Re: Data Minimisation (was Re: [AGENDA] W3C Credentials Community Call - 18 July 2017 12pm ET)

On 07/23/2017 12:16 PM, David Chadwick wrote:
> Why doesn't the issuer simply issue each VC containing one attribute 
> only?

This is the approach that Digital Bazaar has taken, and the one that we
have modelled the Verifiable Claims Data Model spec after. The upside
with this approach is that it doesn't require advanced cryptography to
accomplish.

> This will actually cater for the vast majority of VCs (such as club 
> memberships, credit cards etc). For those complex VCs that do require
> several attributes as a group, such as driving licence, passport etc,
> then the issuer can issue a set of VCs, each containing one attribute
> from the group, plus a group attribute that contains a random number
> allowing the holder/subject to release one, two or more attributes as
> a set, and proving that they all belong to the same set as the group
> attribute is the same in each VC.

This is an interesting approach, why the random number... unless what
you're doing is a bearer token, at which point the random number makes
sense. For non-bearer tokens, we just use the Subject ID as the binding
identifier.

-- manu

-- 
Manu Sporny (skype: msporny, twitter: manusporny, G+: +Manu Sporny)
Founder/CEO - Digital Bazaar, Inc.
blog: Rebalancing How the Web is Built
http://manu.sporny.org/2016/rebalancing/

Received on Monday, 24 July 2017 14:37:58 UTC