Re: Selective Disclosure for W3C Data Integrity from Nis Jespersen on 2023-06-05 (public-credentials@w3.org from June 2023)

From: Nis Jespersen <nis.jespersen@gmail.com>
Date: Mon, 5 Jun 2023 10:39:51 +0200
To: Manu Sporny <msporny@digitalbazaar.com>
Cc: Steve Capell <steve.capell@gmail.com>, Dave Longley <dlongley@digitalbazaar.com>, "John, Anil" <anil.john@hq.dhs.gov>, W3C Credentials CG <public-credentials@w3.org>, Richard Spellman <richard.spellman@gosource.com.au>, Sin LOH <LOH_Sin_Yong@imda.gov.sg>, "Ren KAY (IMDA)" <KAY_Ren_Yuh@imda.gov.sg>
Message-ID: <CABOA8B5xpfcB=HOJ8bCNcTJDkJ=-DSM9Jsk6rf1GB_Q66eiMCA@mail.gmail.com>

> I agree with Richard’s observation that when we stop trying to copy the
> paper then there’s potentially a lot less need for redaction - but I
> suspect we’re in for a longish transition period, particularly for supply
> chain documents like invoices, waybills, and conformity certificates
> Yes, agreed. So, what's going to take more time -- transitioning the
> supply chain industry to rework some of their data formats and then
> get that deployed at scale, OR creating a new cryptographic format and
> getting it standardized at a global level? I don't envy either path.
> :P


Haha! On the first option I'm very conservative wrt
expectations/dependencies on industry to change. Supply chains entail a
very long tail of participants largely unwilling and practically unable to
partake in such ambitions. Common supply chain documents represent one
party's minimum data requirements to attain a well defined milestone; as
clunky as they can feel, they represent logical collections of data.

If you can give us an example of a VC that has the sorts of
> qualities that you feel are important? Perhaps a hundred-plus line
> item invoice, waybill, or conformance certificate? You tell us the
> mandatory disclosure fields and the selectively disclosed ones. That
> would be a good place to start.


The trace-vocab Commercial Invoice credential data model is a good example:
https://w3id.org/traceability/#CommercialInvoiceCredential

And a good use case would be Supplier Masking, redacting:
- The Seller organization, and
- All elements of type PriceSpecification

Nis


On Sun, Jun 4, 2023 at 3:02 PM Manu Sporny <msporny@digitalbazaar.com>
wrote:

> On Sat, Jun 3, 2023 at 9:48 PM Steve Capell <steve.capell@gmail.com>
> wrote:
> > Happy to participate in these tests and calculations
>
> Great, we'll be in touch (via this mailing list) as we put together
> some data models on initial signature size vs. selectively disclosed
> signature size.
>
> > I can see how ecdsa-sd could be sufficient efficient (pending test
> results).
>
> Perhaps. If you can give us an example of a VC that has the sorts of
> qualities that you feel are important? Perhaps a hundred-plus line
> item invoice, waybill, or conformance certificate? You tell us the
> mandatory disclosure fields and the selectively disclosed ones. That
> would be a good place to start.
>
> > How would we address the requirement for any holder along the supply
> chain to redact? Can you see a way to blend the salted hash tree model with
> ecdsa-sd?
>
> Now that is something that ecdsa-sd will almost certainly not be able
> to help w/ in its current form. ecdsa-sd was designed for use cases
> where you're not going to be revealing more than a handful of
> selectively disclosable claims and have no need for downstream Holders
> to have the ability to further redact claims from the original set.
> Others should correct me if I'm wrong here, but you'd probably only be
> able to do that via a salted merkle tree approach (which is why what
> you're talking about is a compelling feature, IMHO).
>
> So, presuming that the salted merkle tree approach is an ecosystem
> requirement, it would be fairly easy to slot it in beside ecdsa and
> ecdsa-sd. We could call it ecdsa-redaction (or hopefully something
> better?). The nice thing about Data Integrity is that it allows these
> different signature mechanism/formats to co-exist with one another
> through the use of cryptographic layering:
>
> https://w3c.github.io/vc-data-integrity/#agility-and-layering
>
> One could call these things "parallel signatures" as well (we're
> looking for feedback from the community on what to name this design
> pattern).
>
> This approach is contrasted with the external proofs approach, where
> each signature is mutually exclusive to the other (unless you put yet
> another wrapper around the signatures, and by doing that, you
> duplicate the data in the signatures). It also creates zero-sum
> outcomes -- you MUST pick either signature mechanism X /or/ Y, because
> you can't choose signature schemes X /and/ Y.
>
> This was most recently experienced by the VCWG in the zero-sum
> discussion regarding VC-JWT, ACDC, and Gordian Envelopes. I'll
> highlight this in an upcoming email about an exciting new convergence
> w/ the AnonCreds v2.0 folks and Data Integrity -- where Data Integrity
> was leveraged to allow us to put to rest a many-year-long conflict
> between the two approaches.
>
> > I agree with Richard’s observation that when we stop trying to copy the
> paper then there’s potentially a lot less need for redaction - but I
> suspect we’re in for a longish transition period, particularly for supply
> chain documents like invoices, waybills, and conformity certificates
>
> Yes, agreed. So, what's going to take more time -- transitioning the
> supply chain industry to rework some of their data formats and then
> get that deployed at scale, OR creating a new cryptographic format and
> getting it standardized at a global level? I don't envy either path.
> :P
>
> One thing is for certain -- these things don't just happen, they take
> concerted effort... and the concerted effort doesn't happen until
> options are put on the table, which is what we're doing with ecdsa-sd
> and Data Integrity, in general.
>
> -- manu
>
> --
> Manu Sporny - https://www.linkedin.com/in/manusporny/
> Founder/CEO - Digital Bazaar, Inc.
> https://www.digitalbazaar.com/
>
>

Received on Monday, 5 June 2023 08:40:10 UTC