From 27f562850838e1942b05943f566f1eece9000863 Mon Sep 17 00:00:00 2001 From: Manu Sporny Date: Sun, 24 Mar 2024 15:53:31 -0400 Subject: [PATCH 1/4] Add privacy considerations section on status list monitoring. --- index.html | 29 +++++++++++++++++++++++++++++ 1 file changed, 29 insertions(+) diff --git a/index.html b/index.html index d1ea9d6..e4cf281 100644 --- a/index.html +++ b/index.html @@ -1170,6 +1170,35 @@

Malicious Issuers and Verifiers

+
+

Status List Monitoring

+ +

+Once a verifier knows of a status list and entry index that is +associated with a specific holder, it becomes possible for that +verifier to see updates to that status entry as long as the +status list continues to be updated. This is useful to a verifier that +needs to understand when a particular verifiable credential has changed +status without asking the issuer directly for status information on +the specific holder or when interacting with the holder to get +the latest status information is not possible. The feature can also cause a +privacy violation if the holder is unaware of the ability for the +verifier to perform near-real-time checks on the status of the +verifiable credential. +

+ +

+Issuers can provide a level of reprieve from this privacy concern to +holders by revoking and re-issuing effectively the same +verifiable credential on a timeline that is relatively short in nature. +For example, an issuer could automatically re-issue a +verifiable credential every three months to break any sort of long-term +monitoring of a verifiable credential as it changes status and assign +a new status entry index when the re-issuance occurs. +

+ +
+

Multistatus Correlation

From 6b654f5ff027db3ef06afde46e0a3e4421a85a32 Mon Sep 17 00:00:00 2001 From: Manu Sporny Date: Sun, 24 Mar 2024 16:32:52 -0400 Subject: [PATCH 2/4] Add section on status message alterations. --- index.html | 31 ++++++++++++++++++++++++++++++- 1 file changed, 30 insertions(+), 1 deletion(-) diff --git a/index.html b/index.html index e4cf281..e715cb2 100644 --- a/index.html +++ b/index.html @@ -1200,7 +1200,7 @@

Status List Monitoring

-

Multistatus Correlation

+

Status Message Correlation

This specification provides a means by which multiple status messages can be provided for a particular entry in a status list. While this mechanism can @@ -1228,6 +1228,35 @@

Multistatus Correlation

+
+

Status Message Alterations

+ +

+When a status list uses the status messages feature, it becomes possible for +the issuer to increase the type of messages that are associated with +the verifiable credentials it issues over time. +

+ +

+This feature creates a potential privacy violation where holder of the +verifiable credential might be associated with additional status +information that was not present when the original verifiable credential +was issued. For example, initial status messages might convey "delayed" and +"canceled", but additional status messages might be added by the issuer +to convey "delayed due to non-payment" and "canceled due to illegal activity", +which would not be apparent to the holder unless there was monitoring +software operating on behalf of the holder that would warn them that the +issuer intends to expose additional information about their activity. +

+ +

+Holder software can provide features to holders that warn them about +their level of information exposure when using verifiable credentials +that are associated with status messages and warn them when the level of +information exposure changes. +

+
+
From 723ee57bf9894e78855a1905bb4c3a5edca2372c Mon Sep 17 00:00:00 2001 From: Manu Sporny Date: Sat, 30 Mar 2024 14:59:31 -0400 Subject: [PATCH 3/4] Fixes to grammar about status message updates. Co-authored-by: Ted Thibodeau Jr Co-authored-by: David Chadwick Co-authored-by: Dave Longley --- index.html | 41 +++++++++++++++++++++-------------------- 1 file changed, 21 insertions(+), 20 deletions(-) diff --git a/index.html b/index.html index e715cb2..7524a6b 100644 --- a/index.html +++ b/index.html @@ -1171,7 +1171,7 @@

Malicious Issuers and Verifiers

-

Status List Monitoring

+

Monitoring Status Lists

Once a verifier knows of a status list and entry index that is @@ -1180,27 +1180,27 @@

Status List Monitoring

status list continues to be updated. This is useful to a verifier that needs to understand when a particular verifiable credential has changed status without asking the issuer directly for status information on -the specific holder or when interacting with the holder to get +the specific verifiable credential or when interacting with the holder to get the latest status information is not possible. The feature can also cause a -privacy violation if the holder is unaware of the ability for the -verifier to perform near-real-time checks on the status of the +privacy violation for the holder and/or subject(s) if the +verifier is able to perform near-real-time checks on the status of the verifiable credential.

