...
...
...
...
...
13 | Verifiers must only request the minimum data required for their transaction | - Part A: Verifiers
- Part B: Issuers
- Part C: Providers
| - CC (Consent and Choice)
- PL (Purpose legitimacy and specification)
- CL (Collection limitation)
- DM (Data minimization)
- UR (Use, retention, and disclosure limitation)
- AQ (Accuracy and quality)
- OT (Openness, transparency, and access)
- IA (Individual access & participation)
- AC (Accountability)
- IS (Information Security)
- PS (Privacy compliance)
| - CC (Consent and Choice)
- PL (Purpose legitimacy and specification)
- CL (Collection limitation)
- DM (Data minimization)
- UR (Use, retention, and disclosure limitation)
- AQ (Accuracy and quality)
- OT (Openness, transparency, and access)
- IA (Individual access & participation)
- AC (Accountability)
- IS (Information Security)
- PS (Privacy compliance)
| Verifiers must only request the minimum data required for their transaction | | - Type your task here, using "@" to assign to a user and "//" to select a due date
|
14 | Providers must communicate to users any attestations associated with a verifier | - Part A: Verifiers
- Part B: Issuers
- Part C: Providers
| - CC (Consent and Choice)
- PL (Purpose legitimacy and specification)
- CL (Collection limitation)
- DM (Data minimization)
- UR (Use, retention, and disclosure limitation)
- AQ (Accuracy and quality)
- OT (Openness, transparency, and access)
- IA (Individual access & participation)
- AC (Accountability)
- IS (Information Security)
- PS (Privacy compliance)
| - CC (Consent and Choice)
- PL (Purpose legitimacy and specification)
- CL (Collection limitation)
- DM (Data minimization)
- UR (Use, retention, and disclosure limitation)
- AQ (Accuracy and quality)
- OT (Openness, transparency, and access)
- IA (Individual access & participation)
- AC (Accountability)
- IS (Information Security)
- PS (Privacy compliance)
| Providers must communicate to users any attestations associated with a verifier | | 15 | Verifiers must attest their use-cases - which in turn defines the data they will need to collect and its retention policy | - Part A: Verifiers
- Part B: Issuers
- Part C: Providers
| - CC (Consent and Choice)
- PL (Purpose legitimacy and specification)
- CL (Collection limitation)
- DM (Data minimization)
- UR (Use, retention, and disclosure limitation)
- AQ (Accuracy and quality)
- OT (Openness, transparency, and access)
- IA (Individual access & participation)
- AC (Accountability)
- IS (Information Security)
- PS (Privacy compliance)
| - CC (Consent and Choice)
- PL (Purpose legitimacy and specification)
- CL (Collection limitation)
- DM (Data minimization)
- UR (Use, retention, and disclosure limitation)
- AQ (Accuracy and quality)
- OT (Openness, transparency, and access)
- IA (Individual access & participation)
- AC (Accountability)
- IS (Information Security)
- PS (Privacy compliance)
| Verifiers must attest their use-cases - which in turn defines the data they will need to collect and its retention policy | | 16 | Verifiers must identify themselves | - Part A: Verifiers
- Part B: Issuers
- Part C: Providers
| - CC (Consent and Choice)
- PL (Purpose legitimacy and specification)
- CL (Collection limitation)
- DM (Data minimization)
- UR (Use, retention, and disclosure limitation)
- AQ (Accuracy and quality)
- OT (Openness, transparency, and access)
- IA (Individual access & participation)
- AC (Accountability)
- IS (Information Security)
- PS (Privacy compliance)
| - CC (Consent and Choice)
- PL (Purpose legitimacy and specification)
- CL (Collection limitation)
- DM (Data minimization)
- UR (Use, retention, and disclosure limitation)
- AQ (Accuracy and quality)
- OT (Openness, transparency, and access)
- IA (Individual access & participation)
- AC (Accountability)
- IS (Information Security)
- PS (Privacy compliance)
| Verifiers must identify themselves | Status |
---|
title | SubmittedReviewed | | 2 | All identifying data shall be transacted through encrypted channels. | - Part A: Verifiers
- Part B: Issuers
- Part C: Providers
| - CC (Consent and Choice)
- PL (Purpose legitimacy and specification)
- CL (Collection limitation)
- DM (Data minimization)
- UR (Use, retention, and disclosure limitation)
- AQ (Accuracy and quality)
- OT (Openness, transparency, and access)
- IA (Individual access & participation)
- AC (Accountability)
- IS (Information Security)
- PS (Privacy compliance)
| - CC (Consent and Choice)
- PL (Purpose legitimacy and specification)
- CL (Collection limitation)
- DM (Data minimization)
- UR (Use, retention, and disclosure limitation)
- AQ (Accuracy and quality)
- OT (Openness, transparency, and access)
- IA (Individual access & participation)
- AC (Accountability)
- IS (Information Security)
- PS (Privacy compliance)
| Encrypted channels | | - Type your task here, using "@" to assign to a user and "//" to select a due date
|
3 | Transparency to Holder at mobile credential presentment | - Part A: Verifiers
