Clarify delegation desires in the Introduction #252
Assignees
Labels
pr exists
A Pull Request exists to address this issue.
Comments
|
Discussed on 2022-03-29, I took an action to add spec text, I will do that. |
msporny
added
pr exists
|
PR #359 has been merged, closing. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
@agropper has proposed that we add this text to the introduction:
Introduction
Verifiable Credentials (VC) are a standard data model designed to mitigate risks of misuse and fraud. As a data model, VCs are protocol-neutral and consider only two roles: issuer and subject. When the subject of a VC is a natural person or linked to a natural person, privacy and human rights can be impacted by the vastly more efficient processing of standardized VCs as compared to their analog ancestors.
Technology, in the form of standardized APIs and protocols for issuing VCs, further enhances the efficiency of processing VCs and adds to the risks of unforeseen privacy and human rights consequences.
VC issue has a request phase and a delivery phase. The request may be made by the subject or another role and delivery can be to a client that may or may not be controlled by the subject. Delegation is highly relevant for both phases. The issuer may delegate processing of the request to a separate entity. The subject, for their part, may also delegate the ability to request a VC to a separate entity. The ability to delegate is a third dimension in the enhanced efficiency of processing VCs and has impact on privacy and human rights.
VC API architecture is designed for market acceptance through a combination of efficiency and respect for privacy and human rights. APIs and protocols for VC processing do not favor delegation by the issuer role over delegation by the subject role.
The text was updated successfully, but these errors were encountered: