Selective disclosure use cases and requirements

[Fak3]

Traceability data pass through multiple parties down the supply chain. On multiple occasions there's a desire to limit disclosed data to only required minimal set, preserving privacy of participants.

This issue collects use cases and discussions around selective disclosure techniques.

[Fak3]

Copying discussion from slack

Stephen Curran wrote:

Fundamental agreement with Steve about the challenge in a requirement for authorization in attempting to scale access to product/supply chain information that meets the principles. In both the traceability interop document and what I've seen Steve present, there is the anticipation that selective disclosure (or redaction) eventually comes into play. As soon as you get to selective disclosure, you are implying knowledge of the identity of the verifier such that the disclosed data can be tuned data appropriately. Further, being able to "tune" the data per verifier implies an active component delivering the proof (vs. a static document on a generic web server), significantly amping up the technology of the prover.

Has there been a consideration of "required disclosure" that is sufficient for the stated principle -- I have the product so I get the data -- that also provides a way for verifiers to request related data. The related data queries might require authorization / prover knowledge of the verifier's identity, which in turn drives selective disclosure.

I'm concerned that it doubles the credentials and schemas. Here is the "open data" credential/schema, and here is the extended credential/schema that a prover might/or might not want to share.

[Fak3]

Steve Capell wrote:

Hi Stephen Curran the merkel-tree based selective redaction method that UNTP is likely to propose is a bit different to most VC selective disclosure model - because it does not depend on the issuer or the subject to do anything different. Unlike personal privacy where it's the holder that wants to hide personal data, the supply chain pattern is different. Usually it's the +2 downstream actor that wants to redact. For example cotton farmer has some conformity credentials attesting to organic / deforestation free / carbon neutral / etc. Farmer passes that on to their ginning/weaving mill customer without redaction (why would they? farmer knows their customer). But then ginning/weaving mill needs to give their T-shirt manufacturer customer confidence about the sustainability of the cotton. But they dont want to reveal the name of the farmer. So it's the verifier of a thing that wants to redact before forwarding. It's a different pattern to personal privacy selective disclosure. https://github.com/uncefact/project-vckit/tree/next/packages/credential-merkle-disclosure-proof and https://transmute-industries.github.io/merkle-disclosure-proof-2021/

[Fak3]

I'm wondering if for this particular usecase governments might want to have more control over disclosure and apply something like pseudonym issuance scheme - i.e. have the authorized third party who can reveal data in case of legal issues

I do realize that it requires more complex architecture, compared to bbs / merkle / ecdsa-sd; only wanted to highlight that there are many ways to implement selective disclosure with various tradeoffs.

[ReLOG3PSNE]

Team, wrt the "selective disclosure (or redaction)" topic as mentioned above, and also considering the consequent @onthebreeze comments, I feel that, in our exercise, we could/should look indeed a bit wider in the sense of "selective disclosure and redaction and request": I see a huge value here in the UNTP approach by stating, out there, that, if the same will be followed, the fact itself that is followed guarantee certain types of "data trust", regardless data are disclosed or not, indeed considering that not all data can/need to be disclosed to all stakeholders. I see the "selective" approach as: the UNTP ensures certains conditions, than each stakeholder, holding also certain types of authorizations, will be able to ask/read/provide only certain types of infos and not others, depending on his/her own authorization type/level

[nissimsan]

There are alternatives to selective disclosure. Perhaps wait and see industry demand.

[nissimsan]

I might demo SD on the UN Forum