>
- Cc: W3C Credentials Community Group <public-credentials@w3.org>
- Message-ID: <CANYRo8jd+u_aYqPi-KfnAj-RpYqgZwgjbVkZhj7RZV=UNZYH_w@mail.gmail.com>
Manu, Before I comment further, it would be useful to have a specific implementation in mind. The IEEE links seem short of being either a use-case or an openly accessible standard. You mentioned one company on today's call. Can you share that or some other example? Adrian On Thu, Jan 4, 2018 at 5:16 PM, Manu Sporny <msporny@digitalbazaar.com> wrote: > On 01/04/2018 12:44 PM, Adrian Gropper wrote: > > Given Mike's comment with respect to biometrics, would we ever want > > a public biometric template in the DID document or is a template > > always proprietary and/or method-specific? > > Let me attempt to clarify the biometrics use case because there seems to > be a fundamental misunderstanding here: > > You should never put private data on a blockchain, EVER... that includes > raw biometric information. That would be akin to publishing your private > key to a blockchain... clearly a terrible idea. > > In order to do safe biometrics with a blockchain you need: > > 1. A system (A) that can produce a non-reversible biometric template. > That is, you can't go from the biometric template to an image of > the person or anything else that can be re-used to trick the > system. > 2. A system (B) that can check a biometric template against input data > (image, interactive video stream, etc.). > 3. A system (C) that is capable of generating input data to system (B). > > System (A) and system (C) can be fully self-sovereign, under the control > of the person represented by the DID. This means that you are also not > handing any of your biometric information over to a 3rd party, you are > in control of your biometrics at any given point in time. > > There are protocols that work like what I describe above (and even most > proprietary protocols work in more or less the same way): > > https://standards.ieee.org/findstds/standard/2410-2015.html > http://grouper.ieee.org/groups/2410/index.html > > In any case, these sorts of biometric templates are safe to put on a > blockchain as long as they have the same qualities as a one-way hash AND > even if they're broken, rotating the template is easy. > > -- manu > > -- > Manu Sporny (skype: msporny, twitter: manusporny, G+: +Manu Sporny) > Founder/CEO - Digital Bazaar, Inc. > blog: The State of W3C Web Payments in 2017 > http://manu.sporny.org/2017/w3c-web-payments/ > > -- Adrian Gropper MD PROTECT YOUR FUTURE - RESTORE Health Privacy! HELP us fight for the right to control personal health data. DONATE: https://patientprivacyrights.org/donate-3/
Received on Thursday, 4 January 2018 22:37:21 UTC