Updated Security/Privacy section based on input from Eric Korb.

w3c · Mar 12, 2016 · 523d463 · 523d463
1 parent 82ea24c
commit 523d463
Showing 1 changed file with 26 additions and 12 deletions.
diff --git a/VCTF/charter/vcwg-draft.html b/VCTF/charter/vcwg-draft.html
@@ -215,23 +215,37 @@ <h3 id="definitions">Definitions</h3>
 
     <h3 id="security">Security and Privacy Considerations</h3>
 
-	<p>Security is critical for verifiable claims.</p>
+   <p>
+In general, the issuers of verifiable claims want to ensure that their
+reputation is protected, the holders of verifiable claims want to
+ensure their data is protected, and the inspectors of verifiable claims
+want to be confident in their claims-based decisions. As a result,
+both security and privacy are critical for verifiable claims.
+   </p>
+
+   <p>
+From a security perspective it is important that verifiable claims are
+protected from forgery and that interactions with verifiable claims are
+protected from bad actors at all stages of the lifecycle.
+   </p>
+
+    <p>
+From a privacy perspective it is important that information that is
+intended to remain private is handled appropriately. Maintaining the
+trust of a verifiable claims ecosystem is important. Verifiable
+claims technology defined by this group should not disclose private
+details of the participants' identity or other sensitive information
+unless required for operational purposes, by legal or jurisdictional
+rules, or when deliberately consented to (e.g. as part of a request
+for information) by the holder of the information. The design of any
+data model and format should guard against the unwanted leakage of
+such data.
+    </p>
 
 	<p>The Working Group will work with the organizations
  listed in the liaisons section of the charter to help ensure data model and
  document security.</p>
 
-    <p>
-Protection of the privacy of participants in a credentials ecosystem
-is important to maintaining the trust that credential systems are
-dependent upon to function. A credential format defined by this group
-should not disclose private details of the participants' identity or
-other sensitive information unless required for operational purposes,
-by legal or jurisdictional rules, or when deliberately consented to
-(e.g. as part of a request for information) by the owner of the
-information. The design of any data model and format should guard against
-the unwanted leakage of such data.
-    </p>
 
     </div>
     <div>