CC

Consent & Choice

• If consent is not the basis for processing mobile credential data, the authority must be made clear before release.

https://kantara.atlassian.net/wiki/spaces/PEMCP/pages/12288014

https://kantara.atlassian.net/wiki/spaces/PEMCP/pages/21397557

https://kantara.atlassian.net/wiki/spaces/PEMCP/pages/21397557

PL

Purpose legitimacy and specification

https://kantara.atlassian.net/wiki/spaces/PEMCP/pages/12189713

https://kantara.atlassian.net/wiki/spaces/PEMCP/pages/2097242

CL

Collection Limitation

https://kantara.atlassian.net/wiki/spaces/PEMCP/pages/12288003

DM

Data Minimization

https://kantara.atlassian.net/wiki/spaces/PEMCP/pages/12320806https://kantara.atlassian.net/wiki/spaces/PEMCP/pages/2097237

UR

Use, retention, and disclosure limitation

• Can’t phone home

https://kantara.atlassian.net/wiki/spaces/PEMCP/pages/2097232https://kantara.atlassian.net/wiki/spaces/PEMCP/pages/12648452https://kantara.atlassian.net/wiki/spaces/PEMCP/pages/12189706

? Terminal Authentication - Issuer issues a policy

AQ

Accuracy & Quality

• Minimum accuracy to fulfill the purpose of the transaction

• Minimum tracking

  • Location

  • Longitudinal

OT

Openness, transparency, and access

• Ability to see and correct data

https://kantara.atlassian.net/wiki/spaces/PEMCP/pages/12451853

https://kantara.atlassian.net/wiki/spaces/PEMCP/pages/2097288

IA

Individual access & participation

Mobile Credentials must be made available to all subjects that have right granted by Issuer

Verifiers must accept credential

Issuers must issue credential

Providers must hold credential

AC

Accountability

https://kantara.atlassian.net/wiki/spaces/PEMCP/pages/12156995

IS

Information Security

https://kantara.atlassian.net/wiki/spaces/PEMCP/pages/21397594

https://kantara.atlassian.net/wiki/spaces/PEMCP/pages/12320796

PS

Privacy Compliance

• Where an entity processer mobile credential data for legal purposes …. (out of scope) - or records of access

• Clarity on meaning of consent needed.