Versions Compared

Old Version 29

changes.mady.by.user Cristina Timón López

Saved on

compared with

New Version Current

changes.mady.by.user John Wunderlich

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Any member of the workgroup may create a candidate requirement for discussion by the group. For instructions on how to create a requirement see: Sample Requirements

...

  •  Part A: Verifiers
  •  Part B: Issuers
  •  Part C: Providers

...

  •  CC (Consent and Choice)
  •  PL (Purpose legitimacy and specification)
  •  CL (Collection limitation)
  •  DM (Data minimization)
  •  UR (Use, retention, and disclosure limitation)
  •  AQ (Accuracy and quality)
  •  OT (Openness, transparency, and access)
  •  IA (Individual access & participation)
  •  AC (Accountability)
  •  IS (Information Security)
  •  PS (Privacy compliance)

...

  •  CC (Consent and Choice)
  •  PL (Purpose legitimacy and specification)
  •  CL (Collection limitation)
  •  DM (Data minimization)
  •  UR (Use, retention, and disclosure limitation)
  •  AQ (Accuracy and quality)
  •  OT (Openness, transparency, and access)
  •  IA (Individual access & participation)
  •  AC (Accountability)
  •  IS (Information Security)
  •  PS (Privacy compliance)

...

We suggest the following status markers for requirements

13Verifiers must only request the minimum data required for their transaction
  •  Part A: Verifiers
  •  Part B: Issuers
  •  Part C: Providers
  •  CC (Consent and Choice)
  •  PL (Purpose legitimacy and specification)
  •  CL (Collection limitation)
  •  DM (Data minimization)
  •  UR (Use, retention, and disclosure limitation)
  •  AQ (Accuracy and quality)
  •  OT (Openness, transparency, and access)
  •  IA (Individual access & participation)
  •  AC (Accountability)
  •  IS (Information Security)
  •  PS (Privacy compliance)
  •  CC (Consent and Choice)
  •  PL (Purpose legitimacy and specification)
  •  CL (Collection limitation)
  •  DM (Data minimization)
  •  UR (Use, retention, and disclosure limitation)
  •  AQ (Accuracy and quality)
  •  OT (Openness, transparency, and access)
  •  IA (Individual access & participation)
  •  AC (Accountability)
  •  IS (Information Security)
  •  PS (Privacy compliance)
Verifiers must only request the minimum data required for their transaction

Status
titleSubmitted

  •  Type your task here, using "@" to assign to a user and "//" to select a due date
14Providers must communicate to users any attestations associated with a verifier
  •  Part A: Verifiers
  •  Part B: Issuers
  •  Part C: Providers
  •  CC (Consent and Choice)
  •  PL (Purpose legitimacy and specification)
  •  CL (Collection limitation)
  •  DM (Data minimization)
  •  UR (Use, retention, and disclosure limitation)
  •  AQ (Accuracy and quality)
  •  OT (Openness, transparency, and access)
  •  IA (Individual access & participation)
  •  AC (Accountability)
  •  IS (Information Security)
  •  PS (Privacy compliance)
  •  CC (Consent and Choice)
  •  PL (Purpose legitimacy and specification)
  •  CL (Collection limitation)
  •  DM (Data minimization)
  •  UR (Use, retention, and disclosure limitation)
  •  AQ (Accuracy and quality)
  •  OT (Openness, transparency, and access)
  •  IA (Individual access & participation)
  •  AC (Accountability)
  •  IS (Information Security)
  •  PS (Privacy compliance)
Providers must communicate to users any attestations associated with a verifier

Status
titleSubmitted

15Verifiers must attest their use-cases - which in turn defines the data they will need to collect and its retention policy
  •  Part A: Verifiers
  •  Part B: Issuers
  •  Part C: Providers
  •  CC (Consent and Choice)
  •  PL (Purpose legitimacy and specification)
  •  CL (Collection limitation)
  •  DM (Data minimization)
  •  UR (Use, retention, and disclosure limitation)
  •  AQ (Accuracy and quality)
  •  OT (Openness, transparency, and access)
  •  IA (Individual access & participation)
  •  AC (Accountability)
  •  IS (Information Security)
  •  PS (Privacy compliance)
  •  CC (Consent and Choice)
  •  PL (Purpose legitimacy and specification)
  •  CL (Collection limitation)
  •  DM (Data minimization)
  •  UR (Use, retention, and disclosure limitation)
  •  AQ (Accuracy and quality)
  •  OT (Openness, transparency, and access)
  •  IA (Individual access & participation)
  •  AC (Accountability)
  •  IS (Information Security)
  •  PS (Privacy compliance)
Verifiers must attest their use-cases - which in turn defines the data they will need to collect and its retention policy

Status
titleSubmitted

16Verifiers must identify themselves
  •  Part A: Verifiers
  •  Part B: Issuers
  •  Part C: Providers
  •  CC (Consent and Choice)
  •  PL (Purpose legitimacy and specification)
  •  CL (Collection limitation)
  •  DM (Data minimization)
  •  UR (Use, retention, and disclosure limitation)
  •  AQ (Accuracy and quality)
  •  OT (Openness, transparency, and access)
  •  IA (Individual access & participation)
  •  AC (Accountability)
  •  IS (Information Security)
  •  PS (Privacy compliance)
  •  CC (Consent and Choice)
  •  PL (Purpose legitimacy and specification)
  •  CL (Collection limitation)
  •  DM (Data minimization)
  •  UR (Use, retention, and disclosure limitation)
  •  AQ (Accuracy and quality)
  •  OT (Openness, transparency, and access)
  •  IA (Individual access & participation)
  •  AC (Accountability)
  •  IS (Information Security)
  •  PS (Privacy compliance)
Verifiers must identify themselves StatustitleSubmitted

Status
titleDraft

Status
colourBlue
title

Reviewed
2All identifying data shall be transacted through encrypted channels.
  •  Part A: Verifiers
  •  Part B: Issuers
  •  Part C: Providers
  •  CC (Consent and Choice)
  •  PL (Purpose legitimacy and specification)
  •  CL (Collection limitation)
  •  DM (Data minimization)
  •  UR (Use, retention, and disclosure limitation)
  •  AQ (Accuracy and quality)
  •  OT (Openness, transparency, and access)
  •  IA (Individual access & participation)
  •  AC (Accountability)
  •  IS (Information Security)
  •  PS (Privacy compliance)
  •  CC (Consent and Choice)
  •  PL (Purpose legitimacy and specification)
  •  CL (Collection limitation)
  •  DM (Data minimization)
  •  UR (Use, retention, and disclosure limitation)
  •  AQ (Accuracy and quality)
  •  OT (Openness, transparency, and access)
  •  IA (Individual access & participation)
  •  AC (Accountability)
  •  IS (Information Security)
  •  PS (Privacy compliance)
Encrypted channels

Status
titleSubmitted

  •  Type your task here, using "@" to assign to a user and "//" to select a due date
3Transparency to Holder at mobile credential presentment
  •  Part A: Verifiers
  •  Part B: Issuers
  •  Part C: Providers
  •  CC (Consent and Choice)
  •  PL (Purpose legitimacy and specification)
  •  CL (Collection limitation)
  •  DM (Data minimization)
  •  UR (Use, retention, and disclosure limitation)
  •  AQ (Accuracy and quality)
  •  OT (Openness, transparency, and access)
  •  IA (Individual access & participation)
  •  AC (Accountability)
  •  IS (Information Security)
  •  PS (Privacy compliance)
  •  CC (Consent and Choice)
  •  PL (Purpose legitimacy and specification)
  •  CL (Collection limitation)
  •  DM (Data minimization)
  •  UR (Use, retention, and disclosure limitation)
  •  AQ (Accuracy and quality)
  •  OT (Openness, transparency, and access)
  •  IA (Individual access & participation)
  •  AC (Accountability)
  •  IS (Information Security)
  •  PS (Privacy compliance)
Transparency at presentment

Status
titleSubmitted

  •  Type your task here, using "@" to assign to a user and "//" to select a due date
4Verifiers shall not request more than the strictly necessary PII for the provision of their services.
  •  Part A: Verifiers
  •  Part B: Issuers
  •  Part C: Providers
  •  CC (Consent and Choice)
  •  PL (Purpose legitimacy and specification)
  •  CL (Collection limitation)
  •  DM (Data minimization)
  •  UR (Use, retention, and disclosure limitation)
  •  AQ (Accuracy and quality)
  •  OT (Openness, transparency, and access)
  •  IA (Individual access & participation)
  •  AC (Accountability)
  •  IS (Information Security)
  •  PS (Privacy compliance)
  •  CC (Consent and Choice)
  •  PL (Purpose legitimacy and specification)
  •  CL (Collection limitation)
  •  DM (Data minimization)
  •  UR (Use, retention, and disclosure limitation)
  •  AQ (Accuracy and quality)
  •  OT (Openness, transparency, and access)
  •  IA (Individual access & participation)
  •  AC (Accountability)
  •  IS (Information Security)
  •  PS (Privacy compliance)
Limited data collection/request

Status
titleSubmitted

  •  Requirement using template to be created
  •   Check overlapping with requirement no.13
5

Verifiers shall request user consent prior the transmission of their PII. 

