Trust negotiation II: C -> S. Client-side decisions
-
Match server's access control and privacy policies against
user's privacy preferences.
-
Is there a set of credentials or declarations for which all
of these are fulfilled?
-
An example:
- Server AC Policy: Must know you're at least 18 years old.
- Client Preference: Don't reveal birth date.
- Solution: Prove client has a valid EU driver's license.
-
Principle of data minimization: Provide as little personal
information as possible.
-
Anonymous credentials: idemix.
