- From: Melvin Carvalho <melvincarvalho@gmail.com>
- Date: Mon, 30 Sep 2013 11:39:17 +0200
- To: Dave Raggett <dsr@w3.org>
- Cc: Manu Sporny <msporny@digitalbazaar.com>, Ricardo Varela <phobeo@gmail.com>, Ben Adida <ben@adida.net>, Web Payments CG <public-webpayments@w3.org>, "Joe Cascio, Jr." <joe.cascio.jr@gmail.com>, Dan Callahan <dan.callahan@gmail.com>, Lloyd Hilaiel <lloyd@mozilla.com>
- Message-ID: <CAKaEYhKSCtoNskF559jqaXATym8u0Q=_o1kqz-_TEqXNURUJGA@mail.gmail.com>
On 30 September 2013 10:46, Dave Raggett <dsr@w3.org> wrote: > In respect to knowing your customer, one approach is to use zero > knowledge proofs. I was part of the EU project PrimeLife which finished a > few years back and worked with IBM on a demo for their identity mixer > technology (idemix). Imagine that a national government issues its citizens > with a smart card attesting to a variety of personal information, e.g. > your name, passport number, date birth, current address, and so forth. > banks and other institutions have trust in the processes used by the > government in providing these national identity cards. > > Now imagine a situation where you want to purchase let's say a box of wine > online, and are required to prove that you are 18 years or older. Idemix > would allow you to provide a crypographic proof backed by your goverment > *without* disclosing your data of birth or your national id number! This is > possible through a zero knowledge proof over expressions of attributes on > the government issued id. > > The approach lends itself to the creation of psuedonymous identities for > specific purposes and minimizes the loss of privacy, unlike conventional > approaches where privacy is not prioritized. Note that the customer's true > identity can be revealed by a court order if required. This involves a > computation to reveal the base identity (your national id in this example). > So your privacy relies on a trusted independent party, which could be part > of the judiciary. > > Idemix is available as an open source java library. My demo was based on > an extension to the Firefox browser and allows web pages running in the > browser to create a new pseudonymous id, and to ask the extension to > authenticate the user and provide a zero knowledge proof that the user owns > that pseudonymous id. The example is for a university where the student > union issues new students with a USB key stick this allows students to make > purchases and to participate in chat sessions without disclosing their > identity. See slide 38 on: http://www.slideshare.net/iwmw/raggett > > Today, customer privacy is a low priority for businesses, who constantly > demand for personal information that they don't need to know. It is almost > a paradox, but STRONG identity can be used to underpin STRONG PRIVACY, > however, this will require concerted action by citizens to overcome the > reluctance of business and governments to do more than the very minimum. > +1 There's also a concept of group membership. "I am a member of the group of people over 18" and that group issues me a token. But it doesnt say which member I am. A similar form of "blinding". > > Further reading: > http://people.w3.org/~dsr/blog/?p=95 > http://www.zurich.ibm.com/idemix/details.html > http://en.wikipedia.org/wiki/Zero-knowledge_proof > > -- > Dave Raggett <dsr@w3.org> <dsr@w3.org> http://www.w3.org/People/Raggett > >
Received on Monday, 30 September 2013 09:39:46 UTC