- Part B: Issuers
- Part C: Providers
| - CC (Consent and Choice)
- PL (Purpose legitimacy and specification)
- CL (Collection limitation)
- DM (Data minimization)
- UR (Use, retention, and disclosure limitation)
- AQ (Accuracy and quality)
- OT (Openness, transparency, and access)
- IA (Individual access & participation)
- AC (Accountability)
- IS (Information Security)
- PS (Privacy compliance)
| - CC (Consent and Choice)
- PL (Purpose legitimacy and specification)
- CL (Collection limitation)
- DM (Data minimization)
- UR (Use, retention, and disclosure limitation)
- AQ (Accuracy and quality)
- OT (Openness, transparency, and access)
- IA (Individual access & participation)
- AC (Accountability)
- IS (Information Security)
- PS (Privacy compliance)
| Transparency at presentment | | - Type your task here, using "@" to assign to a user and "//" to select a due date
|
4 | Verifiers shall not request more than the strictly necessary PII for the provision of their services. | - Part A: Verifiers
- Part B: Issuers
- Part C: Providers
| - CC (Consent and Choice)
- PL (Purpose legitimacy and specification)
- CL (Collection limitation)
- DM (Data minimization)
- UR (Use, retention, and disclosure limitation)
- AQ (Accuracy and quality)
- OT (Openness, transparency, and access)
- IA (Individual access & participation)
- AC (Accountability)
- IS (Information Security)
- PS (Privacy compliance)
| - CC (Consent and Choice)
- PL (Purpose legitimacy and specification)
- CL (Collection limitation)
- DM (Data minimization)
- UR (Use, retention, and disclosure limitation)
- AQ (Accuracy and quality)
- OT (Openness, transparency, and access)
- IA (Individual access & participation)
- AC (Accountability)
- IS (Information Security)
- PS (Privacy compliance)
| Limited data collection/request | | - Requirement using template to be created
-
|
5 | Verifiers shall request user consent prior the transmission of their PII. | - Part A: Verifiers
- Part B: Issuers
- Part C: Providers
| - CC (Consent and Choice)
- PL (Purpose legitimacy and specification)
- CL (Collection limitation)
- DM (Data minimization)
- UR (Use, retention, and disclosure limitation)
- AQ (Accuracy and quality)
- OT (Openness, transparency, and access)
- IA (Individual access & participation)
- AC (Accountability)
- IS (Information Security)
- PS (Privacy compliance)
| - CC (Consent and Choice)
- PL (Purpose legitimacy and specification)
- CL (Collection limitation)
- DM (Data minimization)
- UR (Use, retention, and disclosure limitation)
- AQ (Accuracy and quality)
- OT (Openness, transparency, and access)
- IA (Individual access & participation)
- AC (Accountability)
- IS (Information Security)
- PS (Privacy compliance)
| Request for user consent | | - Requirement using template to be created
-
|
6 | Verifiers shall state a retention period for PII in their consent request. | - Part A: Verifiers
- Part B: Issuers
- Part C: Providers
| - CC (Consent and Choice)
- PL (Purpose legitimacy and specification)
- CL (Collection limitation)
- DM (Data minimization)
- UR (Use, retention, and disclosure limitation)
- AQ (Accuracy and quality)
- OT (Openness, transparency, and access)
- IA (Individual access & participation)
- AC (Accountability)
- IS (Information Security)
- PS (Privacy compliance)
| - CC (Consent and Choice)
- PL (Purpose legitimacy and specification)
- CL (Collection limitation)
- DM (Data minimization)
- UR (Use, retention, and disclosure limitation)
- AQ (Accuracy and quality)
- OT (Openness, transparency, and access)
- IA (Individual access & participation)
- AC (Accountability)
- IS (Information Security)
- PS (Privacy compliance)
| | - Requirement using template to be created
-
| 7 | Verifiers shall not store any PII when it is not required for the provision of their services. | - Part A: Verifiers
- Part B: Issuers
- Part C: Providers
| - CC (Consent and Choice)
- PL (Purpose legitimacy and specification)
- CL (Collection limitation)
- DM (Data minimization)
- UR (Use, retention, and disclosure limitation)
- AQ (Accuracy and quality)
- OT (Openness, transparency, and access)
- IA (Individual access & participation)
- AC (Accountability)
- IS (Information Security)
- PS (Privacy compliance)
| - CC (Consent and Choice)
- PL (Purpose legitimacy and specification)
- CL (Collection limitation)
- DM (Data minimization)
- UR (Use, retention, and disclosure limitation)
- AQ (Accuracy and quality)
- OT (Openness, transparency, and access)
- IA (Individual access & participation)
- AC (Accountability)
- IS (Information Security)
- PS (Privacy compliance)
| | - Requirement using template to be created
-
| 8 | Verifiers shall not fall into collusive practices with Issuing Authorities or other Verifiers for user re-identification. | - Part A: Verifiers
- Part B: Issuers
- Part C: Providers
| - CC (Consent and Choice)
- PL (Purpose legitimacy and specification)
- CL (Collection limitation)
- DM (Data minimization)
