Statement: Verifiers shall only request the minimum data required for their transaction
Review Meeting(s): TBD
Status:
| Status | ||
|---|---|---|
|
...
|
...
Optional comments about the requirement may be entered here
|
Item | Description |
|---|---|
Statement (Single phrase or sentence) | Verifiers |
shall only request the minimum data required for their transaction | |
Description | To avoid excessive collection of data, the Verifiers attested data fields should map to the minimum required to meet their attested use-case. : attested means that the attested use cases delineate the data fields requested. :three requirements #5, #6, and #7 to be aligned and sequenced for common language. : categories of data => required, optional, and ephemeral : discussion of minimum required for the identified purpose - needs to be flexible enough to allow for various profiles and operational contexts : Tom instead of relevance - the element @context is designed specifically to bring in addtional schema and requirements. : Loffie - another step - which option or services do you want? : John - how to do this without cognitive overload : Loffie - cognitive overload can be addressed by UX Verifiers shall only request the strictly necessary PII to provide the services according to justified purposes for data processing. When no identification of the user is needed, Verifiers should accept the isolated proof of attributes via selective disclosure techniques or when possible, zero-knowledge proofs. |
Scope (applies to) |
|
Select the Primary Consideration |
|
|
|
|
|
|
|
|
|
|
PL
Purpose legitimacy and specification
CL
Collection limitation
DM
Data minimization
UR
|
- Direct
- Indirect
- Unique
Reference
Privacy Principles
For descriptions see ISO/IEC 29100
Reference | 16_V_DM |
Other considerations |
|
AQ
|
OT
|
IA
|
AC
Accountability
IS
Information Security
PS
| |
Explanatory Notes (Text or Link) | From # 6 |
Page Tasks
- Type your task here, using "@" to assign to a user and "//" to select a due date