Versions Compared

Old Version 1

changes.mady.by.user John Wunderlich

Saved on

compared with

New Version Current

changes.mady.by.user John Wunderlich

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Ref

Principle

VIP Requirements

Verifiers

Issuers

Providers

CC

Consent & Choice

08_V_CC: Context for user consent

01_IP_CC: Selective Data Release

01_IP_CC: Selective Data Release

  • If consent is not the basis for processing mobile credential data, the authority must be made clear before release.

https://kantara.atlassian.net/wiki/spaces/PEMCP/pages/12288014

https://kantara.atlassian.net/wiki/spaces/PEMCP/pages/21397557

https://kantara.atlassian.net/wiki/spaces/PEMCP/pages/21397557

PL

Purpose legitimacy and specification

11_V_PL: Segregated Accountability

05_P_PL: Inform users of Verifier policieshttps://kantara.atlassian.net/wiki/spaces/PEMCP/pages/12189713

https://kantara.atlassian.net/wiki/spaces/PEMCP/pages/2097242

CL

Collection Limitation07_V_CL: Verifiers minimize collection

https://kantara.atlassian.net/wiki/spaces/PEMCP/pages/12288003

DM

Data Minimization15_V_DM: Verifier Re-identification16_V_DM: Verifiers must only request the minimum data required for their transaction

https://kantara.atlassian.net/wiki/spaces/PEMCP/pages/12320806https://kantara.atlassian.net/wiki/spaces/PEMCP/pages/2097237

UR

Use, retention, and disclosure limitation06_V_UR: Verifiers must publicly state the purposes for collection09_V_UR: Declare retention period10_V_UR: Justifiable PII storage

  • Can’t phone home

https://kantara.atlassian.net/wiki/spaces/PEMCP/pages/2097232https://kantara.atlassian.net/wiki/spaces/PEMCP/pages/12648452https://kantara.atlassian.net/wiki/spaces/PEMCP/pages/12189706

? Terminal Authentication - Issuer issues a policy

AQ

Accuracy & Quality

  • Minimum accuracy to fulfill the purpose of the transaction

  • Minimum tracking

    • Location

    • Longitudinal

OT

Openness, transparency, and access

13_V_OT: Data subject rights

03_P_OT:Transparency at presentment

  • Ability to see and correct data

https://kantara.atlassian.net/wiki/spaces/PEMCP/pages/12451853

https://kantara.atlassian.net/wiki/spaces/PEMCP/pages/2097288

IA

Individual access & participation

Mobile Credentials must be made available to all subjects that have right granted by Issuer

Verifiers must accept credential

Issuers must issue credential

Providers must hold credential

AC

Accountability14_V_AC: Verifier Data Registry

https://kantara.atlassian.net/wiki/spaces/PEMCP/pages/12156995

IS

Information Security

02_VIP_IS: Encrypted Channel Transactions

12_V_IS: Secure storage

02_VIP_IS: Encrypted Channel Transactions

02_VIP_IS: Encrypted Channel Transactions

PS

Privacy Compliancehttps://kantara.atlassian.net/wiki/spaces/PEMCP/pages/21397594

https://kantara.atlassian.net/wiki/spaces/PEMCP/pages/12320796

PS

Privacy Compliance

  • Where an entity processer mobile credential data for legal purposes …. (out of scope) - or records of access

  • Clarity on meaning of consent needed.