The contents of a digital credential may be sensitive. When a credential contains multiple attributes, some of them may not be relevant to certain transactions. For example, you might like to use your driver's license to prove your age or gender without revealing any additional information. One approach to selective disclosure using X.509v3 certificates is to replace each sensitive attribute in a credential with a commitment to that value, similar to the idea of placing a secret bid in a sealed envelope that can be revealed and verified at a later date. We have extended TrustBuilder to support the selective disclosure of attributes in X.509v3 certificates during trust negotiation.
Selective Disclosure
