3A/ Privacy Preservation and Controlling Correlation
Privacy and Correlation
Convener: Nathan George
Notes-taker(s): Colin Jaccino
Discussion notes, key understandings, outstanding questions, observations, and, if appropriate to this discussion: action items, next steps:
People, Organizations and Things
- If you can correlate the IDs of people, correlations, and things AND
- If you can identify the interactions among those things, you
- undermine supply chains
- undermine negotiating power
- If you introduce verifiable identity to an at-risk population and the capability to verify gets into the wrong hands, the at risk population could be at stake.
- Different IDs w/different services w/tselected correlation; "throw-away" IDs you can’t throw away
- Some RPs may not accept non-correlatble IDs.
Three way relationship
Issuer - provides the credential (token) proving that you are who you say you are
R.P. - Relying party
Proover - Agent delivering the credentials (or assertion that credentials are valid/viable to the relying party.
How to undermine correlatability?
- Intermediate the issuer and prover using a delegated credential provider.
- Intermediate the prover and the relying party using selective disclosure.
- Intermediate the issuer and relying party using a distributed ledger.