16_V_DM: Verifiers must only request the minimum data required for their transaction

Owned by
Venkat (Unlicensed)
Last updated: Aug 09, 2023 by
John Wunderlich

Statement: Verifiers shall only request the minimum data required for their transaction

Review Meeting(s): TBD

Status: Draft

Item

Description

Item

Description

Statement (Single phrase or sentence)

Verifiers shall only request the minimum data required for their transaction

Description

To avoid excessive collection of data, the Verifiers attested data fields should map to the minimum required to meet their attested use-case.

: attested means that the attested use cases delineate the data fields requested.

:three requirements #5, #6, and #7&#16 to be aligned and sequenced for common language.

: categories of data => required, optional, and ephemeral

: discussion of minimum required for the identified purpose - needs to be flexible enough to allow for various profiles and operational contexts

: Tom instead of relevance - the element @context is designed specifically to bring in addtional schema and requirements.

: Loffie - another step - which option or services do you want?

: John - how to do this without cognitive overload

: Loffie - cognitive overload can be addressed by UX

Verifiers shall only request the strictly necessary PII to provide the services according to justified purposes for data processing. When no identification of the user is needed, Verifiers should accept the isolated proof of attributes via selective disclosure techniques or when possible, zero-knowledge proofs.

Scope (applies to)

Part A: Verifiers
Part B: Issuers
Part C: Providers

Select the Primary Consideration

CC (Consent and Choice)
PL (Purpose legitimacy and specification)
CL (Collection limitation)
DM (Data minimization)
UR (Use, retention, and disclosure limitation)
AQ (Accuracy and quality)
OT (Openness, transparency, and access)
IA (Individual access & participation)
AC (Accountability)
IS (Information Security)
PS (Privacy compliance)

Reference

16_V_DM

Other considerations

CC (Consent and Choice)
PL (Purpose legitimacy and specification)
CL (Collection limitation)
DM (Data minimization)
UR (Use, retention, and disclosure limitation)
AQ (Accuracy and quality)
OT (Openness, transparency, and access)
IA (Individual access & participation)
AC (Accountability)
IS (Information Security)
PS (Privacy compliance)

Explanatory Notes (Text or Link)

From # 6
Verifiers shall only request the strictly necessary PII to provide the services according to justified purposes for data processing. When no identification of the user is needed, Verifiers should accept the isolated proof of attributes via selective disclosure techniques or when possible, zero-knowledge proofs.

Page Tasks

 

Type your task here, using "@" to assign to a user and "//" to select a due date