index.html

<!DOCTYPE html>
<html>
  <head>
    <title>Verifiable Claims Data Model and Representations</title>
    <meta http-equiv='Content-Type' content='text/html;charset=utf-8'/>
    <!--
      === NOTA BENE ===
      For the three scripts below, if your spec resides on dev.w3 you can check them
      out in the same tree and use relative links so that they'll work offline,
     -->
    <script src='https://www.w3.org/Tools/respec/respec-w3c-common' class='remove'></script>
    <script src="https://opencreds.github.io/vc-common/common.js"></script>
    <script type="text/javascript" class="remove">
      var respecConfig = {
        // specification status (e.g. WD, LCWD, NOTE, etc.). If in doubt use ED.
        specStatus: "CG-DRAFT",

        // the specification's short name, as in http://www.w3.org/TR/short-name/
        shortName: "claims-data-model",

        // if you wish the publication date to be other than today, set this
        // publishDate:  "2009-08-06",

        // if there is a previously published draft, uncomment this and set its YYYY-MM-DD date
        // and its maturity status
        // previousPublishDate:  "1977-03-15",
        // previousMaturity:  "WD",

        // extend the bibliography entries
        localBiblio: opencreds.localBiblio,

        issueBase: "https://github.com/opencreds/vc-data-model/issues/",
        githubAPI: "https://api.github.com/repos/opencreds/vc-data-model",

        // if there a publicly available Editor's Draft, this is the link
        edDraftURI: "https://opencreds.github.io/vc-data-model/",

        // if this is a LCWD, uncomment and set the end of its review period
        // lcEnd: "2009-08-05",

        // editors, add as many as you like
        // only "name" is required
        editors:  [
          { name: "Daniel C. Burnett",
            company: "Standards Play", companyURL: "http://standardsplay.com/"},
          { name: "Shane McCarron", url: "http://blog.halindrome.com.com/",
            company: "Spec-Ops", companyURL: "https://spec-ops.io/", w3cid: "23346" },
          { name: "Manu Sporny", url: "http://digitalbazaar.com/",
            company: "Digital Bazaar", companyURL: "http://digitalbazaar.com/" },
          { name: "Dave Longley", url: "http://digitalbazaar.com/",
            company: "Digital Bazaar", companyURL: "http://digitalbazaar.com/"}
        ],

        // authors, add as many as you like.
        // This is optional, uncomment if you have authors as well as editors.
        // only "name" is required. Same format as editors.
        authors:
        [
          { name: "Manu Sporny", url: "http://digitalbazaar.com/",
            company: "Digital Bazaar", companyURL: "http://digitalbazaar.com/" },
          { name: "Dave Longley", url: "http://digitalbazaar.com/",
            company: "Digital Bazaar", companyURL: "http://digitalbazaar.com/"}
        ],

        // name of the WG
        wg:           "W3C Credentials Community Group",

        // URI of the public WG page
        wgURI:        "http://www.w3.org/community/credentials/",

        // name (with the @w3c.org) of the public mailing to which comments are due
        wgPublicList: "public-credentials",

        // URI of the patent status for this WG, for Rec-track documents
        // !!!! IMPORTANT !!!!
        // This is important for Rec-track documents, do not copy a patent URI from a random
        // document unless you know what you're doing. If in doubt ask your friendly neighbourhood
        // Team Contact.
        wgPatentURI:  "",
        maxTocLevel: 4,
        otherLinks: [{
          key: "Version Control",
          data: [{
            value: "Github Repository",
            href: "https://github.com/opencreds/vc-data-model"
          }, {
            value: "Issue Tracker",
            href: "https://github.com/opencreds/vc-data-model/issues"
          }]
        }],
        inlineCSS: true
      };

      var includeTerms = [ "identity profile", "entity", "entity credential", "subject", "claim" ];
    </script>
  </head>
  <body>
    <section id='abstract'>
      <p>
A self-sovereign architecture for verifiable claims is one where the
holder of a verifiable claim is in complete control of their
identifier, where their verifiable claims are stored, and how they are
used. There is currently no widely used self-sovereign,
privacy-enhancing standard for expressing and transacting verifiable
claims (aka: credentials, attestations) via the Web.
      </p>
      <p>
This specification describes a data model for a digital <a>identity
profile</a> and a collection of digital <a>entity credentials</a> that
assert verifiable <a>claims</a> about that <a>identity profile</a>. It also
describes how to express that data model in JSON, JSON-LD, and WebIDL.
      </p>
    </section>

    <section id='sotd'>
      <p>Drawn initially from
      [[IDENTITY-CREDENTIALS]], this
      document is intended to provide a rough outline of the kind of
      standardization work that a Verifiable Claims Working Group
      might do.
      </p>
    </section>

    <section>
      <h2>Introduction</h2>
      <p>
      We typically use credentials, or claims made by
      others about our identities, to authenticate ourselves and
      ultimately gain access to various services. For example, we use
      email addresses to identify ourselves to online services,
      driver's licenses to prove that we are capable of operating a
      motor vehicle, university degrees to prove we are well-trained
      and knowledgeable, and government-issued passports to travel
      between countries or to access financial services. It is the
      goal of this specification to provide an easy, standard way to
      express such credentials on the Web.
      </p>

      <p>
      There are a number of desirable capabilities for these kinds of
      credentials, referred to in this specification as <a>entity
      credentials</a>, that have been identified as requirements for
      this specification:
      </p>
      <ul>
        <li>
<a>Entity credentials</a> refer to an architecture where:
          <ul>
            <li>
<a>Entity credential</a> holders are positioned in the middle between issuers and inspectors.
            </li>
            <li>
<a>Entity credential</a> holders receive and store credentials from issuers through an
agent that the issuer does not need to trust.
            </li>
            <li>
<a>Entity credential</a> holders provide credentials to credential inspectors through
an agent that inspectors needn't trust; they only need to trust issuers.
            </li>
            <li>
<a>Entity credentials</a> are associated with identities, not particular services; credential
holders can decide how to aggregate credentials and manage their own
identities.
            </li>
            <li>
<a>Entity credential</a> holders can control and own their own identifiers.
            </li>
            <li>
<a>Entity credential</a> holders can control which credentials to use and when.
            </li>
            <li>
<a>Entity credential</a> holders may freely choose and swap out the agents they employ to
help them manage and share their credentials.
            </li>
            <li>
<a>Entity credential</a> holders that share verifiable claims are not required to reveal the
identity of the inspector to their agent or to issuers.
            </li>
          </ul>
        </li>
        <li>
A standard, machine-readable data format for expressing <a>entity credentials</a>
that can be extended with minimal coordination.
        </li>
        <li>
Independent issuance, storage, and cryptographic verification of <a>entity credentials</a>.
        </li>
        <li>
A standard mechanism for requesting <a>entity credentials</a>.
        </li>
        <li>
The ability to revoke previously issued <a>entity credentials</a>.
        </li>
        <li>
Web Browser APIs for storing and consuming <a>entity credentials</a>.
        </li>
      </ul>
      <p>This specification is based upon work presented in
      [[IDENTITY-CREDENTIALS]].  In particular, examples from that
      document have been used to infer a simple but extensible data
      model capable of representing the unbounded variety
      of attributes that could be claimed in <a>entity
      credentials</a>.  This document is intended to provide only one
      example of what could potentially be defined and standardized in
      a Recommendation-track Working Group at W3C.  The two pieces of
      possible standardization work demonstrated in this document
      are:</p>
      <ol>
        <li>A generic data model covering the minimum information
        necessary to create and use <a>entity credentials</a> that
        would meet the needs described in the [[VCTF-USECASES]]
        Document.</li>
        <li>Instructions on how to express specific instances of the
        data model in three different syntactic formulations: JSON,
        JSON-LD, and WebIDL.</li>
      </ol>

