Privacy issues

Tracking

  • IdMs usually know to which services they provide credentials.

  • They know which services each identity profile uses.

IdMs should not know the target services that will receive the credentials issued

  • Only the credentials’ owners should know that.

  • This is what usually happens with physical credentials.

  • But… for auditing purposes: they should.

Requirements

  • The credential owner must prove the credential’s ownership.

  • The credential owner controls the presentation of its credentials.

Last updated