Selective sharing of accredited personal data in HR

Context

Data pods—e.g., based on Solid—enable individuals to store personal data securely and share it with multiple applications and third parties. In practice, the biggest challenges are not only who gets access to what, but also whether the shared data remains trustworthy and accredited once it is filtered, aggregated, or partially disclosed.

In an HR context, authoritative parties (government, universities, payroll providers, …) can issue certified information such as diplomas, student attestations, or payslips. But once such information is reused (e.g., “show only the attributes relevant for a vacancy”), receivers still need reliability, and they may face legal obligations to retain evidence.

The SHARCS imec.ICON project studied this tension between: user control and transparency (the pod owner controls access and can revoke it), and third-party obligations and trust needs (evidence, compliance, auditability).

The HR use case

The demonstrator focuses on recruitment workflows (vacancy/candidate matching) where candidates share only the necessary, accredited attributes with relying parties under explicit consent and conditions.

Key objectives included:

Self-sovereign identification and authentication for users and relying parties.
Converting authoritative identity information into minimised Verifiable Credentials stored under user control.
Conditional authorisation, including consent, relying party authentication, ecosystem policy compliance, and independent logging for accountability.

What the SHARCS project contributed

SHARCS researched and prototyped extensions across the Solid ecosystem:

Identity and strong authentication, including exploring alignment with the EUDI Wallet.
Decentralised policy checking, using a XACML-based architecture plus semantic rules/reasoning to make decisions transparent, and the EYE reasoner with Notation3 rules.
Data minimisation with accreditation, using selective disclosure techniques applied to W3C Verifiable Credentials so recipients receive only what they need, while retaining verifiability and revocation checking.

Key findings (high level)

Just the Solid specification are not sufficient as an “identity wallet” : they do not fully cover wallet-grade trust features like encryption-backed authenticity, revocation, recoverability, and strong standardised interoperability across servers. For wallet requirements, the EUDI Wallet is positioned as more promising because it natively combines selective disclosure, strong authentication, signatures/encryption, trust anchors, and revocation mechanisms in a regulated framework.

A video in Dutch: