diff --git a/diagrams/claim-extended.svg b/diagrams/claim-extended.svg index 89623e7cb..e1d2ced50 100644 --- a/diagrams/claim-extended.svg +++ b/diagrams/claim-extended.svg @@ -1,4 +1,4 @@ - + diff --git a/index.html b/index.html index b938877a9..e57ce5308 100644 --- a/index.html +++ b/index.html @@ -132,7 +132,7 @@
Granting a benefit requires proof and verification. Some benefits demand a formal process that includes three parties. In this process, -the holder asks for the benefit and the inspector-verifier +the holder asks for the benefit and the verifier grants or denies the benefit based on verification of the holder’s qualification from a trusted issuer.
@@ -212,10 +212,10 @@The following properties are required in the Entity Profile Model:
@@ -774,7 +774,7 @@issued
date must be in the expected range.
- For example, an inspector-verifier may wish to ensure that the recorded
+ For example, a verifier may wish to ensure that the recorded
issued date of valid claims is not in the future.ageOver
.{ - "@context": "https://w3id.org/identity/v1", +{ + "@context": "https://w3id.org/credentials/v1", "id": "did:example:ebfeb1f712ebc6f1c276e12ec21", "ageOver": 21 }@@ -1209,11 +1209,8 @@Verifiable Credential
asignature
that can be used to verify its entire contents, including the claim. -{ - "@context": [ - "https://w3id.org/identity/v1", - "https://w3id.org/security/v1" - ], +{ + "@context": "https://w3id.org/credentials/v1", "id": "http://example.gov/credentials/3732", "type": ["Credential", "ProofOfAgeCredential"], "issuer": "https://dmv.example.gov", @@ -1237,10 +1234,10 @@Verifiable Credential
of verifiable claims about a particular subject. -{ +{ "@context": [ - "https://w3id.org/identity/v1", - "https://w3id.org/security/v1" + "http://schema.org", + "https://w3id.org/credentials/v1" ], "id": "http://example.gov/credentials/3732", "type": ["Credential", "PassportCredential"], @@ -1299,10 +1296,10 @@Verifiable Profile
The following example demonstrates how to express a simple verifiable profile.
-{ +{ "@context": [ - "https://w3id.org/identity/v1", - "https://w3id.org/security/v1" + "http://schema.org", + "https://w3id.org/credentials/v1" ], "id": "did:example:ebfeb1f712ebc6f1c276e12ec21", "credential": [{ @@ -1690,7 +1687,7 @@Personally Identifiable Information
The data associated with verifiable claims stored in the
credential.claim
field are largely susceptible to privacy -violations when shared with Inspector-verifiers. Personally identifying data +violations when shared with Verifiers. Personally identifying data such as a government-issued identifier, shipping address, and full name can be easily used to determine, track, and correlate an entity. Even information that does not seem personally identifiable like the @@ -1703,7 +1700,7 @@Personally Identifiable Information
warn Holders when they share data with these sorts of characteristics. Issuers are strongly advised to provide privacy-protecting credentials when possible. For example, issuing ageOver credentials instead of -birthdate credentials when the Inspector-verifier desires to determine if an +birthdate credentials when the Verifier desires to determine if an entity is over the age of 18. @@ -1772,7 +1769,7 @@Favor Abstract Claims
In order to enable recipients of verifiable claims to use them in a variety of circumstances without revealing more personally identifiable information than necessary for the transaction, issuers should consider limiting the information published in a claim to a minimal set needed for the expected purposes. -One way to avoid placing personally identifiable information in a claim is to use an "abstract" property that meets the needs of inspector-verifiers without providing specific information about the subject. +One way to avoid placing personally identifiable information in a claim is to use an "abstract" property that meets the needs of verifiers without providing specific information about the subject.
An example in this document is the use of the
ageOver
property as opposed to a specific birthdate that would constitute much stronger personally identifiable information. @@ -1793,8 +1790,8 @@The Principle of Minimum Disclosure
With verifiable claims, minimal disclosure for issuers means limiting the -content of a claim to the minimum required by potential inspector-verifiers for -expected use. For inspector-verifiers, it means limiting the scope of claims +content of a claim to the minimum required by potential verifiers for +expected use. For verifiers, it means limiting the scope of claims request or required for accessing services.
@@ -1818,9 +1815,9 @@
The Principle of Minimum Disclosure
issue such claims.-Similarly, inspector-verifiers are urged to only request information that is absolutely +Similarly, verifiers are urged to only request information that is absolutely necessary for a particular transaction to occur. This is important for at -least two reasons: 1) it reduces the liability on the inspector-verifier for +least two reasons: 1) it reduces the liability on the verifier for handling highly sensitive information that it does not need, and 2) it enhances the privacy of the individual by only asking for information that is required for the particular transaction. @@ -1840,7 +1837,7 @@
Bearer Claims
Validity Checks
-Inspector-verifier (corporation) is required to check revocation via Issuer +Verifier (corporation) is required to check revocation via Issuer (government).
@@ -1904,30 +1901,30 @@Usage Patterns
- -When the same claim is presented to the same inspector-verifier more than once – -that inspector-verifier could infer that the holder is the same individual. +When the same claim is presented to the same verifier more than once – +that verifier could infer that the holder is the same individual.
- -When the same claim is presented to different inspector-verifiers, and either those -inspector-verifiers collude or a third party has access to transaction records from -both inspector-verifiers – the observant party could infer that the individual +When the same claim is presented to different verifiers, and either those +verifiers collude or a third party has access to transaction records from +both verifiers – the observant party could infer that the individual presenting the claims is the same person at both services, i.e., the accounts are controlled by the same person.
- When the same subject identifier of a claim refers to the same subject across -presentations or inspector-verifiers. Even when different claims are presented, -if the subject identifier is the same, inspector-verifiers (and those with access to -inspector-verifier logs) could infer that the holder of the claims is the same +presentations or verifiers. Even when different claims are presented, +if the subject identifier is the same, verifiers (and those with access to +verifier logs) could infer that the holder of the claims is the same person.
- When the underlying information in a claim can be used to identify an individual across services – using information from other sources -(including information provided directly by the user), inspector-verifiers can use +(including information provided directly by the user), verifiers can use the information inside the claim to correlate the individual with an existing profile. For example, if a holder presents claims that include -zip code, age, and sex, the inspector-verifier can potentially correlate the +zip code, age, and sex, the verifier can potentially correlate the subject of that claim with an established profile [see Sweeney 2000 Simple Demographics Often Identify People Uniquely].
@@ -2051,7 +2048,7 @@Bundling Dependent Claims
each containing one of the following properties: "Staff Member", "Post Graduate Student", "Department of Computing" and "Department of Economics". The holder could then transfer -the "Staff Member" and "Department of Economics" to an inspector-verifier, +the "Staff Member" and "Department of Economics" to a verifier, which together would comprise a false claim.