      <p>The remainder of this specification is structured as follows:
first, some general definitions of terms are provided.  Second, the
data model is described in text prose to avoid any suggestion of bias
in terms of syntactic representation.  It is also presented as a UML
diagram. Third, instructions are provided for how to express instances
of the data model in terms of JSON, JSON-LD [[!JSON-LD]], and
WebIDL.</p>
    </section>

    <section>
      <h2>Terminology</h2>

      <div data-include="https://opencreds.github.io/vc-common/terms.html"
        data-oninclude="restrictReferences">
      </div>

      <dl class="termlist">
        <dt><dfn>identity profile expression</dfn></dt>
        <dd>
        The realization of an <a>identity profile</a> in a specific
        syntax (e.g., JSON, JSON-LD, or WebIDL) that satisfies the
        rules of the <a>identity profile model</a>.
        </dd>
        <dt><dfn>entity credential expression</dfn></dt>
        <dd>
        The realization of an <a>entity credential</a> in a specific
        syntax (e.g., JSON, JSON-LD, or WebIDL) that satisfies the
        rules of the <a>entity credential model</a>.
        </dd>
      </dl>

    </section>

    <section>
      <h2>Data Model</h2>
      <p>This section describes a data model for <a>identity
      profiles</a> and <a>entity credentials</a>, the latter covering
      both claims and verifiable claims, that is compatible with the
      requirements and use cases expected to be addressed by this
      group.</p>

<svg xmlns="http://www.w3.org/2000/svg" width="600px" height="390px" xmlns:xlink="http://www.w3.org/1999/xlink" viewBox="0 0 600 390" preserveAspectRatio="xMidYMid meet" ><defs id="svgEditorDefs"><path id="svgEditorClosePathDefs" stroke="black" style="stroke-width: 1px;" fill="khaki"/><marker id="arrow20-16-right" markerHeight="16" markerUnits="strokeWidth" markerWidth="20" orient="auto" refX="-3" refY="0" viewBox="-15 -5 20 20"><path d="M -15 -5 L 0 0 L -15 5 z" fill="black"/></marker><marker id="arrow15-12-left" markerHeight="12" markerUnits="strokeWidth" markerWidth="15" orient="auto" refX="3" refY="0" viewBox="0 -5 20 20"><path d="M 15 -5 L 0 0 L 15 5 z" fill="black"/></marker><marker id="arrow20-16-left" markerHeight="16" markerUnits="strokeWidth" markerWidth="20" orient="auto" refX="3" refY="0" viewBox="0 -5 20 20"><path d="M 15 -5 L 0 0 L 15 5 z" fill="black"/></marker></defs><rect id="svgEditorBackground" x="0" y="0" width="990" height="490" style="fill: none; stroke: none;"/><rect x="3" y="5" style="stroke-width: 1px;" stroke="black" id="e1_rectangle" width="230" height="94" fill="khaki"/><text fill="black" style="font-family: Arial; font-size: 20px;" x="60" y="25" id="e2_texte">Identity Profile</text><line id="e3_line" x1="3" y1="32" x2="233" y2="32" stroke="black" style="stroke-width: 1px; fill: none;"/><text fill="black" style="font-family: Arial; font-size: 20px;" x="90" y="167" id="e4_texte"></text><text fill="black" style="font-family: Arial; font-size: 12px;" x="20" y="60" id="e5_texte">type: unordered set of URIs<tspan x="20" dy="1.25em" style="font-size: 12px;">signature: Signature [0..1]</tspan></text><rect x="358" y="4" style="stroke-width: 1px;" stroke="black" id="e6_rectangle" width="230" height="77" fill="khaki"/><line id="e8_line" x1="358" y1="31" x2="588" y2="31" stroke="black" style="stroke-width: 1px; fill: none;"/><text fill="black" style="font-family: Arial; font-size: 20px;" x="462" y="167" id="e14_texte"></text><rect x="3" y="150" style="stroke-width: 1px;" stroke="black" id="e16_rectangle" width="230" height="170" fill="khaki"/><line id="e17_line" x1="3" y1="177" x2="233" y2="177" stroke="black" style="stroke-width: 1px; fill: none;"/><text fill="black" style="font-family: Arial; font-size: 20px;" x="49" y="171" id="e18_texte">Entity Credential</text><text fill="black" style="font-family: Arial; font-size: 12px;" x="27" y="206" id="e19_texte">id: URI<tspan x="27" dy="1.25em" id="e20_tspan">type: unordered set of URIs</tspan><tspan x="27" dy="1.25em" id="e21_tspan">issuer: URI</tspan><tspan x="27" dy="1.25em" id="e22_tspan">issued: date in string form</tspan><tspan x="27" dy="1.25em" id="e23_tspan">claim: Claim</tspan></text><text fill="black" style="font-family: Arial; font-size: 20px;" x="445" y="25" id="e24_texte">Claim</text><text fill="black" style="font-family: Arial; font-size: 12px;" x="375" y="58" id="e25_texte">(at least one custom property)</text><rect x="358" y="147" style="stroke-width: 1px;" stroke="black" id="e26_rectangle" width="230" height="77" fill="khaki"/><line id="e27_line" x1="358" y1="174" x2="588" y2="174" stroke="black" style="stroke-width: 1px; fill: none;"/><text fill="black" style="font-family: Arial; font-size: 20px;" x="405" y="169" id="e30_texte">Verifiable Claim</text><text fill="black" style="font-family: Arial; font-size: 12px;" x="377" y="197" id="e31_texte">signature: Signature</text><rect x="357" y="268" style="stroke-width: 1px;" stroke="black" id="e32_rectangle" width="229" height="119" fill="khaki"/><line id="e33_line" x1="357" y1="295" x2="587" y2="295" stroke="black" style="stroke-width: 1px; fill: none;"/><text fill="black" style="font-family: Arial; font-size: 20px;" x="424" y="289" id="e36_texte">Signature</text><text fill="black" style="font-family: Arial; font-size: 12px;" x="374" y="317" id="e38_texte">(varies, but expected to include<tspan x="374" dy="1.25em">at least a signature, a reference</tspan><tspan x="374" dy="1.25em">to the signing entity, and a</tspan><tspan x="374" dy="1.25em">representation of the signing date)</tspan></text><line id="e42_line" x1="233" y1="58" x2="357" y2="58" stroke="black" style="stroke-width: 1px; fill: none;"/><line id="e43_line" x1="470" y1="148" x2="470" y2="81" stroke="black" style="stroke-width: 1px; fill: none; marker-end: url(&quot;#arrow20-16-right&quot;);"/><text fill="black" style="font-family: Arial; font-size: 12px;" x="238" y="72" id="e44_texte">id</text><text fill="black" style="font-family: Arial; font-size: 12px;" x="341" y="52" id="e45_texte">id</text><text fill="black" style="font-family: Arial; font-size: 12px;" x="238" y="51" id="e46_texte">1</text><text fill="black" style="font-family: Arial; font-size: 12px;" x="332" y="71" id="e47_texte">0..*</text></svg>

