Merge pull request #37 from verocri/verocri-patch-2

SHA: 4cd5b1c Reason: push, by simoneonofri Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
w3c · Sep 13, 2024 · 978d22c · 978d22c
1 parent 65c9d6d
commit 978d22c
Showing 1 changed file with 4 additions and 4 deletions.
diff --git a/index.html b/index.html
@@ -8,7 +8,7 @@
   <meta content="Bikeshed version 82ce88815, updated Thu Sep 7 16:33:55 2023 -0700" name="generator">
   <link href="https://www.w3.org/reports/identity-web-impact/" rel="canonical">
   <link href="https://www.w3.org/2008/site/images/favicon.ico" rel="icon">
-  <meta content="bda1c0e4c8a4a4334552e3b9e329e2093ac06f35" name="document-revision">
+  <meta content="4cd5b1c1ad3f6c1d51bfaa0b3a03911a4df21068" name="document-revision">
 <style>/* Boilerplate: style-autolinks */
 .css.css, .property.property, .descriptor.descriptor {
     color: var(--a-normal-text);
@@ -1114,14 +1114,14 @@ <h4 class="heading settled" data-level="4.3.6" id="pure-digital-credentials"><sp
    </ul>
    <p>Some governments are doing pilot projects with Decentralized Identities, providing their citizens with Digital Wallets and IDs.</p>
    <p>Let us delve into an extensively debated use case requiring a solution: age verification.</p>
-   <p>The holder has a digital passport in the form of government-issued credentials; these credentials, in their claims, also contain age information.</p>
+   <p>The holder has a digital passport in the form of government-issued credentials; these credentials, in their claims, also contain age information. The presentation can be done in different ways, providing different levels of privacy.</p>
    <ul>
     <li data-md>
      <p><strong>Full Credential</strong>: It is possible to send the full credential since it also contains the date of birth, from which the verifier can derive the age. However, this doesn’t meet the principle of Data Minimization, as I’m sending a lot of other information that can be misused and make us traceable.</p>
     <li data-md>
-     <p><strong>Selective Disclosure</strong> <a data-link-type="biblio" href="#biblio-selective-disclosure" title="Selective Disclosure (v0.2)">[selective-disclosure]</a>: If only the date of birth is submitted, we still have a minor data release, as the verifier is interested not in the date of birth but in whether the person is of age. Suppose the credential provided supports this privacy feature, which allows us to send individual attributes/claims. In that case, we can send only the date of birth, by which the verifier can derive the age. It certainly improves the situation concerning Data Minimization, but it does not solve it totally. To overcome this problem, some credentials have specific attributes with boolean values to present that our age exceeds a certain value (e.g., 16, 18, 21).</p>
+     <p><strong>Selective Disclosure</strong> <a data-link-type="biblio" href="#biblio-selective-disclosure" title="Selective Disclosure (v0.2)">[selective-disclosure]</a>: Suppose the credential provided supports this privacy feature, which allows us to send individual attributes/claims and hide the others. In that case, we can send only the date of birth, by which the verifier can derive the age. It certainly improves the situation concerning Data Minimization, but it does not solve it totally. To overcome this problem, some credentials have specific attributes with boolean values to present that our age exceeds a certain value (e.g., 16, 18, 21).</p>
     <li data-md>
-     <p><strong>Range Proof</strong> <a data-link-type="biblio" href="#biblio-range-proofs" title="SoK: Zero-Knowledge Range Proofs">[range-proofs]</a>: If we send the verifier the boolean result of a computation related to the value of a specific attribute (e.g., the verifier asks us if we are older than 21 years old, and we send the result of the computation on the date of birth).</p>
+     <p><strong>Range Proof</strong> <a data-link-type="biblio" href="#biblio-range-proofs" title="SoK: Zero-Knowledge Range Proofs">[range-proofs]</a>: Zero-knowledge range proofs allow a prover to convince a verifier that a secret value lies in a given interval (without showing the credential attribute). If the verifier ask for a specific attribute is within a given range, a range proof-presentation can be sent to the verifier (e.g., the verifier asks us if we are older than 21 years old, we send the result of the computation on the date of birth that proves that our age falls in that range without revealing it).</p>
    </ul>
    <p>The problem is that, even in the last two cases, we can present potentially linkable information to us or our issuer, which the verifier can use to make correlations. For example, it is necessary to decouple the signature from the signer and not use the same identifiers in different sessions.</p>
    <p>Conversely, the verifier will have to prove that they performed the age verification, further complicating the matter.</p>