Re: The SSI protocols challenge [Was]: W3C DID Core 1.0 enters Candidate Recommendation stage from Adrian Gropper on 2021-03-22 (public-credentials@w3.org from March 2021)

From: Adrian Gropper <agropper@healthurl.com>
Date: Mon, 22 Mar 2021 16:27:49 -0400
To: Drummond Reed <drummond.reed@evernym.com>
Cc: David Chadwick <D.W.Chadwick@kent.ac.uk>, Credentials Community Group <public-credentials@w3.org>
Message-ID: <CANYRo8jA8gm+mrpdo92k8q1KLd0EUftvinE43kfTt3W9AMT5tg@mail.gmail.com>

On Mon, Mar 22, 2021 at 3:28 PM Drummond Reed <drummond.reed@evernym.com>
wrote:
<SNIP>

> Of course neither can prevent correlation in the verifier requires that
> the holder reveal a correlating identifier, such as a government ID number,
> but at least that is *intentional* and *explicit* correlation, not
> unintentional implicit correlation using the underly VC mechanics.
>
> What about the case where a credential has a photo in the middle of a QR
code? The QR code includes a hash of the photo so that anyone that chooses
to apply a public template and hash to the photo can verify. Each QR code
might use a slightly different photo that is still recognizable to the
verifier but the hash would be different to avoid correlation. This would
have to be paired with strict rules about verifiers saving the photo.

Adrian

Received on Monday, 22 March 2021 20:28:15 UTC