      <section>
        <h2>General Characteristics</h2>
        <p>Both the <a>Identity Profile Model</a> and <a>Entity
        Credential Model</a> consist of a collection of name-value
        pairs which will be referred to as
        <dfn data-lt="property">properties</dfn> in this document.
        The following subsections describe the required and optional
        properties for both.  The link between the two is in
        the <var>id</var> property.  The <a>Identity Profile Model</a>
        defines a <a>subject</a> identifier in
        the <a href="#identity-id"><var>id</var></a> property, while
        the claims section of the <a>Entity Credential Model</a> uses
        the <a href="#claim-id"><var>id</var></a> property to refer to
        that <a>subject</a> identifier.</p>
        <p>This document purposely defines the data model without
        using a concrete syntax such as WebIDL, JSON, or JSON-LD to
        avoid implying a bias towards any particular one syntax.
        Section <a href="#expressing-identity-profiles-entity-credentials-and-verifiable-claims"></a>
        defines how the data model is to be expressed in those
        representation languages.</p>
      </section>

      <section>
        <h2><dfn>Identity Profile Model</dfn></h2>
        <p>Unlike the <a>properties</a> in
        the <a href="#ec-claim"><var>claim</var></a> section of
        the <a>Entity Credential Model</a>, the <a>properties</a> in
        the Identity Profile Model are merely information that,
        together with a <a>subject</a>
        identifier <a href="#identity-id"><var>id</var></a>,
        constitute an identity profile.  The properties are not claims
        and are not intended to be verifiable.</p>
        <p>The following properties are required in the Identity
        Profile Model:</p>
        <dl>
          <dt><span id="identity-id"><var>id</var></span></dt>
          <dd>This is a URI representing the <a>subject</a>.  This
          identifier MAY be long-lived but does not have to be.</dd>
          <dt><var>type</var></dt>
          <dd>This is an unordered set of URIs representing the types
          or classes of which this data set is a member.  As an
          <a>identity profile</a>, at a minimum the class "Identity"
          must be a member of the set.  Additional
          application-specific values are permitted in the set.</dd>
        </dl>
        <p>The following properties are optional in the Identity
        Profile Model:</p>
        <dl>
          <dt><var>signature</var></dt>
          <dd>The method used for a signature will vary by
          representation language.  However, if present this property
          is expected to have a value that is a set of name-value
          pairs including at least a signature, a reference to the
          signing entity, and a representation of the signing
          date.</dd>
        </dl>
        <p>Additionally, any property name not listed above is
        permitted as an optional custom <a>property</a>.</p>
      </section>

      <section>
        <h2><dfn>Entity Credential Model</dfn></h2>
        <p>Unlike the <a>properties</a> in the <a>Identity Profile
        Model</a>, the <a>properties</a> in
        the <a href="#ec-claim"><var>claim</var></a> section of the
        Entity Credential Model are claims made by an <a>entity</a>
        about the <a>subject</a> defined in an <a>identity
        profile</a>.  The Entity Credential Model includes both
        issuance-related properties and the
        aforementioned <a href="ec-claim"><var>claim</var></a>
        property that further contains the properties of the claim
        itself.</p>
        <p>The following properties are required in the Entity
        Credential Model:</p>
        <dl>
          <dt><var>id</var></dt>
          <dd>URI representing this specific <a>entity credential</a></dd>
          <dt><var>type</var></dt>
          <dd>This is an unordered set of URIs representing the types
          or classes of which this data set is a member.  As an
          <a>entity credential</a>, at a minimum the class
          "Credential" must be a member of the set.  Additional
          application-specific values are permitted in the
          set.</dd>
          <dt><span id="ec-claim"><var>claim</var></span></dt>
          <dd>This is the actual claim.  Its value is a set of
          <a>properties</a> as follows:
            <p>The following properties are required in
            a <var>claim</var> value:</p>
            <dl>
              <dt><span id="claim-id"><var>id</var></span></dt>
              <dd>The <a>subject</a> of the claim, the property value
              is expected to be a valid
              <a href="#identity-id">Identity Profile <var>id</var></a>.</dd>
              <dt>At least one custom <a>property</a></dt>
              <dd>N/A</dd>
            </dl>
           <p>Additionally, any property name not listed above is
           permitted as an optional custom <a>property</a>.</p>
	  </dd>
        </dl>
        <p>The following <a>properties</a> are optional in the Entity
        Credential Model:</p>
        <dl>
          <dt><var>issuer</var></dt>
          <dd>This is a URI for the issuer of the claim.</dd>
          <dt><var>issued</var></dt>
          <dd>This is the date, in string format, when the claim was
          issued.</dd>
        </dl>
        <p>Additionally, any property name not listed above is
        permitted as an optional custom <a>property</a>.</p>
      </section>

      <section>
        <h2>Verifiable Claims Model</h2>
        <p>The claims in the <a>Entity Credential Model</a> can be
        made verifiable by adding the following <a>property</a> to
        the <a>Entity Credential Model</a>:</p>
        <dl>
          <dt><var>signature</var></dt>
          <dd>The method used for a signature will vary by
          representation language.  However, this property is expected
          to have a value that is a set of name-value pairs including
          at least a signature, a reference to the signing entity, and
          a representation of the signing date.</dd>
        </dl>
      </section>
    </section>

