- From: Jeffrey Yasskin <notifications@github.com>
- Date: Tue, 16 Jan 2024 09:40:54 -0800
- To: w3ctag/design-reviews <design-reviews@noreply.github.com>
- Cc: Subscribed <subscribed@noreply.github.com>
- Message-ID: <w3ctag/design-reviews/issues/922/1894211873@github.com>
Note that the PING is also looking at privacy requirements for credentials, at https://github.com/w3cping/credential-considerations, but they're not very far along with the [unlinkability requirements](https://github.com/w3cping/credential-considerations/blob/main/credentials-considerations.md#unlinkable-presentations). (cc/@npdoty) Personally: 1. I agree with Manu that it's important for the technology to at least make it possible to create unlinkable credentials. 1. This review probably isn't the right place to take that position: it belongs on vc-data-model or possibly as an independent finding. 1. The TAG is more credible than the PING in saying something like this, because the TAG has the responsibility to make tradeoffs and to sometimes sacrifice an aspect of privacy if that's the right tradeoff in a particular case. 1. I'm worried that the BBS spec doesn't do enough to help the ecosystem evolve toward actually-unlinkable credentials, since there are lots of linking mechanisms outside of the cryptography: https://github.com/w3c/vc-di-bbs/issues/110. I'm not certain the BBS spec is the right place for this guidance, but I didn't find a better place in the existing specs that are close to CR. -- Reply to this email directly or view it on GitHub: https://github.com/w3ctag/design-reviews/issues/922#issuecomment-1894211873 You are receiving this because you are subscribed to this thread. Message ID: <w3ctag/design-reviews/issues/922/1894211873@github.com>
Received on Tuesday, 16 January 2024 17:41:01 UTC