EU is working on something like this[1] (got limited discussion here[2]).
I haven't looked into it very much, but at a glance it doesn't sound terrible. Here's the basic flow[3]:
- The User initiates an age verification process by enrolling with an Attestation Provider (AP), which collects the necessary evidence from authentic sources or trusted 3rd party private data sources.
- The AP generates a Proof of Age attestation and issues it to the Age Verification App Instance (AVI) of the User.
- The AVI presents the attestation to a Relying Party (RP) when attempting to access age-restricted services.
- The RP checks the validity of the attestation, referencing the trusted list to confirm the AP's authorisation.
So it uses an app on a mobile device as a proxy of sorts. They're also working on incorporating zero-knowledge proofs[4].
Yeah, something like that. I wonder, if their zero-knowledge proof version prevents leaking of identity, if any service is sharing data with the other.
I haven't looked into it very much, but at a glance it doesn't sound terrible. Here's the basic flow[3]:
- The User initiates an age verification process by enrolling with an Attestation Provider (AP), which collects the necessary evidence from authentic sources or trusted 3rd party private data sources.
- The AP generates a Proof of Age attestation and issues it to the Age Verification App Instance (AVI) of the User.
- The AVI presents the attestation to a Relying Party (RP) when attempting to access age-restricted services.
- The RP checks the validity of the attestation, referencing the trusted list to confirm the AP's authorisation.
So it uses an app on a mobile device as a proxy of sorts. They're also working on incorporating zero-knowledge proofs[4].
[1]: https://digital-strategy.ec.europa.eu/en/news/commission-mak...
[2]: https://news.ycombinator.com/item?id=44561797
[3]: https://ageverification.dev/Technical%20Specification/archit...
[4]: https://ageverification.dev/Technical%20Specification/archit...