    <section>
      <h2>Expressing Identity Profiles, Entity Credentials, and
      Verifiable Claims</h2>

      <p>This section defines how the data model described in
      Section <a href="data-model"></a> is realized in each of 3
      different languages: JSON, JSON-LD, and WebIDL.  Although
      syntactic mappings are only provided for these three different
      languages, applications and services may also use any other data
      representation language (XML, for example) that can support the
      data model.
      </p>

      <section>
        <h2>Expressing Identity Profiles, Entity Credentials, and
        Verifiable Claims in JSON</h2>
        <section>
          <h2>Expressing an Identity Profile in JSON</h2>
            <p>In JSON, an instance of the <a>Identity Profile
            Model</a> is expressed as a single JSON object whose
            properties are the identity profile's
            <a>properties</a>, with the following value type assignments:</p>
            <ul>
              <li>Any number value MUST be represented as a Number type.</li>
              <li>Any boolean value MUST be represented as a Boolean type.</li>
              <li>Any sequence value MUST be represented as an Array type.</li>
              <li>Any unordered set of values MUST be represented as
              an Array type.</li>
              <li>Any set of <a>properties</a> MUST be represented as
              an Object type.</li>
              <li>Any empty value MUST be represented as a null value.</li>
              <li>Any other value MUST be represented as a String type.</li>
            </ul>
	    <p>The following example demonstrates how to express a
	    simple <a>identity profile</a>.</p>

<pre class="example" title="A simple identity profile">{
  "id": "did:ebfeb1f712ebc6f1c276e12ec21",
  "type": ["Identity", "Person"],
  "name": "Alice Bobman",
  "email": "alice@example.com",
  "birthDate": "1985-12-14",
  "telephone": "12345678910"
}</pre>
        </section>

        <section>
          <h2>Expressing Entity Credentials in JSON</h2>
            <p>In JSON, an instance of the <a>Entity Credential
            Model</a> is expressed as a single JSON object whose
            properties are the entity credential's
            <a>properties</a>, with the following value type assignments:</p>
            <ul>
              <li>Any number value MUST be represented as a Number type.</li>
              <li>Any boolean value MUST be represented as a Boolean type.</li>
              <li>Any sequence value MUST be represented as an Array type.</li>
              <li>Any unordered set of values MUST be represented as
              an Array type.</li>
              <li>Any set of <a>properties</a> MUST be represented as
              an Object type.</li>
              <li>Any empty value MUST be represented as a null value.</li>
              <li>Any other value MUST be represented as a String type.</li>
            </ul>
            <p>The following example demonstrates how to express
            an <a>entity credential</a> containing a simple
            (unverifiable) <a>claim</a> about a particular
            <a>subject</a>. In this case, the claim is that
            the <a>subject</a> with
            the <a href="#identity-id">Identity Profile <var>id</var></a>
            of
            <code>did:ebfeb1f712ebc6f1c276e12ec21</code> is 21 years
            of age or older. While a human reading the
            property <code>ageOver</code> may be able to guess its
            meaning by its name, no machine-readable semantics for the
            name are provided. There is information about the <a>claim</a>
            itself, such as an identifier for the <a>entity</a> that issued
            it and a date for when it was issued. </p>

<pre class="example" title="A simple claim">{
  "id": "http://example.gov/credentials/3732",
  "type": ["Credential", "ProofOfAgeCredential"],
  "issuer": "https://dmv.example.gov",
  "issued": "2010-01-01",
  "claim": {
    "id": "did:ebfeb1f712ebc6f1c276e12ec21",
    "ageOver": 21
  }
}</pre>

            <p>The following example demonstrates how to express the
            same <a>claim</a> about the same <a>subject</a>, but in a
            verifiable form. As such, it contains
            a <code>signature</code> that can be used to verify its
            entire contents, including the claim.</p>

<pre class="example" title="A simple verifiable claim">{
  "@context": "https://w3id.org/security/v1",
  "id": "http://example.gov/credentials/3732",
  "type": ["Credential", "ProofOfAgeCredential"],
  "issuer": "https://dmv.example.gov",
  "issued": "2010-01-01",
  "claim": {
    "id": "did:ebfeb1f712ebc6f1c276e12ec21",
    "ageOver": 21
  },
  "signature": {
    "type": "LinkedDataSignature2015",
    "created": "2016-06-18T21:19:10Z",
    "creator": "https://example.com/jdoe/keys/1",
    "domain": "json-ld.org",
    "nonce": "598c63d6",
    "signatureValue": "BavEll0/I1zpYw8XNi1bgVg/sCneO4Jugez8RwDg/+
    MCRVpjOboDoe4SxxKjkCOvKiCHGDvc4krqi6Z1n0UfqzxGfmatCuFibcC1wps
    PRdW+gGsutPTLzvueMWmFhwYmfIFpbBu95t501+rSLHIEuujM/+PXr9Cky6Ed
    +W3JT24="
  }
}</pre>

            <p>The following example demonstrates how one could
            express the same <a>claim</a> about the
            same <a>subject</a> using a JSON Web Token.</p>

<pre class="example" title="A JOSE JWT verifiable claim">
eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJodHRwczovL2Rtdi
5leGFtcGxlLmdvdiIsImlhdCI6MTI2MjMwNDAwMCwiZXhwIjoxNDgzMjI4ODAwL
CJhdWQiOiJ3d3cuZXhhbXBsZS5jb20iLCJzdWIiOiJkaWQ6ZWJmZWIxZjcxMmVi
YzZmMWMyNzZlMTJlYzIxIiwiZW50aXR5Q3JlZGVudGlhbCI6eyJAY29udGV4dCI
6Imh0dHBzOi8vdzNpZC5vcmcvc2VjdXJpdHkvdjEiLCJpZCI6Imh0dHA6Ly9leG
FtcGxlLmdvdi9jcmVkZW50aWFscy8zNzMyIiwidHlwZSI6WyJDcmVkZW50aWFsI
iwiUHJvb2ZPZkFnZUNyZWRlbnRpYWwiXSwiaXNzdWVyIjoiaHR0cHM6Ly9kbXYu
ZXhhbXBsZS5nb3YiLCJpc3N1ZWQiOiIyMDEwLTAxLTAxIiwiY2xhaW0iOnsiaWQ
iOiJkaWQ6ZWJmZWIxZjcxMmViYzZmMWMyNzZlMTJlYzIxIiwiYWdlT3ZlciI6Mj
F9fX0.LwqH58NasGPeqtTxT632YznKDuxEeC59gMAe9uueb4pX_lDQd2_UyUcc6
NW1E3qxvYlps4hH_YzzTuXB_R1A9UHXq4zyiz2sMtZWyJkUL1FERclT2CypX5e1
fO4zVES_8uaNoinim6VtS76x_2VmOMQ_GcqXG3iaLGVJHCNlCu4
</pre>

