Re: [EXTERNAL] [jfraichot@learningmachine.com] Re: VC formats from Kim Hamilton on 2024-03-20 (public-credentials@w3.org from March 2024)

From: Kim Hamilton <kimdhamilton@gmail.com>
Date: Wed, 20 Mar 2024 11:11:06 -0700
To: Julien Fraichot <Julien.Fraichot@hyland.com>
Cc: Christopher Allen <ChristopherA@lifewithalacrity.com>, Kaliya Identity Woman <kaliya@identitywoman.net>, Orie Steele <orie@transmute.industries>, "W3C Credentials CG (Public List)" <public-credentials@w3.org>
Message-ID: <CAFmmOzdUet73PvsC+ZcFpzK_AHmsYeLp0gQYTEwynS=qkJdmzQ@mail.gmail.com>

Good catch Julien. You are right.

On Wed, Mar 20, 2024 at 10:45 AM Julien Fraichot <Julien.Fraichot@hyland.com>
wrote:

>
>    -  selective disclosure in SD-JWT/CWT/ecdsa-sd/mDoc is that only the
>    issuer can choose what fields are selectively disclosable
>
>
>
> So not to add more confusion in a confused premise, I don’t think that’s
> entirely true, at least in ecdsa-sd with which I’ve recently played. While
> some fields are deemed mandatory by the issuer, provided the
> wallet/selective disclosure UI offers the possibility of selecting fields,
> the holder has total control over which fields can be selectively disclosed.
>
>
>
>
>
> *From: *Christopher Allen <ChristopherA@lifewithalacrity.com>
> *Date: *Wednesday, 20 March 2024 at 06:22
> *To: *Kim Hamilton <kimdhamilton@gmail.com>
> *Cc: *Kaliya Identity Woman <kaliya@identitywoman.net>, Orie Steele
> <orie@transmute.industries>, W3C Credentials CG (Public List) <
> public-credentials@w3.org>
> *Subject: *[EXTERNAL] [jfraichot@learningmachine.com] Re: VC formats
>
> *CAUTION: *This email originated from outside of Hyland. Do not click
> links or open attachments unless you recognize the sender and know the
> content is safe.
>
>
>
> On Tue, Mar 19, 2024 at 8:20 PM Kim Hamilton <kimdhamilton@gmail.com>
> wrote:
>
> That comparison matrix is gold, thanks! Spice isn’t there but that did
> come after IIW.
>
>
>
> There’s a lot in there and it seems a bit overwhelming. However I think
> most of us are necessarily abstracting away from this level, assuming a
> multi-model/format/etc world, to focus on business value, other aspects of
> the ecosystem, etc.
>
>
>
> As that happens, I think communities like this can play an important role
> in facilitating understanding of impact of these differences on people.
> Exciting stuff ahead!
>
>
>
> Kim,
>
>
>
> I also want to make it clear that Gordian Envelope is somewhat at a
> different layer than the other examples (SD-JWT, SD-CWT, ecdsa-sd, mDoc) in
> that it is more generalized to be useful for any authenticated data, in
> particular data at rest, and thus is not solely for credential data. Its
> focus is more on data minimization, and can be used for health-care data,
> AI foundation models, business data, other forms of PII, etc. Gordian
> Envelope can be used for credentials as well, but right now there is no
> funding to make it aligned with VCDM. Should be possible, but you lose some
> of the privacy benefits that allows any holder (not just subject-holder,
> but any holder) more choices for what to selectively disclose, or
> selectively correlate (another useful property!).
>
>
>
> One my concerns with selective disclosure in SD-JWT/CWT/ecdsa-sd/mDoc is
> that only the issuer can choose what fields are selectively disclosable,
> which IMHO they will only do if it is in their interest, which may not
> necessary be the interest of the subject, or other holders (for instance,
> an employer holding a employee subject credentials may have other needs to
> elide that are different than the issuer and the subject). One particular
> consequence of this is that there may be very few fields in a credential
> that are selectively disclosable. Combined with various approaches for
> "holder binding", things become even more challenging. There are also some
> questions about when it is appropriate to do BBS to also anti-correlate
> signatures — there are cases where it might not make sense. No easy
> solutions!
>
>
>
> -- Christopher Allen
>
>
> ----------------------------------------- Please consider the environment
> before printing this e-mail -----------------------------------------
>
> CONFIDENTIALITY NOTICE: This message and any attached documents may
> contain confidential information from Hyland Software, Inc. The information
> is intended only for the use of the individual or entity named above. If
> the reader of this message is not the intended recipient, or an employee or
> agent responsible for the delivery of this message to the intended
> recipient, the reader is hereby notified that any dissemination,
> distribution or copying of this message or of any attached documents, or
> the taking of any action or omission to take any action in reliance on the
> contents of this message or of any attached documents, is strictly
> prohibited. If you have received this communication in error, please notify
> the sender immediately by e-mail or telephone, at +1 (440) 788-5000, and
> delete the original message immediately. Thank you.
>

Received on Wednesday, 20 March 2024 18:11:23 UTC