Tom, how do you feel about private sector issued ID? Best, Wayne Chang Founder & CEO | SpruceID <https://spruceid.com/> | LinkedIn <https://www.linkedin.com/in/waynebuilds/>
On Wed, Dec 25, 2024 at 02:04 Tom Jones <thomasclinganjo...@gmail.com> wrote: > While Waton's statement is correct - it does not address the core problem > with any credential that comes with an ID. > > All reusable IDs enable tracking. Full Stop. > All government issued ID enable tracking. Just like social insurance > number or any other cred. > So - if you want privacy - don't release the ID number. > > Peace ..tom jones > > > On Tue, Dec 24, 2024 at 6:34 AM Watson Ladd <watsonbl...@gmail.com> wrote: > >> I see that people are uncomfortable with making any mandates, and so I've >> tried to be purely descriptive in this proposal. I leave it to the WG to >> decide where to put it, but I see it as a wholesale replacement for some >> sections to emphasize clarity. >> >> "SD-JWT conceals only the values that aren't revealed. It does not meet >> standard security notations for anonymous credentials. In particular >> Verifiers and Issuers can know when they have seen the same credential no >> matter what fields have been opened, even none of them. This behavior may >> not accord with what users naively expect or are lead to expect from UX >> interactions and lead to them make choices they would not otherwise make. >> Workarounds such as issuing multiple credentials at once and using them >> only one time can help for keeping Verifiers from linking different >> showing, but cannot work for Issuers. This issue applies to all selective >> disclosure based approaches, including mdoc. " >> >> Sincerely, >> Watson >> _______________________________________________ >> OAuth mailing list -- oauth@ietf.org >> To unsubscribe send an email to oauth-le...@ietf.org >> > _______________________________________________ > OAuth mailing list -- oauth@ietf.org > To unsubscribe send an email to oauth-le...@ietf.org >
_______________________________________________ OAuth mailing list -- oauth@ietf.org To unsubscribe send an email to oauth-le...@ietf.org