Tom, how do you feel about private sector issued ID?

Best,
Wayne Chang
Founder & CEO | SpruceID <https://spruceid.com/> | LinkedIn
<https://www.linkedin.com/in/waynebuilds/>


On Wed, Dec 25, 2024 at 02:04 Tom Jones <thomasclinganjo...@gmail.com>
wrote:

> While Waton's statement is correct - it does not address the core problem
> with any credential that comes with an ID.
>
> All reusable IDs enable tracking.  Full Stop.
> All government issued ID enable tracking. Just like social insurance
> number or any other cred.
> So - if you want privacy - don't release the ID number.
>
> Peace ..tom jones
>
>
> On Tue, Dec 24, 2024 at 6:34 AM Watson Ladd <watsonbl...@gmail.com> wrote:
>
>> I see that people are uncomfortable with making any mandates, and so I've
>> tried to be purely descriptive in this proposal. I leave it to the WG to
>> decide where to put it, but I see it as a wholesale replacement for some
>> sections to emphasize clarity.
>>
>>  "SD-JWT conceals only the values that aren't revealed. It does not meet
>> standard security notations for anonymous credentials. In particular
>> Verifiers and Issuers can know when they have seen the same credential no
>> matter what fields have been opened, even none of them. This behavior may
>> not accord with what users naively expect or are lead to expect from UX
>> interactions and lead to them make choices they would not otherwise make.
>> Workarounds such as issuing multiple credentials at once and using them
>> only one time can help for keeping Verifiers from linking different
>> showing, but cannot work for Issuers. This issue applies to all selective
>> disclosure based approaches, including mdoc. "
>>
>> Sincerely,
>> Watson
>> _______________________________________________
>> OAuth mailing list -- oauth@ietf.org
>> To unsubscribe send an email to oauth-le...@ietf.org
>>
> _______________________________________________
> OAuth mailing list -- oauth@ietf.org
> To unsubscribe send an email to oauth-le...@ietf.org
>
_______________________________________________
OAuth mailing list -- oauth@ietf.org
To unsubscribe send an email to oauth-le...@ietf.org

Reply via email to