Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Item

Description

Statement (Single phrase or sentence)

Verifiers shall only request the minimum data required for their transaction

Description

To avoid excessive collection of data, the Verifiers attested data fields should map to the minimum required to meet their attested use-case.

: attested means that the attested use cases delineate the data fields requested.

:three requirements #5, #6, and #7&#16 to be aligned and sequenced for common language.

: categories of data => required, optional, and ephemeral

: discussion of minimum required for the identified purpose - needs to be flexible enough to allow for various profiles and operational contexts

: Tom instead of relevance - the element @context is designed specifically to bring in addtional schema and requirements.

: Loffie - another step - which option or services do you want?

: John - how to do this without cognitive overload

: Loffie - cognitive overload can be addressed by UX

Verifiers shall only request the strictly necessary PII to provide the services according to justified purposes for data processing. When no identification of the user is needed, Verifiers should accept the isolated proof of attributes via selective disclosure techniques or when possible, zero-knowledge proofs.

Scope (applies to)

  •  Part A: Verifiers
  •  Part B: Issuers
  •  Part C: Providers

Select the Primary Consideration

  •  CC (Consent and Choice)
  •  PL (Purpose legitimacy and specification)
  •  CL (Collection limitation)
  •  DM (Data minimization)
  •  UR (Use, retention, and disclosure limitation)
  •  AQ (Accuracy and quality)
  •  OT (Openness, transparency, and access)
  •  IA (Individual access & participation)
  •  AC (Accountability)
  •  IS (Information Security)
  •  PS (Privacy compliance)

Reference

16_V_DM

Other considerations

  •  CC (Consent and Choice)
  •  PL (Purpose legitimacy and specification)
  •  CL (Collection limitation)
  •  DM (Data minimization)
  •  UR (Use, retention, and disclosure limitation)
  •  AQ (Accuracy and quality)
  •  OT (Openness, transparency, and access)
  •  IA (Individual access & participation)
  •  AC (Accountability)
  •  IS (Information Security)
  •  PS (Privacy compliance)

Select the Identifiers

  •  Direct
  •  Indirect
  •  Unique

Explanatory Notes (Text or Link)

From # 6
Verifiers shall only request the strictly necessary PII to provide the services according to justified purposes for data processing. When no identification of the user is needed, Verifiers should accept the isolated proof of attributes via selective disclosure techniques or when possible, zero-knowledge proofs.

...