> Am 28.07.2022 um 08:57 schrieb Neil Madden <[email protected]>: > > { > “iss”: “gov.uk <http://gov.uk/>”, > “over_18”: true > } > > If this is signed using a deterministic signature algorithm (eg EdDSA) then > the token will be identical for everyone that is over 18 and so naturally > unlinkable.
Such a credential needs to be bound to the legit holder, which is typically achieved by adding a public key (reference) to it (which is missing in your example). The holder must then create a presentation signed with the corresponding private key to proof possession and with that legitimate holdership. That key results in likability.
_______________________________________________ jose mailing list [email protected] https://www.ietf.org/mailman/listinfo/jose
