Re: [EXTERNAL] [jfraichot@learningmachine.com] Re: VC formats

On third re-read, is this pointing to the distinction between disclosable
and disclosed? I need to check that paragraph again.

On Wed, Mar 20, 2024 at 11:11 AM Kim Hamilton <kimdhamilton@gmail.com>
wrote:

> Good catch Julien. You are right.
>
> On Wed, Mar 20, 2024 at 10:45 AM Julien Fraichot <
> Julien.Fraichot@hyland.com> wrote:
>
>>
>>    -  selective disclosure in SD-JWT/CWT/ecdsa-sd/mDoc is that only the
>>    issuer can choose what fields are selectively disclosable
>>
>>
>>
>> So not to add more confusion in a confused premise, I don’t think that’s
>> entirely true, at least in ecdsa-sd with which I’ve recently played. While
>> some fields are deemed mandatory by the issuer, provided the
>> wallet/selective disclosure UI offers the possibility of selecting fields,
>> the holder has total control over which fields can be selectively disclosed.
>>
>>
>>
>>
>>
>> *From: *Christopher Allen <ChristopherA@lifewithalacrity.com>
>> *Date: *Wednesday, 20 March 2024 at 06:22
>> *To: *Kim Hamilton <kimdhamilton@gmail.com>
>> *Cc: *Kaliya Identity Woman <kaliya@identitywoman.net>, Orie Steele
>> <orie@transmute.industries>, W3C Credentials CG (Public List) <
>> public-credentials@w3.org>
>> *Subject: *[EXTERNAL] [jfraichot@learningmachine.com] Re: VC formats
>>
>> *CAUTION: *This email originated from outside of Hyland. Do not click
>> links or open attachments unless you recognize the sender and know the
>> content is safe.
>>
>>
>>
>> On Tue, Mar 19, 2024 at 8:20 PM Kim Hamilton <kimdhamilton@gmail.com>
>> wrote:
>>
>> That comparison matrix is gold, thanks! Spice isn’t there but that did
>> come after IIW.
>>
>>
>>
>> There’s a lot in there and it seems a bit overwhelming. However I think
>> most of us are necessarily abstracting away from this level, assuming a
>> multi-model/format/etc world, to focus on business value, other aspects of
>> the ecosystem, etc.
>>
>>
>>
>> As that happens, I think communities like this can play an important role
>> in facilitating understanding of impact of these differences on people.
>> Exciting stuff ahead!
>>
>>
>>
>> Kim,
>>
>>
>>
>> I also want to make it clear that Gordian Envelope is somewhat at a
>> different layer than the other examples (SD-JWT, SD-CWT, ecdsa-sd, mDoc) in
>> that it is more generalized to be useful for any authenticated data, in
>> particular data at rest, and thus is not solely for credential data. Its
>> focus is more on data minimization, and can be used for health-care data,
>> AI foundation models, business data, other forms of PII, etc. Gordian
>> Envelope can be used for credentials as well, but right now there is no
>> funding to make it aligned with VCDM. Should be possible, but you lose some
>> of the privacy benefits that allows any holder (not just subject-holder,
>> but any holder) more choices for what to selectively disclose, or
>> selectively correlate (another useful property!).
>>
>>
>>
>> One my concerns with selective disclosure in SD-JWT/CWT/ecdsa-sd/mDoc is
>> that only the issuer can choose what fields are selectively disclosable,
>> which IMHO they will only do if it is in their interest, which may not
>> necessary be the interest of the subject, or other holders (for instance,
>> an employer holding a employee subject credentials may have other needs to
>> elide that are different than the issuer and the subject). One particular
>> consequence of this is that there may be very few fields in a credential
>> that are selectively disclosable. Combined with various approaches for
>> "holder binding", things become even more challenging. There are also some
>> questions about when it is appropriate to do BBS to also anti-correlate
>> signatures — there are cases where it might not make sense. No easy
>> solutions!
>>
>>
>>
>> -- Christopher Allen
>>
>>
>> ----------------------------------------- Please consider the environment
>> before printing this e-mail -----------------------------------------
>>
>> CONFIDENTIALITY NOTICE: This message and any attached documents may
>> contain confidential information from Hyland Software, Inc. The information
>> is intended only for the use of the individual or entity named above. If
>> the reader of this message is not the intended recipient, or an employee or
>> agent responsible for the delivery of this message to the intended
>> recipient, the reader is hereby notified that any dissemination,
>> distribution or copying of this message or of any attached documents, or
>> the taking of any action or omission to take any action in reliance on the
>> contents of this message or of any attached documents, is strictly
>> prohibited. If you have received this communication in error, please notify
>> the sender immediately by e-mail or telephone, at +1 (440) 788-5000, and
>> delete the original message immediately. Thank you.
>>
>