DAC: Enumerate and define the "six privacy tools"

Impacted Sections

List UNTP specification page(s) that are impacted by this issue. For example:

• https://untp.unece.org/docs/specification/DecentralisedAccessControl

Issue Description

Reading the current DAC spec and seeing the image below, you can infer there are roughly six ways to handle confidentiality. These should be explicity enumerated in the specification to give readers an easier way to evaluate them.

• Anonymous public access - No encryption, publicly discoverable via IDR
• Unguessable identifiers - Large random IDs as security (128-bit entropy)
• Content encryption - AES encryption with unique keys per item
• Shared secret keys - QR codes containing decryption keys
• Federated authentication - OAuth/OIDC for known parties
• Decentralised authentication - DID Auth for unknown parties

I Have

• Added the relevant labels (e.g. WG-Adoption, WG-Conformity, WG-SupplyChain, WG-Technical, WG-Steering, etc.).