  •  Part A: Verifiers
  •  Part B: Issuers
  •  Part C: Providers
  •  CC (Consent and Choice)
  •  PL (Purpose legitimacy and specification)
  •  CL (Collection limitation)
  •  DM (Data minimization)
  •  UR (Use, retention, and disclosure limitation)
  •  AQ (Accuracy and quality)
  •  OT (Openness, transparency, and access)
  •  IA (Individual access & participation)
  •  AC (Accountability)
  •  IS (Information Security)
  •  PS (Privacy compliance)
  •  CC (Consent and Choice)
  •  PL (Purpose legitimacy and specification)
  •  CL (Collection limitation)
  •  DM (Data minimization)
  •  UR (Use, retention, and disclosure limitation)
  •  AQ (Accuracy and quality)
  •  OT (Openness, transparency, and access)
  •  IA (Individual access & participation)
  •  AC (Accountability)
  •  IS (Information Security)
  •  PS (Privacy compliance)
Request for user consent

Status
titleSubmitted

  •  Requirement using template to be created
  •   
6Verifiers shall state a retention period for PII in their consent request.
  •  Part A: Verifiers
  •  Part B: Issuers
  •  Part C: Providers
  •  CC (Consent and Choice)
  •  PL (Purpose legitimacy and specification)
  •  CL (Collection limitation)
  •  DM (Data minimization)
  •  UR (Use, retention, and disclosure limitation)
  •  AQ (Accuracy and quality)
  •  OT (Openness, transparency, and access)
  •  IA (Individual access & participation)
  •  AC (Accountability)
  •  IS (Information Security)
  •  PS (Privacy compliance)
  •  CC (Consent and Choice)
  •  PL (Purpose legitimacy and specification)
  •  CL (Collection limitation)
  •  DM (Data minimization)
  •  UR (Use, retention, and disclosure limitation)
  •  AQ (Accuracy and quality)
  •  OT (Openness, transparency, and access)
  •  IA (Individual access & participation)
  •  AC (Accountability)
  •  IS (Information Security)
  •  PS (Privacy compliance)
Retention period

Status
titleSubmitted

  •  Requirement using template to be created
  •   
7Verifiers shall not store any PII when it is not required for the provision of their services.
  •  Part A: Verifiers
  •  Part B: Issuers
  •  Part C: Providers
  •  CC (Consent and Choice)
  •  PL (Purpose legitimacy and specification)
  •  CL (Collection limitation)
  •  DM (Data minimization)
  •  UR (Use, retention, and disclosure limitation)
  •  AQ (Accuracy and quality)
  •  OT (Openness, transparency, and access)
  •  IA (Individual access & participation)
  •  AC (Accountability)
  •  IS (Information Security)
  •  PS (Privacy compliance)
  •  CC (Consent and Choice)
  •  PL (Purpose legitimacy and specification)
  •  CL (Collection limitation)
  •  DM (Data minimization)
  •  UR (Use, retention, and disclosure limitation)
  •  AQ (Accuracy and quality)
  •  OT (Openness, transparency, and access)
  •  IA (Individual access & participation)
  •  AC (Accountability)
  •  IS (Information Security)
  •  PS (Privacy compliance)

Status
titleSubmitted

  •  Requirement using template to be created
  •   
8Verifiers shall not fall into collusive practices with Issuing Authorities or other Verifiers for user re-identification.
  •  Part A: Verifiers
  •  Part B: Issuers
  •  Part C: Providers
  •  CC (Consent and Choice)
  •  PL (Purpose legitimacy and specification)
  •  CL (Collection limitation)
  •  DM (Data minimization)
  •  UR (Use, retention, and disclosure limitation)
  •  AQ (Accuracy and quality)
  •  OT (Openness, transparency, and access)
  •  IA (Individual access & participation)
  •  AC (Accountability)
  •  IS (Information Security)
  •  PS (Privacy compliance)
  •  CC (Consent and Choice)
  •  PL (Purpose legitimacy and specification)
  •  CL (Collection limitation)
  •  DM (Data minimization)
  •  UR (Use, retention, and disclosure limitation)
  •  AQ (Accuracy and quality)
  •  OT (Openness, transparency, and access)
  •  IA (Individual access & participation)
  •  AC (Accountability)
  •  IS (Information Security)
  •  PS (Privacy compliance)

Status
titleSubmitted

  •  Requirement using template to be created
  •   
9

Verifiers shall adopt appropriate measures to ensure the security of stored PII.

