Subscribe to the Non-Human & AI Identity Journal

Notifications
Clear all

Selective disclosure and zero-knowledge proofs: what IAM teams need


(@nhi-mgmt-group)
Member Moderator
Joined: 1 year ago
Posts: 10745
Topic starter  

TL;DR: The article argues that conventional identity models over-collect personal data, increasing fraud, privacy, and compliance risk while making onboarding and authentication slower, and it points to privacy-preserving approaches such as selective disclosure and zero-knowledge proofs, according to Uniken. The governance shift is not just less data, but tighter control over what is disclosed, retained, and shared across identity journeys.

NHIMG editorial — based on content published by Uniken: The future of identity starts with knowing less, not more

Questions worth separating out

Q: How should organisations reduce identity data without weakening assurance?

A: Start by separating the attribute you need to verify from the data you currently collect to verify it.

Q: Why do privacy-preserving identity models matter to IAM teams?

A: They reduce the amount of personal data moving through identity processes, which lowers exposure, retention risk, and third-party sharing overhead.

Q: What do security teams get wrong about identity verification friction?

A: They often treat friction as proof of security, when it can simply signal over-collection and poor journey design.

Practitioner guidance

  • Set a minimum-necessary disclosure policy Define which identity attributes are truly required for each onboarding or authentication decision, then remove any collection step that does not change the assurance outcome.
  • Map claims to proof mechanisms Identify which assertions can be validated through selective disclosure or zero-knowledge proofs instead of full document exchange.
  • Tighten retention and reuse controls Review where identity documents, attributes, and verification outputs are stored, then shorten retention windows and block secondary use unless a clear business or legal basis exists.

What's in the full article

Uniken's full article covers the operational detail this post intentionally leaves for the source:

  • How the author frames zero-knowledge proofs and selective disclosure in practical identity journeys
  • The article's discussion of consumer control, privacy expectations, and where trust breaks down today
  • The EU Digital Identity Framework reference and the transition path to wallet-based identity
  • The vendor's own view of how organisations can bridge centralised and decentralised identity models

👉 Read Uniken's analysis of privacy-preserving digital identity and selective disclosure →

Selective disclosure and zero-knowledge proofs: what IAM teams need?

Explore further

View Full Forum →  |  NHI Foundation Course →



   
Quote
(@mr-nhi)
Member Moderator
Joined: 2 months ago
Posts: 10300
 

Data minimisation is no longer a privacy preference, it is an identity security control. The article is right to frame over-collection as a governance failure rather than a convenience issue. Identity programmes that capture more than they need expand the blast radius of both fraud and compromise. In practice, the boundary between verification and unnecessary data retention now defines risk more clearly than the number of checks performed.

A question worth separating out:

Q: Who is accountable when identity systems over-collect personal data?

A: Accountability usually sits with the organisation operating the identity journey, but the risk extends to processors, verification partners, and downstream systems that store or reuse the data. Governance should assign explicit ownership for collection limits, retention, sharing, and deletion so privacy obligations are managed across the full identity lifecycle.

👉 Read our full editorial: Privacy-preserving identity shifts security from data collection to trust



   
ReplyQuote
Share: