Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add privacy considerations around data minimization #213

Merged
merged 3 commits into from
Sep 12, 2023
Merged
Show file tree
Hide file tree
Changes from 2 commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
42 changes: 35 additions & 7 deletions index.html
Original file line number Diff line number Diff line change
Expand Up @@ -1068,6 +1068,11 @@ <h2>Privacy Considerations</h2>
This section details the general privacy considerations and specific privacy
implications of deploying this specification into production environments.
</p>
<p>
When using the <code><a href="#jsonschemacredential">JsonSchemaCredential</a></code>
<code>type</code> implementers are advised to review the <a data-cite="VC-DATA-MODEL-2.0/#privacy-considerations">
decentralgabe marked this conversation as resolved.
Show resolved Hide resolved
Privacy Considerations</a> outlined in the [[VC-DATA-MODEL-2.0]].
</p>
<section class="informative">
<h3>Personally Identifiable Information</h3>
<p>
Expand Down Expand Up @@ -1102,10 +1107,10 @@ <h3>Verifier Caching</h3>
</section>
<section class="informative">
<h3>Schema Resolution</h3>
<p>
<p>
<a>Schema resolution</a> is the process of dereferencing a credential schema's identifier in order to fetch a
<a>credential schema</a>.
</p>
</p>
<p>
<a>Issuers</a> can increase the privacy of <a>holders</a> by using
content distribution networks to reduce or eliminate requests for the
Expand All @@ -1114,17 +1119,34 @@ <h3>Schema Resolution</h3>
on the server as well as cloaking <a>verifiers</a> and <a>holders</a>
from <a>issuers</a>.
</p>
<p>
<p>
Furthermore, the use of <a href="https://ietf-wg-ohai.github.io/oblivious-http/draft-ietf-ohai-ohttp.html">Oblivious HTTP</a>
can prevent linkage of schema requests made by <a>holders</a>. Implementers are encouraged to allow configuration
of an <a href="https://ietf-wg-ohai.github.io/oblivious-http/draft-ietf-ohai-ohttp.html#dfn-relay">Oblivious Relay Resource</a>
for use during <a>schema resolution</a>.
</p>
<p>
</p>
<p>
When using <a>credential schema</a> identifiers that are unique to the issued credential, it is possible
to correlate <a>schema resolution</a> of a credential with an IP address. Implementers are encouraged to prevent such
correlation by selecting identifiers which are shared among a class of credentials.
</p>
</p>
</section>
<section>
<h3>Data Minimization</h3>
<p>
Data minimization refers to the principle of sharing the minimum necessary data for any given data request, such
as a <a>verifier</a> requesting a <a>verifiable credential</a>, or set of <a>verifiable credentials</a> from
decentralgabe marked this conversation as resolved.
Show resolved Hide resolved
a <a>holder</a>.
</p>
<p>
When using a <a>credential schema</a> with a credential that supports <a>selective disclosure</a> it may be
possible for a <a>verifier</a> to determine additional attributes that would be available, but not presented
when verifying a <a>credential</a> from a <a>holder</a>. To mitigate <i>data leakage</i> <a>holders</a> may
choose to reject verification requests that disclose such additional attributes, or, if the capability is
available, selectively disclose properties in the associated <a>credential schema</a>. To enable this functionality
<a>issuers</a> can use <a>selective disclosure</a> schemes when creating <a>credential schemas</a> using
the <code><a href="#jsonschemacredential">JsonCredentialSchema</a></code> <code>type</code>.
decentralgabe marked this conversation as resolved.
Show resolved Hide resolved
</p>
</section>
</section>
<section class="informative">
Expand All @@ -1135,13 +1157,19 @@ <h2>Security Considerations</h2>
not understanding the implications of this section can result in
security vulnerabilities.
</p>
<p>
When using the <code><a href="#jsonschemacredential">JsonSchemaCredential</a></code>
<code>type</code> implementers are advised to review the <a data-cite="VC-DATA-MODEL-2.0/#security-considerations">
decentralgabe marked this conversation as resolved.
Show resolved Hide resolved
Security Considerations</a> outlined in the [[VC-DATA-MODEL-2.0]].
</p>
<section class="informative">
<h3>Issuer Impersonation</h3>
<p>
It is possible for a schema to become authoritative, such as schemas
provided by a recognized industry group like a consoritum of financial
companies. To avoid confusion as to the authorship of <a>credential schemas</a>
decentralgabe marked this conversation as resolved.
Show resolved Hide resolved
it is advised that they are packaged as secured <a>verifiable credentials</a>.
it is advised that they are packaged as <a>verifiable credentials</a> using the
<code><a href="#jsonschemacredential">JsonSchemaCredential</a></code> <code>type</code>.
decentralgabe marked this conversation as resolved.
Show resolved Hide resolved
</p>
</section>
</section>
Expand Down
5 changes: 0 additions & 5 deletions terms.html
Original file line number Diff line number Diff line change
Expand Up @@ -94,11 +94,6 @@
<dt><dfn data-lt="subjects|subject's">subject</dfn></dt>
<dd>
A thing about which <a>claims</a> are made.
</dd>
<dt><dfn class="lint-ignore">user agent</dfn></dt>
<dd>
A program, such as a browser or other Web client, that mediates the
communication between <a>holders</a>, <a>issuers</a>, and <a>verifiers</a>.
</dd>
<dt><dfn data-lt="credential validation">validation</dfn></dt>
<dd>
Expand Down