No, I don’t mean an ID number. More so attributes of an entity attested by a non-governmental entity, and it could use privacy enhancing cryptography in this steelman.
Best, Wayne Chang Founder & CEO | SpruceID <https://spruceid.com/> | LinkedIn <https://www.linkedin.com/in/waynebuilds/> On Wed, Dec 25, 2024 at 02:17 Tom Jones <[email protected]> wrote: > if by ID you mean ID number - then it is a tracking number. > Isn't it super obvious - why are we pretending to be privacy enabling? > > Peace ..tom jones > > > On Tue, Dec 24, 2024 at 10:15 AM Wayne Chang <[email protected]> wrote: > >> Tom, how do you feel about private sector issued ID? >> >> Best, >> Wayne Chang >> Founder & CEO | SpruceID <https://spruceid.com/> | LinkedIn >> <https://www.linkedin.com/in/waynebuilds/> >> >> >> On Wed, Dec 25, 2024 at 02:04 Tom Jones <[email protected]> >> wrote: >> >>> While Waton's statement is correct - it does not address the core >>> problem with any credential that comes with an ID. >>> >>> All reusable IDs enable tracking. Full Stop. >>> All government issued ID enable tracking. Just like social insurance >>> number or any other cred. >>> So - if you want privacy - don't release the ID number. >>> >>> Peace ..tom jones >>> >>> >>> On Tue, Dec 24, 2024 at 6:34 AM Watson Ladd <[email protected]> >>> wrote: >>> >>>> I see that people are uncomfortable with making any mandates, and so >>>> I've tried to be purely descriptive in this proposal. I leave it to the WG >>>> to decide where to put it, but I see it as a wholesale replacement for some >>>> sections to emphasize clarity. >>>> >>>> "SD-JWT conceals only the values that aren't revealed. It does not >>>> meet standard security notations for anonymous credentials. In particular >>>> Verifiers and Issuers can know when they have seen the same credential no >>>> matter what fields have been opened, even none of them. This behavior may >>>> not accord with what users naively expect or are lead to expect from UX >>>> interactions and lead to them make choices they would not otherwise make. >>>> Workarounds such as issuing multiple credentials at once and using them >>>> only one time can help for keeping Verifiers from linking different >>>> showing, but cannot work for Issuers. This issue applies to all selective >>>> disclosure based approaches, including mdoc. " >>>> >>>> Sincerely, >>>> Watson >>>> _______________________________________________ >>>> OAuth mailing list -- [email protected] >>>> To unsubscribe send an email to [email protected] >>>> >>> _______________________________________________ >>> OAuth mailing list -- [email protected] >>> To unsubscribe send an email to [email protected] >>> >> _______________________________________________ >> OAuth mailing list -- [email protected] >> To unsubscribe send an email to [email protected] >> >
_______________________________________________ OAuth mailing list -- [email protected] To unsubscribe send an email to [email protected]
