Requirements Coverage

Owned by John Wunderlich
Last updated: Jan 10, 2024
1 min read

Ref

Principle

VIP Requirements

Verifiers

Issuers

Providers

Ref

Principle

VIP Requirements

Verifiers

Issuers

Providers

CC

Consent & Choice

  • If consent is not the basis for processing mobile credential data, the authority must be made clear before release.

  •  

 

https://kantara.atlassian.net/wiki/spaces/PEMCP/pages/12288014

 

https://kantara.atlassian.net/wiki/spaces/PEMCP/pages/21397557

 

 

https://kantara.atlassian.net/wiki/spaces/PEMCP/pages/21397557

PL

Purpose legitimacy and specification

  •  

 

https://kantara.atlassian.net/wiki/spaces/PEMCP/pages/12189713

 

 

https://kantara.atlassian.net/wiki/spaces/PEMCP/pages/2097242

CL

Collection Limitation

 

 

https://kantara.atlassian.net/wiki/spaces/PEMCP/pages/12288003

 

 

DM

Data Minimization

 

 

https://kantara.atlassian.net/wiki/spaces/PEMCP/pages/12320806
https://kantara.atlassian.net/wiki/spaces/PEMCP/pages/2097237

 

 

UR

Use, retention, and disclosure limitation

  • Can’t phone home

 

https://kantara.atlassian.net/wiki/spaces/PEMCP/pages/2097232
https://kantara.atlassian.net/wiki/spaces/PEMCP/pages/12648452
https://kantara.atlassian.net/wiki/spaces/PEMCP/pages/12189706

? Terminal Authentication - Issuer issues a policy

 

AQ

Accuracy & Quality

  • Minimum accuracy to fulfill the purpose of the transaction

  • Minimum tracking

    • Location

    • Longitudinal

  •  

 

 

 

OT

Openness, transparency, and access

  • Ability to see and correct data

 

https://kantara.atlassian.net/wiki/spaces/PEMCP/pages/12451853

 

 

https://kantara.atlassian.net/wiki/spaces/PEMCP/pages/2097288

IA

Individual access & participation

Mobile Credentials must be made available to all subjects that have right granted by Issuer

Verifiers must accept credential

Issuers must issue credential

Providers must hold credential

AC

Accountability

  •  

 

https://kantara.atlassian.net/wiki/spaces/PEMCP/pages/12156995

 

 

IS

Information Security

 

https://kantara.atlassian.net/wiki/spaces/PEMCP/pages/21397594

 

https://kantara.atlassian.net/wiki/spaces/PEMCP/pages/12320796

 

 

PS

Privacy Compliance

  • Where an entity processer mobile credential data for legal purposes …. (out of scope) - or records of access

  • Clarity on meaning of consent needed.