samuelmr
commented
2 months ago Would it make sense to have different kinds of attestations (credentials) with different revocation mechanisms?
If you present an attestation of your bank account number or a credential proving that you own a car with a specific license plate number, it doesn't make much sense to set strict requirements for non-traceability of the revocation, since the verifiers get identifying information as attribute values. The same, of course, applies to use cases where the user uses their PID for authentication.
The issuer of a credential could label the credentials they issue using a three-tier classification:
- non-traceable (the credential doesn't contain uniquely identifying attribute values, including revocation data)
- potentially traceable (the credential contains selectively disclosable attributes that can be used for tracking if disclosed)
- traceable (the use of the credential can be tracked by colluding verifiers since it may contain identifying information
pinamiranda
joelposti
In section 6.3.4.7 of the ARF there is the following requirement:
Section 6.3.4.8 of the ARF presents a number of possible revocation mechanisms such as Attestation Status List and Online Attestation Status Protocol. It is difficult to see how the presented mechanisms, with the exception of the short-lived attestations mechanism and perhaps the OASP stapling, fulfill the requirement because they rely on the fact that the attestation has some sort of revocation-related identifier. That identifier can be used by the Relying Party for correlating the User.
Should the requirement be relaxed or dropped? Or should more advanced revocation mechanisms be used?
If more advanced revocation mechanisms are used it could be that the requirement 6.3.4.7.8 gets in the way next.