<p>
The JWT above was produced using the inputs below:
</p>

<p class="issue">
A number of the concerns have been raised around security,
composability, reusability, and extensibility with respect
to the use of JWTs for Verifiable Claims. These concerns
will be documented in time in at least the Verfiable Claims Model
and Security Considerations section of this document.
</p>

<pre>
// JWT Header
{
  "alg": "RS256",
  "typ": "JWT"
}
// JWT Payload
{
  "iss": "https://dmv.example.gov",
  "iat": 1262304000,
  "exp": 1483228800,
  "aud": "www.example.com",
  "sub": "did:ebfeb1f712ebc6f1c276e12ec21",
  "entityCredential": {
    "@context": "https://w3id.org/security/v1",
    "id": "http://example.gov/credentials/3732",
    "type": ["Credential", "ProofOfAgeCredential"],
    "issuer": "https://dmv.example.gov",
    "issued": "2010-01-01",
    "claim": {
      "id": "did:ebfeb1f712ebc6f1c276e12ec21",
      "ageOver": 21
    }
  }
}
</pre>

        <p>
The following example demonstrates how to express a more complex set
of verfiable claims about a particular <a>subject</a>.
        </p>

<pre class="example" title="A more complex verifiable claim">{
  "@context": [
    "https://w3id.org/identity/v1",
    "https://w3id.org/security/v1"
  ],
  "id": "http://example.gov/credentials/3732",
  "type": ["Credential", "PassportCredential"],
  "name": "Passport",
  "issuer": "https://example.gov",
  "issued": "2010-01-01",
  "claim": {
    "id": "did:ebfeb1f712ebc6f1c276e12ec21",
    "name": "Alice Bobman",
    "birthDate": "1985-12-14",
    "gender": "female",
    "nationality": {
      "name": "United States"
    },
    "address": {
      "type": "PostalAddress",
      "addressStreet": "372 Sumter Lane",
      "addressLocality": "Blackrock",
      "addressRegion": "Nevada",
      "postalCode": "23784",
      "addressCountry": "US"
    },
    "passport": {
      "type": "Passport",
      "name": "United States Passport",
      "documentId": "123-45-6789",
      "issuer": "https://example.gov",
      "issued": "2010-01-07T01:02:03Z",
      "expires": "2020-01-07T01:02:03Z"
    }
  },
  "signature": {
    "type": "LinkedDataSignature2015",
    "created": "2016-06-21T03:40:19Z",
    "creator": "https://example.com/jdoe/keys/1",
    "domain": "json-ld.org",
    "nonce": "783b4dfa",
    "signatureValue": "Rxj7Kb/tDbGHFAs6ddHjVLsHDiNyYzxs2MPmNG8G47oS06N8i0Dis5mUePIzII4+p/ewcOTjvH7aJxnKEePCO9IrlqaHnO1TfmTut2rvXxE5JNzur0qoNq2yXl+TqUWmDXoHZF+jQ7gCsmYqTWhhsG5ufo9oyqDMzPoCb9ibsNk="
  }
}</pre>
        </section>
      </section>

      <section>
        <h2>Expressing Identity Profiles, Entity Credentials, and
        Verifiable Claims in JSON-LD</h2>
        <p>JSON-LD [[!JSON-LD]] is a data storage and expression
        approach called
        <a href="http://www.w3.org/TR/ld-glossary/#linked-data">Linked
        Data</a>. It is a way of expressing information on the Web
        that is both simple and extensible.</p>

        <section>
          <h2>Expressing an Identity Profile in JSON-LD</h2>
            <p>Instances of the <a>Identity Profile Model</a> are
            expressed in JSON-LD in the same way they are expressed in
            JSON
            (Section <a href="#expressing-an-identity-profile-in-json"></a>),
            except that there is an additional
            property <code>@context</code>.  Each property of the
            identity profile, such as <code>name</code>
            or <code>email</code>, is given context via
            the <code>@context</code> value. Other contexts can be
            used or combined to express any arbitrary information
            about an <a>identity profile</a> in idiomatic JSON.  </p>
	    <p>The following example demonstrates how to express a
	    simple <a>identity profile</a>.</p>

<pre class="example" title="A simple identity profile">{
  "@context": "https://w3id.org/identity/v1",
  "id": "did:ebfeb1f712ebc6f1c276e12ec21",
  "type": ["Identity", "Person"],
  "name": "Alice Bobman",
  "email": "alice@example.com",
  "birthDate": "1985-12-14",
  "telephone": "12345678910"
}</pre>
        </section>

        <section>
          <h2>Expressing Identity Credentials in JSON-LD</h2>
            <p>Instances of the <a>Entity Credential Model</a> are
            expressed in JSON-LD in the same way they are expressed in
            JSON
            (Section <a href="#expressing-entity-credentials-in-json"></a>),
            except that there is an additional
            <a>property</a> <code>@context</code>.  Each property of
            the <a>entity credential expression</a>, along with each
            sub-property within the <code>claim</code> property (such
            as the generic <code>issuer</code> property or the
            app-specific <code>ageOver</code>), is given context via
            the <code>@context</code> value. Other contexts can be
            used or combined to express any arbitrary information
            about claims in idiomatic JSON.</p>

            <p>The following example demonstrates how to express a
            simple (unverifiable) <a>claim</a> about a particular
            <a>subject</a>. In this case, the claim is that
            the <a>subject</a> with
            the <a href="#identity-id">Identity
            Profile <var>id</var></a>
            of <code>did:ebfeb1f712ebc6f1c276e12ec21</code> is 21
            years of age or older. While a human reading the
            property <code>ageOver</code> may be able to guess its
            meaning by its name, the context maps it to a global
            identifier (URL) where a document could be retrieved that
            provides its semantics in a machine-readable data
            format. There is also information about the <a>claim</a>
            itself, such as an identifier for the <a>entity</a> that
            issued it and a date for when it was issued.</p>

<pre class="example" title="A simple claim">{
  "@context": "https://w3id.org/identity/v1",
  "id": "http://example.gov/credentials/3732",
  "type": ["Credential", "ProofOfAgeCredential"],
  "issuer": "https://dmv.example.gov",
  "issued": "2010-01-01",
  "claim": {
    "id": "did:ebfeb1f712ebc6f1c276e12ec21",
    "ageOver": 21
  }
}</pre>

