Hi all, I think it's important that a workable approach to privacy is made available to all active implementers of verifiable digital credential systems, while meeting standards-based hardware assurance requirements for issuers like FIPS and CMVP.
I have recently presented this TEE-based approach that could add unlinkability to SD-JWT, ISO mDL/mdoc, etc. for attribute disclosure with a straightforward upgrade path to existing installations (11+ mDL programs live in the US). This approach would be compatible with FIPS 140-2/3 requirements and also PQC. It could be used alongside ZKP-in-the-wallet approaches as well. I thought that people on this list might be interested given the recent discussion around the various verifier-verifier and issuer-verifier collusions. You can find the slides in the first link below. For those preparing their stones to cast at TEE approaches, please take a look at the slides first, which describe defense-in-depth as a requirement to implement this safely. NIST Workshop on Privacy-Enhancing Cryptography 2024 Page: https://csrc.nist.gov/Presentations/2024/wpec2024-3b4 Original blog post: https://blog.spruceid.com/provably-forgotten-signatures-adding-privacy-to-digital-identity/ I'm currently working on formalizing some assumptions for specific hardware, environments, and protocols--please let me know if you'd like to get involved and/or collaborate on this. Best, - Wayne
_______________________________________________ OAuth mailing list -- oauth@ietf.org To unsubscribe send an email to oauth-le...@ietf.org
