3A/ Privacy Preservation and Controlling Correlation

From IIW

Privacy and Correlation

Tuesday 3A

Convener: Nathan George

Notes-taker(s): Colin Jaccino

Discussion notes, key understandings, outstanding questions, observations, and, if appropriate to this discussion: action items, next steps:

People, Organizations and Things

 - If you can correlate the IDs of people, correlations, and things    AND

 - If you can identify the interactions among those things, you

    - undermine supply chains

    - undermine negotiating power    

  • If you introduce verifiable identity to an at-risk population and the capability to verify gets into the wrong hands, the at risk population could be at stake.
  • Different IDs w/different services w/tselected correlation; "throw-away" IDs you can’t throw away
  • Some RPs may not accept non-correlatble IDs.

Three way relationship

Issuer  - provides the credential (token) proving that you are who you say you are

                    R.P. - Relying party

Proover - Agent delivering the credentials (or assertion that credentials are valid/viable to the relying party.

How to undermine correlatability?

  • Intermediate the issuer and prover using a delegated credential provider.
  • Intermediate the prover and the relying party using selective disclosure.
  • Intermediate the issuer and relying party using a distributed ledger.