            <p>The following example demonstrates how to express the
            same <a>claim</a> about the same <a>subject</a>, but in a
            verifiable form. As such, it contains
            a <code>signature</code> that can be used to verify its
            entire contents, including the claim.</p>

<pre class="example" title="A simple verifiable claim">{
  "@context": [
    "https://w3id.org/identity/v1",
    "https://w3id.org/security/v1"
  ],
  "id": "http://example.gov/credentials/3732",
  "type": ["Credential", "ProofOfAgeCredential"],
  "issuer": "https://dmv.example.gov",
  "issued": "2010-01-01",
  "claim": {
    "id": "did:ebfeb1f712ebc6f1c276e12ec21",
    "ageOver": 21
  },
  "signature": {
    "type": "LinkedDataSignature2015",
    "created": "2016-06-18T21:10:38Z",
    "creator": "https://example.com/jdoe/keys/1",
    "domain": "json-ld.org",
    "nonce": "6165d7e8",
    "signatureValue": "g4j9UrpHM4/uu32NlTw0HDaSaYF2sykskfuByD7UbuqEcJIKa+IoLJLrLjqDnMz0adwpBCHWaqqpnd47r0NKZbnJarGYrBFcRTwPQSeqGwac8E2SqjylTBbSGwKZkprEXTywyV7gILlC8a+naA7lBRi4y29FtcUJBTFQq4R5XzI="
  }
}</pre>

        <p>
The following example demonstrates how to express a more complex set
of verifiable claims about a particular <a>subject</a>.
        </p>

<pre class="example" title="A more complex verifiable claim">{
  "@context": [
    "https://w3id.org/identity/v1",
    "https://w3id.org/security/v1"
  ],
  "id": "http://example.gov/credentials/3732",
  "type": ["Credential", "PassportCredential"],
  "name": "Passport",
  "issuer": "https://example.gov",
  "issued": "2010-01-01",
  "claim": {
    "id": "did:ebfeb1f712ebc6f1c276e12ec21",
    "name": "Alice Bobman",
    "birthDate": "1985-12-14",
    "gender": "female",
    "nationality": {
      "name": "United States"
    },
    "address": {
      "type": "PostalAddress",
      "addressStreet": "372 Sumter Lane",
      "addressLocality": "Blackrock",
      "addressRegion": "Nevada",
      "postalCode": "23784",
      "addressCountry": "US"
    },
    "passport": {
      "type": "Passport",
      "name": "United States Passport",
      "documentId": "123-45-6789",
      "issuer": "https://example.gov",
      "issued": "2010-01-07T01:02:03Z",
      "expires": "2020-01-07T01:02:03Z"
    }
  },
  "signature": {
    "type": "LinkedDataSignature2015",
    "created": "2016-06-21T03:43:29Z",
    "creator": "https://example.com/jdoe/keys/1",
    "domain": "json-ld.org",
    "nonce": "c168dfab",
    "signatureValue": "jz4bEW2FBMDkANyEjiPnrIctucHQCIwxrtzBXt+rVGmYMEflHrOwf7FYLH60E3Oz54VwSSQCi9J4tXQIhv4SofT5opbcIUj7ji6QrC6c+a3YLjg8l/+/uFjhzsLelAO4gh2k0FJxM04ljH0GZGuXTzhRnqTzJTnYSVo72PC92NA="
  }
}</pre>
        </section>
      </section>

      <section>
        <h2>Expressing Identity Profiles, Entity Credentials, and
        Verifiable Claims in WebIDL</h2>

        <section>
          <h2>Expressing an Identity Profile in WebIDL</h2>
            <p>In WebIDL, an instance of the <a>Identity Profile
            Model</a> is expressed as an Interface whose attributes
            are the identity profile's <a>properties</a>, with the
            following value type assignments:</p>
            <ul>
              <li>Any number value MUST be represented as an
              appropriate valid numeric type, e.g. double or unsigned
              long.</li>
              <li>Any boolean value MUST be represented as a boolean type.</li>
              <li>Any sequence value MUST be represented as a sequence
              type.</li>
              <li>Any unordered set of values MUST be represented as
              a Frozen Array type.</li>
              <li>Any set of name-value pairs MUST be represented as
              either an Interface or Dictionary type.</li>
              <li>Any property whose value may be null MUST be marked
              as nullable.</li>
              <li>Any other value MUST be represented as either an
              Enumeration type or a DOMString type, depending on
              whether the values are expected to be selected from a
              restricted, pre-determined set or are expected to be
              either unrestricted or extended in the future.</li>
            </ul>
	    <p>The following example demonstrates how to express a
	    simple <a>identity profile</a>.</p>

<pre class="idl">
[Constructor]
interface IdentityProfile {
    attribute DOMString id;
    attribute FrozenArray&lt;DOMString> types;
    attribute DOMString name;
    attribute DOMString email;
    attribute DOMString birthDate;
    attribute DOMString telephone;
};
</pre>

            <p>This <a>identity profile expression</a> could then be
            used as follows in JavaScript:</p>

<pre class="highlight example" title="Using a simple identity profile">
  var identity = new IdentityProfile();
  profile.id = "did:ebfeb1f712ebc6f1c276e12ec21";
  profile.type = ["Identity", "Person"];
  profile.name = "Alice Bobman";
  profile.email = "alice@example.com";
  profile.birthDate = "1985-12-14";
  profile.telephone = "12345678910";
</pre>
        </section>

        <section>
          <h2>Expressing Entity Credentials in WebIDL</h2>
            <p>In WebIDL, an intance of the <a>Entity Credential
            Model</a> is expressed as an Interface whose attributes
            are the claim's <a>properties</a>, with the following
            value type assignments:</p>
            <ul>
              <li>Any number value MUST be represented as an
              appropriate valid numeric type, e.g. double or unsigned
              long.</li>
              <li>Any boolean value MUST be represented as a boolean type.</li>
              <li>Any sequence value MUST be represented as a sequence
              type.</li>
              <li>Any unordered set of values MUST be represented as
              a Frozen Array type.</li>
              <li>Any set of name-value pairs MUST be represented as
              either an Interface or Dictionary type.</li>
              <li>Any property whose value may be null MUST be marked
              as nullable.</li>
              <li>Any other value MUST be represented as either an
              Enumeration type or a DOMString type, depending on
              whether the values are expected to be selected from a
              restricted, pre-determined set or are expected to be
              either unrestricted or extended in the future.</li>
            </ul>
            <p>The following example demonstrates how to express
            an <a>entity credential</a> containing a simple
            (unverifiable) <a>claim</a> about a particular
            <a>subject</a>. In this case, the claim is that
            the <a>subject</a> with
            the <a href="#identity-id">Identity
            Profile <var>id</var></a> of
            <code>did:ebfeb1f712ebc6f1c276e12ec21</code> is 21 years
            of age or older. While a human reading the
            property <code>ageOver</code> may be able to guess its
            meaning by its name, no machine-readable semantics for the
            name are provided. There is information about the <a>claim</a>
            itself, such as an identifier for the <a>entity</a> that issued
            it and a date for when it was issued. </p>

