more detailed privacy considerations #244

Sakurann · 2024-01-31T04:58:32Z

More detailed and thorough Privacy Considerations section for ID-1 inspired by implementation experience and a lot of related specifications. Not perfect, but should be good enough to convey how serious we are about privacy.
intended to replace #187.

openid-4-verifiable-credential-issuance-1_0.md

selfissued

Approved, pending my suggestions being accepted.

Co-authored-by: Michael B. Jones <michael_b_jones@hotmail.com>

openid-4-verifiable-credential-issuance-1_0.md

Co-authored-by: Joseph Heenan <joseph@heenan.me.uk>

openid-4-verifiable-credential-issuance-1_0.md

Co-authored-by: Joseph Heenan <joseph@heenan.me.uk>

openid-4-verifiable-credential-issuance-1_0.md

bc-pi

Two minor nits on the latest text that I assume will be incorporated so approving.

jogu

Looks good to me! I agree with Brian's suggestions, and also suggested a few trivial grammar improvements.

openid-4-verifiable-credential-issuance-1_0.md

c2bo · 2024-02-02T19:00:24Z

The line breaks are somehow weird for this PR? Shouldn't for example

For example, when a military organization or a drug rehabilitation center issues a vaccine
credential, verifiers can deduce that the owner of the Wallet storing such Credential is a
military member or may have a substance use disorder.

be in one line like this?

For example, when a military organization or a drug rehabilitation center issues a vaccine credential, verifiers can deduce that the owner of the Wallet storing such Credential is a military member or may have a substance use disorder.

jogu · 2024-02-03T11:56:08Z

The line breaks are somehow weird for this PR?

The markdown has been wrapped, which is inconsistent with the rest of the spec - albeit that doesn't make any difference to the generated HTML.

selfissued · 2024-02-03T13:08:08Z

The markdown has been wrapped, which is inconsistent with the rest of the spec - albeit that doesn't make any difference to the generated HTML.

The practice of putting an entire paragraph into a single source line results in MANY unnecessary merge conflicts. I support putting each sentence or long phrase into its own line - at least as we add new text.

That said, line breaks should be at the end of sentences and/or complete clauses so that odd line breaks don't make it hard to search for multiple-word terms such as "authorization server".

peppelinux

Approved considering Brian's suggestions taken into consideration

c2bo

I agree with the suggestions of joseph & brian. Looks good to me apart from those minor changes

openid-4-verifiable-credential-issuance-1_0.md

Co-authored-by: Brian Campbell <71398439+bc-pi@users.noreply.github.com> Co-authored-by: Joseph Heenan <joseph@heenan.me.uk> Co-authored-by: Christian Bormann <8774236+c2bo@users.noreply.github.com>

danielfett · 2024-02-06T15:41:51Z

openid-4-verifiable-credential-issuance-1_0.md

+The Credential Issuer should obtain the End-User's consent before issuing Credential(s)
+to the Wallet. It should be made clear to the End-User what information is being included in the
+Credential(s) and for what purpose.


Why lower-case should here?

It used to be a MUST, we had a passionate discussion during the WG call based on a comment here and there were concerns with having a normative statements regarding consent.

should all shoulds in this text be upper case SHOULD?

openid-4-verifiable-credential-issuance-1_0.md

tplooker

Minor nits but in general big supporter of this PR, thanks!

openid-4-verifiable-credential-issuance-1_0.md

Co-authored-by: Joseph Heenan <joseph@heenan.me.uk>

openid-4-verifiable-credential-issuance-1_0.md

privacy considerations

bf83766

Sakurann requested review from awoie, bc-pi, c2bo, danielfett, decentralgabe, jogu, paulbastian, peppelinux, selfissued, tlodderstedt and tplooker January 31, 2024 04:58

add ISO.29100 refernece

4496b82

Sakurann mentioned this pull request Jan 31, 2024

Wrote initial Privacy Considerations #187

Closed

selfissued reviewed Jan 31, 2024

View reviewed changes