Rewrite unlinkability considerations

oauth-wg / oauth-selective-disclosure-jwt

https://datatracker.ietf.org/doc/draft-ietf-oauth-selective-disclosure-jwt/

Other

55 stars 27 forks source link

Rewrite unlinkability considerations #354

Closed danielfett closed 5 months ago

danielfett commented 9 months ago

Addresses Issue #342

Instead of just adding text re the key binding keys, I rewrote the whole section, as the previous one was more of a placeholder.

Denisthemalice commented 5 months ago

Instead of one section (12.4) about "Unlinkability", there should be two sections:

"Unlinkability between Verifiers" means that two Verifiers when colluding, should not be able to know whether two digital presentations are presented by the same user.

"Untrackability by an issuer" means that an Issuer should not be able to know to which Verifier a digital presentation will be or has been presented by a user.

Note: In the second case, there is no need to have a collusion between an Issuer and a Verifier.

Denisthemalice commented 5 months ago

Instead of one section about "Unlinkability", there should be two sections:

"Unlinkability between Verifiers" means that two Verifiers when colluding, should not be able to know whether two digital presentations are presented by the same user.

"Untrackability by an issuer" means that an Issuer should not be able to know to which Verifier a digital presentation will be or has been presented by a user.

Note: In the second case, there is no need to have a collusion between an Issuer and a Verifier.

danielfett commented 5 months ago

For the sake of having a starting point, the authors decided to merge this pull request to have a starting point in the document. The current text seems to be a rough consensus. We are open to modifying the text later on, as already mentioned above.