- UR (Use, retention, and disclosure limitation)
- AQ (Accuracy and quality)
- OT (Openness, transparency, and access)
- IA (Individual access & participation)
- AC (Accountability)
- IS (Information Security)
- PS (Privacy compliance)
| - CC (Consent and Choice)
- PL (Purpose legitimacy and specification)
- CL (Collection limitation)
- DM (Data minimization)
- UR (Use, retention, and disclosure limitation)
- AQ (Accuracy and quality)
- OT (Openness, transparency, and access)
- IA (Individual access & participation)
- AC (Accountability)
- IS (Information Security)
- PS (Privacy compliance)
| | - Requirement using template to be created
-
| 9 | Verifiers shall adopt appropriate measures to ensure the security of stored PII. | - Part A: Verifiers
- Part B: Issuers
- Part C: Providers
| - CC (Consent and Choice)
- PL (Purpose legitimacy and specification)
- CL (Collection limitation)
- DM (Data minimization)
- UR (Use, retention, and disclosure limitation)
- AQ (Accuracy and quality)
- OT (Openness, transparency, and access)
- IA (Individual access & participation)
- AC (Accountability)
- IS (Information Security)
- PS (Privacy compliance)
| - CC (Consent and Choice)
- PL (Purpose legitimacy and specification)
- CL (Collection limitation)
- DM (Data minimization)
- UR (Use, retention, and disclosure limitation)
- AQ (Accuracy and quality)
- OT (Openness, transparency, and access)
- IA (Individual access & participation)
- AC (Accountability)
- IS (Information Security)
- PS (Privacy compliance)
| | - Requirement using template to be created
-
| 10 | Verifiers shall guarantee appropriate means to ensure that user can access and request the erasure of their PII. | - Part A: Verifiers
- Part B: Issuers
- Part C: Providers
| - CC (Consent and Choice)
- PL (Purpose legitimacy and specification)
- CL (Collection limitation)
- DM (Data minimization)
- UR (Use, retention, and disclosure limitation)
- AQ (Accuracy and quality)
- OT (Openness, transparency, and access)
- IA (Individual access & participation)
- AC (Accountability)
- IS (Information Security)
- PS (Privacy compliance)
| - CC (Consent and Choice)
- PL (Purpose legitimacy and specification)
- CL (Collection limitation)
- DM (Data minimization)
- UR (Use, retention, and disclosure limitation)
- AQ (Accuracy and quality)
- OT (Openness, transparency, and access)
- IA (Individual access & participation)
- AC (Accountability)
- IS (Information Security)
- PS (Privacy compliance)
| | - Requirement using template to be created
-
| 11 | Verifiers shall maintain appropriate registries and ensure access to Law Enforcement Authorities for accountability purposes. | - Part A: Verifiers
- Part B: Issuers
- Part C: Providers
| - CC (Consent and Choice)
- PL (Purpose legitimacy and specification)
- CL (Collection limitation)
- DM (Data minimization)
- UR (Use, retention, and disclosure limitation)
- AQ (Accuracy and quality)
- OT (Openness, transparency, and access)
- IA (Individual access & participation)
- AC (Accountability)
- IS (Information Security)
- PS (Privacy compliance)
| - CC (Consent and Choice)
- PL (Purpose legitimacy and specification)
- CL (Collection limitation)
- DM (Data minimization)
- UR (Use, retention, and disclosure limitation)
- AQ (Accuracy and quality)
- OT (Openness, transparency, and access)
- IA (Individual access & participation)
- AC (Accountability)
- IS (Information Security)
- PS (Privacy compliance)
| | - Requirement using template to be created
-
| 12 | Verifiers shall not combine any PII for the purpose of re-identifying the data subject, unless specifically informed and justified. | - Part A: Verifiers
- Part B: Issuers
- Part C: Providers
| - CC (Consent and Choice)
- PL (Purpose legitimacy and specification)
- CL (Collection limitation)
- DM (Data minimization)
- UR (Use, retention, and disclosure limitation)
- AQ (Accuracy and quality)
- OT (Openness, transparency, and access)
- IA (Individual access & participation)
- AC (Accountability)
- IS (Information Security)
- PS (Privacy compliance)
| - CC (Consent and Choice)
- PL (Purpose legitimacy and specification)
- CL (Collection limitation)
- DM (Data minimization)
- UR (Use, retention, and disclosure limitation)
- AQ (Accuracy and quality)
- OT (Openness, transparency, and access)
- IA (Individual access & participation)
- AC (Accountability)
- IS (Information Security)
- PS (Privacy compliance)
| | - Requirement using template to be created
-
| | Status |
---|
colour | Yellow |
---|
title | Under Review |
---|
|
| Status |
---|
colour | Green |
---|
title | Candidate |
---|
|
| |
---|
Created by an author but not yet ready for review by the Work Group | The author is ready for the requirement to be reviewed by the Work Group | The requirement is under review by the Work Group | The requirement has passed the initial Work Group review and can be included as a draft requirement (provisionally accepted) | The requirement will not be included as a draft requirement |