  •  Part A: Verifiers
  •  Part B: Issuers
  •  Part C: Providers
  •  CC (Consent and Choice)
  •  PL (Purpose legitimacy and specification)
  •  CL (Collection limitation)
  •  DM (Data minimization)
  •  UR (Use, retention, and disclosure limitation)
  •  AQ (Accuracy and quality)
  •  OT (Openness, transparency, and access)
  •  IA (Individual access & participation)
  •  AC (Accountability)
  •  IS (Information Security)
  •  PS (Privacy compliance)
  •  CC (Consent and Choice)
  •  PL (Purpose legitimacy and specification)
  •  CL (Collection limitation)
  •  DM (Data minimization)
  •  UR (Use, retention, and disclosure limitation)
  •  AQ (Accuracy and quality)
  •  OT (Openness, transparency, and access)
  •  IA (Individual access & participation)
  •  AC (Accountability)
  •  IS (Information Security)
  •  PS (Privacy compliance)

Status
titleSubmitted

  •  Requirement using template to be created
  •   
10Verifiers shall guarantee appropriate means to ensure that user can access and request the erasure of their PII.
  •  Part A: Verifiers
  •  Part B: Issuers
  •  Part C: Providers
  •  CC (Consent and Choice)
  •  PL (Purpose legitimacy and specification)
  •  CL (Collection limitation)
  •  DM (Data minimization)
  •  UR (Use, retention, and disclosure limitation)
  •  AQ (Accuracy and quality)
  •  OT (Openness, transparency, and access)
  •  IA (Individual access & participation)
  •  AC (Accountability)
  •  IS (Information Security)
  •  PS (Privacy compliance)
  •  CC (Consent and Choice)
  •  PL (Purpose legitimacy and specification)
  •  CL (Collection limitation)
  •  DM (Data minimization)
  •  UR (Use, retention, and disclosure limitation)
  •  AQ (Accuracy and quality)
  •  OT (Openness, transparency, and access)
  •  IA (Individual access & participation)
  •  AC (Accountability)
  •  IS (Information Security)
  •  PS (Privacy compliance)

Status
titleSubmitted

  •  Requirement using template to be created
  •   
11Verifiers shall maintain appropriate registries and ensure access to Law Enforcement Authorities for accountability purposes.
  •  Part A: Verifiers
  •  Part B: Issuers
  •  Part C: Providers
  •  CC (Consent and Choice)
  •  PL (Purpose legitimacy and specification)
  •  CL (Collection limitation)
  •  DM (Data minimization)
  •  UR (Use, retention, and disclosure limitation)
  •  AQ (Accuracy and quality)
  •  OT (Openness, transparency, and access)
  •  IA (Individual access & participation)
  •  AC (Accountability)
  •  IS (Information Security)
  •  PS (Privacy compliance)
  •  CC (Consent and Choice)
  •  PL (Purpose legitimacy and specification)
  •  CL (Collection limitation)
  •  DM (Data minimization)
  •  UR (Use, retention, and disclosure limitation)
  •  AQ (Accuracy and quality)
  •  OT (Openness, transparency, and access)
  •  IA (Individual access & participation)
  •  AC (Accountability)
  •  IS (Information Security)
  •  PS (Privacy compliance)

Status
titleSubmitted

  •  Requirement using template to be created
  •   
12Verifiers shall not combine any PII for the purpose of re-identifying the data subject, unless specifically informed and justified.
  •  Part A: Verifiers
  •  Part B: Issuers
  •  Part C: Providers
  •  CC (Consent and Choice)
  •  PL (Purpose legitimacy and specification)
  •  CL (Collection limitation)
  •  DM (Data minimization)
  •  UR (Use, retention, and disclosure limitation)
  •  AQ (Accuracy and quality)
  •  OT (Openness, transparency, and access)
  •  IA (Individual access & participation)
  •  AC (Accountability)
  •  IS (Information Security)
  •  PS (Privacy compliance)
  •  CC (Consent and Choice)
  •  PL (Purpose legitimacy and specification)
  •  CL (Collection limitation)
  •  DM (Data minimization)
  •  UR (Use, retention, and disclosure limitation)
  •  AQ (Accuracy and quality)
  •  OT (Openness, transparency, and access)
  •  IA (Individual access & participation)
  •  AC (Accountability)
  •  IS (Information Security)
  •  PS (Privacy compliance)

Status
titleSubmitted

  •  Requirement using template to be created
  •   

Submitted

Status
colourYellow
titleUnder Review

Status
colourGreen
titleCandidate

Status
colourRed
titleExcluded

Created by an author but not yet ready for review by the Work Group

The author is ready for the requirement to be reviewed by the Work Group

The requirement is under review by the Work Group

The requirement has passed the initial Work Group review and can be included as a draft requirement (provisionally accepted)

The requirement will not be included as a draft requirement


Child pages (Children Display)
alltrue
reversetrue
excerptTyperich content