Create candidate/straw-person text for "information/expectations for verifiers"; "information/expectations for issuers"; "information/expectations for providers" sections (guidance to audiences about what to expect from the Requirements documents - what the requirements are intended to achieve)
"Persons" will also have expectations of verifier/issuer/provider behaviour - that will be reflected in the RequirementsÂ
Describe what "privacy-enhancing" means from the point of view of each of the 3 target audiences
The material provided by Loffie is probably a good starting point for Issuers
e.g. Alice (holder) would like to know that Bob (verifier) will respect her privacy during and after the personal data interaction.Â
Discussion - which entity should be displaying the trust mark? The software provider? The Venue? The Certifier? all are possible and would have different meanings to the Person
A single interaction can involve more than one "Relying Party" that potentially receives data
Privacy-enhancing:
Sense of comfort that the credential holder has that their privacy is respected throughout the credential ecosystem
Should include the sense of "better than status quo"
The Presentation document:
Must be careful to avoid overburdening the Person with too many approvals or overloads
Potential work items:
RP registration topic
Creating "bundles" of data (purposes) for different use cases
Creating legal liability for RPs that they will honour their promises on how they will handle data according to the principles, some of which may exceed obligations for regulatory compliance, especially for unregulated use cases