Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add Security Considerations section on deletion. #360

Merged
merged 2 commits into from
Jan 23, 2024
Merged

Add Security Considerations section on deletion. #360

Changes from 1 commit
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
b1c52f4
Add Security Considerations section on deletion.
msporny Jan 7, 2024
2236468
Fix grammar in Security Considerations section on Deletion.
msporny Jan 23, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
45 changes: 45 additions & 0 deletions index.html
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -1017,6 +1017,51 @@ <h2>Privacy Considerations</h2>
<h2>Security Considerations</h2>
<p>
</p>

<section>
<h3>Deletion</h3>

<p>
The APIs provided by this specification enable the deletion of
<a>verifiable credentials</a> and <a>verifiable presentations</a> from
<a href="#storage-services">storage services</a>. The result of these deletions
and the side-effects caused by them are out of scope for this specification.
msporny marked this conversation as resolved.
Show resolved Hide resolved
However, implementers are advised to understand the various ways deletion can be
implemented. There are at least two types of deletion that are contemplated by
this specification.
</p>

<p>
<dfn>Partial deletion</dfn> marks a record for deletion but continues to store
some or all of the original information. This mode of operation can be useful if
there are requirements to be able to audit all credentials or presentations over
a particular time period or if recovering the original credential might be a
useful feature to provide an entity.
msporny marked this conversation as resolved.
Show resolved Hide resolved
</p>
<p>
<dfn>Complete deletion</dfn> purges all information related to a given
<a>verifiable credential</a> or <a>verifiable presentation</a> in a way that
is unrecoverable. This mode of operation can be useful when removing information
that is outdated and beyond the needs of an audit or when responding to any
msporny marked this conversation as resolved.
Show resolved Hide resolved
sort of "<a href="https://en.wikipedia.org/wiki/Right_to_be_forgotten">right
to be forgotten</a>" request.
</p>
<p>
When deleting a <a>verifiable credential</a>, what to do with the status
information needs to be considered. Some use cases might call for a deletion
of a particular <a>verifiable credential</a> to also set the revocation
and suspension bits of the <a>verifiable credential</a> such that any sort of
status check for the deleted credential fails and usage of the credential is
halted.
msporny marked this conversation as resolved.
Show resolved Hide resolved
</p>
<p>
Given the scenarios above, it is advisable that implementers allow the
moderation of what happens after a delete to be programmable such that
system flexibility is achieved to address any <a>verifiable credential</a> use
case.
msporny marked this conversation as resolved.
Show resolved Hide resolved
</p>
</section>

</section>

<section class="appendix">
Expand Down