Privacy issues
Tracking
IdMs usually know to which services they provide credentials.
They know which services each identity profile uses.
IdMs should not know the target services that will receive the credentials issued
Only the credentials’ owners should know that.
This is what usually happens with physical credentials.
But… for auditing purposes: they should.
Requirements
The credential owner must prove the credential’s ownership.
The credential owner controls the presentation of its credentials.
Last updated