-Issuers can provide a level of reprieve from this privacy concern to -holders by revoking and re-issuing effectively the same +Issuers can provide a level of reprieve from this privacy concern +holders by revoking and reissuing effectively the same verifiable credential on a timeline that is relatively short in nature. -For example, an issuer could automatically re-issue a -verifiable credential every three months to break any sort of long-term -monitoring of a verifiable credential as it changes status and assign -a new status entry index when the re-issuance occurs. +For example, an issuer could automatically reissue a +verifiable credential every three months and assign a new status entry +index when the reissuance occurs to break any sort of long-term monitoring +of a verifiable credential as it changes status.

-

Status Message Correlation

+

Correlation of Status Messages

This specification provides a means by which multiple status messages can be provided for a particular entry in a status list. While this mechanism can @@ -1229,30 +1229,31 @@

Status Message Correlation

-

Status Message Alterations

+

Alteration of Status Messages

When a status list uses the status messages feature, it becomes possible for -the issuer to increase the type of messages that are associated with +the issuer to increase the types of messages that are associated with the verifiable credentials it issues over time.

-This feature creates a potential privacy violation where holder of the +This feature creates a potential privacy violation where a holder or +subject of the verifiable credential might be associated with additional status information that was not present when the original verifiable credential was issued. For example, initial status messages might convey "delayed" and "canceled", but additional status messages might be added by the issuer -to convey "delayed due to non-payment" and "canceled due to illegal activity", -which would not be apparent to the holder unless there was monitoring -software operating on behalf of the holder that would warn them that the -issuer intends to expose additional information about their activity. +to convey "delayed due to non-payment" and "canceled due to illegal activity". +This change would not be apparent to the holder unless there was +monitoring software operating on their behalf that would warn them that +the issuer intends to expose additional information about their activity.

Holder software can provide features to holders that warn them about -their level of information exposure when using verifiable credentials -that are associated with status messages and warn them when the level of +the level of holder and/or subject information exposure when using verifiable credentials +that are associated with status messages, and warn them when the level of information exposure changes.

From 83805bbd944627fd4dbe3ec92286db4ae08125a6 Mon Sep 17 00:00:00 2001 From: Manu Sporny Date: Sat, 30 Mar 2024 15:08:25 -0400 Subject: [PATCH 4/4] Clean up some subject/holder markup in status message section. --- index.html | 28 ++++++++++++++-------------- 1 file changed, 14 insertions(+), 14 deletions(-) diff --git a/index.html b/index.html index 7524a6b..bb3ed81 100644 --- a/index.html +++ b/index.html @@ -1238,23 +1238,23 @@

Alteration of Status Messages

-This feature creates a potential privacy violation where a holder or -subject of the -verifiable credential might be associated with additional status -information that was not present when the original verifiable credential -was issued. For example, initial status messages might convey "delayed" and -"canceled", but additional status messages might be added by the issuer -to convey "delayed due to non-payment" and "canceled due to illegal activity". -This change would not be apparent to the holder unless there was -monitoring software operating on their behalf that would warn them that -the issuer intends to expose additional information about their activity. +This feature creates a potential privacy violation where the +subject or holder of the verifiable credential might be +associated with additional status information that was not present when the +original verifiable credential was issued. For example, initial status +messages might convey "delayed" and "canceled", but additional status messages +might be added by the issuer to convey "delayed due to non-payment" and +"canceled due to illegal activity". This change would not be apparent to the +subject or holder unless there was monitoring software operating +on their behalf that would warn them that the issuer intends to expose +additional information about their activity.

-Holder software can provide features to holders that warn them about -the level of holder and/or subject information exposure when using verifiable credentials -that are associated with status messages, and warn them when the level of -information exposure changes. +Holder software can provide features to holders that warn them about the +level of holder and/or subject information exposure when using +verifiable credentials that are associated with status messages, and warn +them when the level of information exposure changes.