Potential Privacy implications of verifier knowing display information

[Sakurann]

Per John Bradley comment during IETF 120

[danielfett]

Per the meeting minutes:

John B: Metadata is interesting - nothing in metadata is disclosed to
verifier?
Brian: intended for holder, but could be used by verifier - not secret
and is retrievable
John B: Might leak what claims are availabile - might be some reasons
not to disclose to the verifier
John B: Should disucss policies for wallets, etc? e.g. Some gov may only
want to permit disclosure or presentation to approved parties - if we
want interop we should consider issuer to wallet policies - could
metadata help with this?
Question - is metadata a way of annotating policy type info?
Brian: metadata could be, but debate around this and it is yet to be
determined
John B: we should figure this out
Brian: agree
John B: we should have an answer around privacy and consider it
especially in regards to metadata

[awoie]

This needs to be reviewed again after it became clear what the scope of the first version will be.

[alenhorvat]

IMO

• metadata should be shared with the verifier as some elements, as schema/contexts/... are required for verification purposes
• display information will typically reveal the credential type and with it structure/schemas/...
  So it's more of a question: what and how should/can be disclosed when SD is used. It mainly comes from the business requirements.

In use cases, when structure should not be revealed when selectively disclosing claims, both data model and display information must be designed accordingly. Cases when structure should be revealed/hidden should be treated independently.

Disclosure/presentation policy info should be in the credential (example: work credential might contain disclosure policies depending on the position -- same VC metadata is used for all work credentials, but different positions may have -> different disclosure policies).