(Privacy-Enhanced) Web Revocation API #20
Description
This proposal achieves privacy-friendly revocation (i.e., ban). In particular, it makes a web servicer(i.e., web server) capable of blocking users who have previously abused them; however, it has no risk for privacy violations.
Background
As is well known, malicious actions (e.g., cheating in games) are a significant problem, including in Web applications.
To solve these problems, revoking malicious users is an excellent function to reduce fraud.
Currently, the most straightforward way of revocation is to use the user identifier strongly coupled with the user's identity.
(e.g., National ID, Phone number, IP address(?))
However, they have privacy concerns, especially user tracking by services.
Idea
This idea is for Web APIs to provide a privacy-enhanced revocation method.
It mainly consists of a cryptographic anonymous blocklisting protocol such as EPID(Enhanced Privacy ID). EPID is a signature scheme that ensures user anonymity but revocability, too. Using EPID, services can revoke users while not being able to track users. Specifically, EPID has the signature-based revocation ability that allows services to revoke users using their signature (without using the user's information).
This API provides signing and part of joining(i.e., Key generation and Credential saving) in EPID and some security/privacy measures.
Note that although EPID assumes a third-party entity (GM: Group Manager) limits the number of user's secret keys, the implementation to limit it is out of scope in this API. In other words, the proposal entrusts a defining identification method to the GM (like Secure Payment Confirmation API). In many cases, GM limits them on GM's website using IP addresses, SMS authentication, or other schemes.
Moreover, the browser and extension developers can be and add the GM in other ways.
Base ideas
Privacy-Enhanced Revocation(AFCG meetings)
Web hardware revocation API
References
EPID: Enhanced Privacy ID
Secure Payment Confirmation API