ATAG ARF Feedback: 6.1.3 Assumptions on trust - the ability to track users with correlatable identifiers is a critical flaw in the current design

[heatherdahl]

Description

Name: Heather Dahl, Ken Ebert, Sam Curren, Indicio

ARF Chapter: 6.1.3 Assumptions on trust “Relying Parties may try to violate a User\'s privacy by tracking the User by processing their data without lawful grounds. They can do so, as an example, by comparing without lawful grounds a signature, hash, or public key value present in an attestation that the User presents to them to similar values known to the Relying Party. Moreover, Relying Parties may collude with other Relying Parties to do so.”

Recommendation: We support assertions of the Cryptographers’ Feedback. Please see https://github.com/eu-digital-identity-wallet/eudi-doc-architecture-and-reference-framework/issues/200 The ability to track users with technology provided correlatable identifiers is a critical flaw in the current design and must be corrected before publication.

[digeorgi]

Thank you for the feedback.

The discussion concerning Cryptographers' Feedback (#200 ) will continue in the relevant discussion thread #211 To straighten any existing flaws in the current ARF, all the topics discussed will be taken into consideration for the upcoming versions.