Difference between revisions of "Privacy Enhancing Credential"
(→Selective Disclosure) |
(→Selective Disclosure) |
||
| Line 19: | Line 19: | ||
The benefits of selective disclosure credentials include: | The benefits of selective disclosure credentials include: | ||
| − | *Data Minimization | + | *Data Minimization: Sharing only the minimum amount of information necessary for a specific transaction or purpose, reducing the risk of data breaches and privacy violations¹. |
| − | *Compliance with Data Regulations | + | *Compliance with Data Regulations: Helps organizations comply with data protection regulations such as the GDPR and CCPA by minimizing the amount of personal data processed and stored. |
| − | Verifiable Credentials are like digital versions of traditional paper credentials (e.g., driver's licenses, passports) but with increased security and privacy. They are stored in a secure, tamper-proof format and allow for quick and easy verification.<ref></ref> Selective disclosure is a key feature that enhances the privacy and control individuals have over their personal data. | + | Verifiable Credentials are like digital versions of traditional paper credentials (e.g., driver's licenses, passports) but with increased security and privacy. They are stored in a secure, tamper-proof format and allow for quick and easy verification.<ref>Verifiable Credentials Overview - World Wide Web Consortium (W3C). https://www.w3.org/TR/vc-overview/</ref> Selective disclosure is a key feature that enhances the privacy and control individuals have over their personal data. |
Source: Conversation with Copilot, 8/6/2024 | Source: Conversation with Copilot, 8/6/2024 | ||
| − | |||
| − | |||
(3) Current Work and Future Trends in Selective Disclosure - self-issued. https://self-issued.info/presentations/EIC_2023_Selective_Disclosure.pdf. | (3) Current Work and Future Trends in Selective Disclosure - self-issued. https://self-issued.info/presentations/EIC_2023_Selective_Disclosure.pdf. | ||
(4) undefined. https://www.w3.org/TR/2024/NOTE-vc-overview-20240706/. | (4) undefined. https://www.w3.org/TR/2024/NOTE-vc-overview-20240706/. | ||
Revision as of 15:02, 6 August 2024
Contents
Full Title or Meme
A collection of private and secret data that can be used to prove an assertion in a manner that does not release more private information than absolutely required for the purpose described. Perhaps that term is used to indicate a mobile computer device, which is the preferred technology solution.
Context
- Regardless of any technology used to protect user data in a credential, it serves no purpose if it is not limited to use in a protected Ecosystem.
- In some contexts, the term "Privacy Enhancing Credential" is used, although there are very few use cases where a credential is not mobile even when it is just a driver's license in a holder's pocket.
- Simple credentials that do not rely on secrets to protect user data are not considered to be of any value as a Privacy Enhancing Credential.
- As a general rule, private data is released only when the user agrees, and secret data is never released. This definition does not apply to private keys, which are seldom released and only in the most secure circumstances, like when a private key is used in several servers that provide the same security service. That would also be the case when the user had more than one mobile Smartphone and desired to have the same functionality on both devices.
Ecosystems
- Perhaps the simplest Ecosystem is a Smart Card which comes with secure private key generation and cannot export the key.
- The Credential could be included and used entirely within the context of a Trusted Execution Environment, or a Secure Enclave and its resident software.
Solutions
- The Privacy Enhancing Technology Provider is described on a related wiki page.
Selective Disclosure
Selective disclosure credentials are a privacy feature of Digital Credentials that allow individuals to share only the necessary information with organizations, without compromising their privacy.[1] This means that a person can control exactly which pieces of information are disclosed and to whom.
For example, if someone named Ash holds a university degree as a digital credential, it might contain his name, student number, email, and degree name. If he applies for a job and the employer requests to verify his degree, Ash can choose to share only his name and degree name, omitting other details like his student number and email.
The benefits of selective disclosure credentials include:
- Data Minimization: Sharing only the minimum amount of information necessary for a specific transaction or purpose, reducing the risk of data breaches and privacy violations¹.
- Compliance with Data Regulations: Helps organizations comply with data protection regulations such as the GDPR and CCPA by minimizing the amount of personal data processed and stored.
Verifiable Credentials are like digital versions of traditional paper credentials (e.g., driver's licenses, passports) but with increased security and privacy. They are stored in a secure, tamper-proof format and allow for quick and easy verification.[2] Selective disclosure is a key feature that enhances the privacy and control individuals have over their personal data.
Source: Conversation with Copilot, 8/6/2024
(3) Current Work and Future Trends in Selective Disclosure - self-issued. https://self-issued.info/presentations/EIC_2023_Selective_Disclosure.pdf. (4) undefined. https://www.w3.org/TR/2024/NOTE-vc-overview-20240706/. (5) undefined. https://w3c.github.io/vc-overview/. (6) undefined. https://www.w3.org/standards/history/vc-overview/. (7) undefined. https://www.w3.org/TR/.
Zero Knowledge Proof
References
- Also see wiki page on Privacy Harms.
