Gap in W3C privacy guidance: missing testable primitive for pairwise identifier derivation and recovery

[amir-hameed-mir]

Description

Several W3C specifications and work items rely on or recommend the use of pairwise or context-specific identifiers as a privacy-preserving measure. However, there is currently no common, testable definition at the horizontal layer for:

1. How such identifiers should be derived cryptographically
2. What unlinkability properties should be formally guaranteed
3. How recovery can be achieved without reintroducing cross-context correlation
4. What adversary models apply to the unlinkability claims

This gap has several consequences:

Current Problems:

• Inconsistent review: Privacy claims about pairwise identifiers cannot be evaluated consistently
• Implementation fragmentation: Each spec invents incompatible derivation schemes
• Avoidance of strong privacy: Implementers default to weaker techniques due to lack of guidance
• Untestable claims: "Unlinkability" remains an assertion rather than a verifiable property
• Recovery gaps: Users lose access to contexts when devices are lost, with no standardized recovery path

Impacted Areas:

• Cross-context correlation resistance
• Data minimization
• Long-term pseudonymity
• User recovery and portability
• Privacy-preserving authentication

Existing Prior Art Reference:

To illustrate this gap concretely, the UDNA Community Group has produced 15 reference test vectors demonstrating deterministic, context-bound identifier derivation with formal cryptographic properties:

🔗 UDNA Privacy Test Vectors

These vectors include:

• Pairwise DID derivation with 5 distinct contexts per root identity
• Cryptographic guarantees: unlinkability, compartmentalization, recovery
• Formal adversary model: passive observer, known derived identities, unknown root key
• Quantified security: ≤2⁻¹²⁸ advantage, 0.5 random-guessing probability
• BLAKE2b-KDF methodology with deterministic seeds

Note: This reference is provided only to illustrate the described gap—not as a proposed standard. It demonstrates what a testable privacy primitive could look like.

Horizontal Review Relevance:

This gap directly impacts privacy threat models typically considered during horizontal review:

• Linking attacks across contexts/services
• Long-term identifier tracking
• Recovery mechanism privacy leaks
• Implementation variance leading to weak privacy

Proposed Next Steps:

1. Acknowledge the gap in horizontal privacy guidance
2. Document use cases requiring pairwise identifiers across W3C specs
3. Define requirements for a testable derivation primitive
4. Establish common terminology for unlinkability properties
5. Consider horizontal note on privacy-preserving identifier derivation

This issue seeks to document the absence of a common framework, enabling more consistent privacy evaluation and implementation across specifications that depend on pairwise identifier techniques.

---

Related Specifications (Examples)

• W3C DID Core (pairwise DID usage)
• W3C Verifiable Credentials (context-specific identifiers)
• Various authentication/identity specifications mentioning "pairwise identifiers"
• Privacy-preserving authentication patterns across web specifications

References

• UDNA Test Vectors: https://github.com/w3c-cg/udna/tree/main/udna-test-vectors
• W3C Privacy Threat Model: https://www.w3.org/TR/privacy-threat-model/
• W3C Security and Privacy Questionnaire: https://w3ctag.github.io/security-questionnaire/

Discussion Points

1. Is this gap recognized as affecting multiple specifications?
2. What would be the appropriate vehicle for addressing this (Horizontal Note, TAG finding, etc.)?
3. Which working groups would benefit from common guidance on this topic?
4. How can testability be incorporated into privacy claims about pairwise identifiers?