if by ID you mean ID number - then it is a tracking number. Isn't it super obvious - why are we pretending to be privacy enabling?
Peace ..tom jones On Tue, Dec 24, 2024 at 10:15 AM Wayne Chang <wa...@spruceid.com> wrote: > Tom, how do you feel about private sector issued ID? > > Best, > Wayne Chang > Founder & CEO | SpruceID <https://spruceid.com/> | LinkedIn > <https://www.linkedin.com/in/waynebuilds/> > > > On Wed, Dec 25, 2024 at 02:04 Tom Jones <thomasclinganjo...@gmail.com> > wrote: > >> While Waton's statement is correct - it does not address the core problem >> with any credential that comes with an ID. >> >> All reusable IDs enable tracking. Full Stop. >> All government issued ID enable tracking. Just like social insurance >> number or any other cred. >> So - if you want privacy - don't release the ID number. >> >> Peace ..tom jones >> >> >> On Tue, Dec 24, 2024 at 6:34 AM Watson Ladd <watsonbl...@gmail.com> >> wrote: >> >>> I see that people are uncomfortable with making any mandates, and so >>> I've tried to be purely descriptive in this proposal. I leave it to the WG >>> to decide where to put it, but I see it as a wholesale replacement for some >>> sections to emphasize clarity. >>> >>> "SD-JWT conceals only the values that aren't revealed. It does not meet >>> standard security notations for anonymous credentials. In particular >>> Verifiers and Issuers can know when they have seen the same credential no >>> matter what fields have been opened, even none of them. This behavior may >>> not accord with what users naively expect or are lead to expect from UX >>> interactions and lead to them make choices they would not otherwise make. >>> Workarounds such as issuing multiple credentials at once and using them >>> only one time can help for keeping Verifiers from linking different >>> showing, but cannot work for Issuers. This issue applies to all selective >>> disclosure based approaches, including mdoc. " >>> >>> Sincerely, >>> Watson >>> _______________________________________________ >>> OAuth mailing list -- oauth@ietf.org >>> To unsubscribe send an email to oauth-le...@ietf.org >>> >> _______________________________________________ >> OAuth mailing list -- oauth@ietf.org >> To unsubscribe send an email to oauth-le...@ietf.org >> > _______________________________________________ > OAuth mailing list -- oauth@ietf.org > To unsubscribe send an email to oauth-le...@ietf.org >
_______________________________________________ OAuth mailing list -- oauth@ietf.org To unsubscribe send an email to oauth-le...@ietf.org