<pre class="idl">
  interface CredentialBase {
    attribute DOMString id;
    attribute FrozenArray&lt;DOMString> type;
    attribute DOMString issuer;
    attribute DOMString issued;
  };

  [Constructor]
  interface Credential : CredentialBase {
    attribute Claim1 claim;
  };

  [Constructor]
  interface Claim1 {
    attribute DOMString id;
    attribute unsigned short ageOver;
  };
</pre>

            <p>This <a>entity credential expression</a> could then be
            used as follows in JavaScript:</p>

<pre class="example" title="Using a simple claim">
  var claim = new Claim1();
  claim.id = "http://example.gov/credentials/3732";
  claim.ageOver = 21;

  var credential = new Credential();
  credential.type = ["Credential", "ProofOfAgeCredential"];
  credential.issuer = "https://dmv.example.gov";
  credential.issued = "2010-01-01";
  credential.claim = claim;
</pre>

            <p>The following example demonstrates how to express the
            same <a>claim</a> about the same <a>subject</a>, but in a
            verifiable form. As such, it contains
            a <code>signature</code> that can be used to verify its
            entire contents, including the claim.</p>

<pre class="idl">
  interface VerifiableCredentialBase : CredentialBase {
    attribute Signature signature;
  };

  [Constructor]
  interface Signature {
    attribute DOMString type;
    attribute DOMString created;
    attribute DOMString creator;
    attribute DOMString domain;
    attribute DOMString nonce;
    attribute DOMString signatureValue;
  };

  [Constructor]
  interface VerifiableCredential1 : VerifiableCredentialBase {
    attribute Claim1 claim;
  };
</pre>
            <p>This verifiable <a>entity credential expression</a>
            could then be used as follows in JavaScript:</p>

<pre class="example" title="Using a simple verifiable claim">
  var claim = new Claim1();
  claim.id = "http://example.gov/credentials/3732";
  claim.ageOver = 21;

  var signature = new Signature();
  signature.type = "LinkedDataSignature2015";
  signature.created = "2016-06-18T21:10:38Z";
  signature.creator = "https://example.com/jdoe/keys/1";
  signature.domain = "json-ld.org";
  signature.signatureValue = "g4j9UrpHM4/uu32NlTw0HDaSaYF2sykskfuByD7UbuqEcJIKa+IoLJLrLjqDnMz0adwpBCHWaqqpnd47r0NKZbnJarGYrBFcRTwPQSeqGwac8E2SqjylTBbSGwKZkprEXTywyV7gILlC8a+naA7lBRi4y29FtcUJBTFQq4R5XzI=";

  var credential = new VerifiableCredential1();
  credential.type = ["Credential", "ProofOfAgeCredential"];
  credential.issuer = "https://dmv.example.gov";
  credential.issued = "2010-01-01";
  credential.claim = claim;
  credential.signature = signature;
</pre>

        <p>
The following example demonstrates how to express a more complex set
of verfiable claims about a particular <a>subject</a>.
        </p>

<pre class="idl">
  [Constructor]
  interface VC2 : VerifiableCredentialBase {
    attribute DOMString name;
    attribute Claim2 claim;
  };

  [Constructor]
  interface Claim2 {
    attribute DOMString id;
    attribute DOMString name;
    attribute DOMString birthDate;
    attribute Gender gender;
    attribute Nationality nationality;
    attribute Address address;
    attribute Passport passport;
  };

  enum Gender {"male", "female"};

  [Constructor]
  interface Nationality {
    attribute DOMString name;
  };

  [Constructor]
  interface Address {
    attribute DOMString type;
    attribute DOMString addressStreet;
    attribute DOMString addressLocality;
    attribute DOMString addressRegion;
    attribute DOMString postalCode;
    attribute DOMString addressCountry;
  };

  [Constructor]
  interface Passport {
    attribute DOMString type;
    attribute DOMString name;
    attribute DOMString documentId;
    attribute DOMString issuer;
    attribute DOMString issued;
    attribute DOMString expires;
  };
</pre>
            <p>This verifiable <a>entity credential expression</a>
            could then be used as follows in JavaScript:</p>

<pre class="example" title="Using a more complex verifiable claim">{
  var nationality = new Nationality();
  nationality.name = "United States";

  var address = new Address();
  address.type = "PostalAddress";
  address.addressStreet = "372 Sumter Lane";
  address.addressLocality = "Blackrock";
  address.addressRegion = "Nevada";
  address.postalCode = "23784";
  address.addressCountry = "US";

  var passport = new Passport();
  passport.type = "Passport";
  passport.name = "United States Passport";
  passport.documentId = "123-45-6789";
  passport.issuer = "https://example.gov";
  passport.issued = "2010-01-07T01:02:03Z";
  passport.expires = "2020-01-07T01:02:03Z";

  var claim = new Claim2();
  claim.id = "did:ebfeb1f712ebc6f1c276e12ec21";
  claim.name = "Alice Bobman";
  claim.birthDate = "1985-12-14";
  claim.gender = "female";
  claim.nationality = nationality;
  claim.address = address;
  claim.passport = passport;

  var signature = new Signature();
  signature.type = "LinkedDataSignature2015";
  signature.created = "2016-06-21T03:43:29Z";
  signature.creator = "https://example.com/jdoe/keys/1";
  signature.domain = "json-ld.org";
  signature.nonce = "c168dfab";
  signature.signatureValue = "jz4bEW2FBMDkANyEjiPnrIctucHQCIwxrtzBXt+rVGmYMEflHrOwf7FYLH60E3Oz54VwSSQCi9J4tXQIhv4SofT5opbcIUj7ji6QrC6c+a3YLjg8l/+/uFjhzsLelAO4gh2k0FJxM04ljH0GZGuXTzhRnqTzJTnYSVo72PC92NA=";

  var vc = new VC2();
  vc.id = "http://example.gov/credentials/3732";
  vc.type = ["Credential", "PassportCredential"];
  vc.name = "Passport";
  vc.issuer = "https://example.gov";
  vc.issued = "2010-01-01";
  vc.claim = claim;
  vc.signature = signature;
}</pre>
        </section>
      </section>
    </section>

    <section>
      <h2>Privacy Considerations</h2>

      <p>
This section details the general privacy considerations and specific privacy
implications of deploying the verifiable claims data model into production
environments.
      </p>

