Hi everyone,
Example: Ms. X has stored her personal information in Project A. She wants to prove to Project B that she is an adult without revealing her Principal (or equivalent ID) from Project A. Is there a method to do this on Internet Computer?
Prerequisites:
If revealing the principal from project B to project A is allowed then it’s possible by having project B ask project A if it’s principal has been added as 18+ principal by anyone.
Another option is having the user use project A to generate a signature for a random challenge from project B, which project A only does if the user is 18+.
Main concern here is to avoid a user generating 18+ proofs for other users. Even if the principal is shared, this can’t be avoided. First thing that comes to mind is adding something like a proof of work like Internet Identity did when creating a signature for a challenge, so automating this abuse won’t scale.
Also I would add expiries to the signatures so they’re only valid for a limited time (so nobody can generate a whole bunch and share them over time).
And lastly you could store every challenge signed by project A, so project B can report to project A that it’s suspicious of a challenge. If enough challenges have been reported for a user of project A, actions like banning the user could be taken.
Another option is having the user use project A to generate a signature for a random challenge from project B, which project A only does if the user is 18+.
Thank you for your reply.
random challenge is a good idea!
Main concern here is to avoid a user generating 18+ proofs for other users.
Since only that user knows about the random challenge, there may be nothing to worry about. It might be nice if random challenge had an expiration date.