forked from openssi/peer-did-method-spec
-
Notifications
You must be signed in to change notification settings - Fork 0
/
privacy.html
26 lines (23 loc) · 1.4 KB
/
privacy.html
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
<h2>Privacy Considerations</h2>
<p>Peer DIDs should remain <a>pairwise</a> or <a>n-wise</a>, not be reused across relationships. This
allows proper isolation to defeat correlation. It also enables granular exercise of sovereignty in a
robust, <a target="_blank" href="https://medium.com/evernym/three-dimensions-of-identity-bc06ae4aec1c">
multidimensional identity</a>.</p>
<figure id="diff-pairwise-dids-in-each-rel">
<img src="pairwise.png" alt="many pairwise DIDs"/>
<figcaption>Alice maintains different pairwise DIDs for each relationship, and discloses different
aspects and quantities about herself in each one.</figcaption>
</figure>
<section>
<h3>Fingerprinting</h3>
<p>The names of roles and the arrangement of rules in a peer DID doc could conceivably be used to create
a sort of fingerprint of a sovereign domain, in much the same way that browser fingerprinting keys off
individual uniqueness in combinations of browser+plugin+hardware configuration. To combat this problem, the
following best practices are recommended:</p>
<ul>
<li>Choose rules from a standard inventory.</li>
<li>Choose role names from a standard inventory.</li>
<li>Only define keys that are relevant to a particular relationship.</li>
<li>Never reuse <code>id</code>s for keys, rules, or service endpoints across DID docs.</li>
</ul>
</section>