      <section>
        <h3>Spectrum of Privacy</h3>
        <p>
It is important to recognize that there is a spectrum of privacy that ranges
from pseudo-anonymous to strongly identified. Depending on the use case,
people have different appetites when it comes to what information they
are willing to provide and what information may be derived from what
is provided.
        </p>

        <figure>
          <img style="margin: auto; display: block;" width="80%"
            src="privacy-spectrum.svg">
          <figcaption style="text-align: center;">
- Privacy is a spectrum that ranges from pseudo-anonymous to fully identified.
          </figcaption>
        </figure>

        <p>
For example, one would most likely desire to remain anonymous when purchasing
alcohol because the regulatory check that’s required is solely whether or
not the person is above a particular age. However, when a doctor is writing a
prescription for a patient, the pharmacy fulfilling the prescription is
required to more strongly identify the medical professional. Therefore it
is important to recognize that there is not one approach to privacy that
works for all use cases; privacy solutions tend to be use case specific.
        </p>

        <p class="issue">
Note that even if one may desire to remain anonymous when purchasing
alcohol, a photo ID may still be required to provide appropriate
assurance to the merchant. The merchant may not need to know your
name or other details (other than that you are over a certain age),
but in many cases a mere proof of age may still be insufficient to
meet regulations.
        </p>

        <p>
The Verifiable Claims data model strives to support the full spectrum of
privacy and does not take philosophical positions on the right level of
anonymity for any particular transaction. The following sections provide
guidance for implementers that want to avoid specific scenarios that are
hostile to privacy.
        </p>
      </section>

      <section>
        <h3>Personally Identifiable Information</h3>

        <p>
The data associated with verifiable claims stored in the
<code>credential.claim</code> field are largely susceptible to privacy
violations when shared with Inspectors. Personally identifying data
such as a government-issued identifier, shipping address, and full name
can be easily used to determine, track, and correlate an entity. Even
information that does not seem personally identifiable like the
combination of a birth date and zip code have very powerful correlation
and de-anonymizing capabilities.
        </p>

        <p>
Implementers are strongly advised to
warn Holders when they share data with these sorts of characteristics.
Issuers are strongly advised to provide privacy-protecting credentials
when possible. For example, issuing ageOver credentials instead of
birthdate credentials when the Inspector desires to determine if an
entity is over the age of 18.
        </p>
      </section>

      <section>
        <h3>Identifier-based Correlation</h3>

        <p>
Subjects of verifiable claims are identified via the
<code>credential.claim.id</code> field. The identifiers that are used
to identify the subject of a claim create a danger of correlation when
the identifiers are long-lived or used across more than one web domain.
        </p>
        <p>
If strong anti-correlation properties are a requirement in a system using
verifiable claims, it is strongly advised that identifiers are bound to a
single origin or that identifiers are single-use or not used at all and
are replaced by short-lived, single use bearer tokens.
        </p>
      </section>

      <section>
        <h3>Signature-based Correlation</h3>

        <p>
The contents of verifiable claims are secured via the
<code>credential.signature</code> field. The
<code>credential.signature.signatureValue</code> field creates a danger
of correlation when it is used across more than one web domain and the
value does not change.
        </p>

        <p>
If strong anti-correlation properties are desired,
it is strongly advised that signature values and metadata are regenerated
each time using technologies like group signatures.
        </p>
      </section>

      <section>
        <h3>Device Fingerprinting</h3>

        <p>
There are mechanisms external to Verifiable Claims that are used to track and
correlate individuals on the Internet and the Web. Some of these mechanisms
include Internet Protocol address tracking, Web Browser fingerprinting,
Evercookies, Advertising Network trackers, mobile network position information,
and in-application Global Positioning System APIs. The use of Verifiable
Claims cannot prevent the use of these other tracking technologies. In addition,
when these technologies are used in concert with Verifiable Claims, new
correlatable information may be discovered. For example, a birthday coupled
with a GPS position can be used to strongly correlate an individual across
multiple websites.
        </p>

        <p>
It is advised that privacy preserving systems prevent the use of these other
tracking technologies when verifiable claims are being utilized. In some cases,
these tracking technologies may need to be disabled entirely on devices that
transmit verifiable claims on behalf of the Holder.
        </p>
      </section>

      <section>
        <h3>Favor Abstract Claims</h3>

        <p class="issue">
Favor “proof of” vs. “actual data”. Example: overAge: 21 vs. birthdate.
        </p>
      </section>

      <section>
        <h3>Atomize Information for Principle of Least Authority</h3>

        <p class="issue">
When issuing information, issue it in the smallest pieces possible.
When requesting information, only ask for the data points that you need.
Issue abstract claims alongside actual data when possible.
        </p>
      </section>

      <section>
        <h3>Bearer Claims</h3>

        <p class="issue">
Bearer claims containing PII or unique identifiers can be correlated.
Bearer claims can be tracked based on usage patterns.
        </p>
      </section>

      <section>
        <h3>Validity Checks</h3>

        <p class="issue">
Inspector (corporation) is required to check revocation via Issuer
(government).
        </p>
      </section>

      <section>
        <h3>Storage Location of Claims</h3>

        <p class="issue">
Storage location of claims may mine data or forward data.
        </p>
      </section>

      <section>
        <h3>Aggregation of Claims</h3>

        <p class="issue">
Aggregation of claims can reveal more information than just the attributes
being aggregated.
        </p>
      </section>

      <section>
        <h3>Usage Patterns</h3>

        <p class="issue">
When verifiable claims are used can be used for correlation purposes.
        </p>
      </section>

      <section>
        <h3>Sharing Information with the Wrong Party</h3>

        <p class="issue">
Tokenize identifiers (like bank account numbers) when possible.
Granting of rights to a service via cryptographic mechanisms.
        </p>
      </section>

      <section>
        <h3>Frequency of Claim Issuance</h3>

        <p class="issue">
The rate at which an issuer issues claims may be a privacy violation.
        </p>
      </section>

      <section>
        <h3>Prefer Single Use Claims</h3>

        <p class="issue">
Single-use, origin bound claims are generally safer than long-lived
claims.
        </p>
      </section>


    </section>

    <section>
      <h2>Security Considerations</h2>

      <p>

      </p>

      <section>
        <h3>Unsigned Claims</h3>

        <p class="issue">
Claims that are not digitally signed are not verifiable.
        </p>
      </section>

      <section>
        <h3>Bundling Dependent Claims</h3>

        <p class="issue">
Dependent claims should be bundled together so they're not used for
the wrong purposes.
        </p>
      </section>

      <section>
        <h3>Highly Dynamic Information</h3>

        <p class="issue">
Time periods should be shorter for highly dynamic information.
        </p>
      </section>
    </section>

  </body>
</html>