It's an interesting list but I'm unclear about the scope of the charter that supports it. Is there one?
From where I stand, I would like to see some things clearly stated:
1 - The Holder SHOULD be a semi-autonomous and delegatable agent of the subject. This would help to address the power asymmetry between Issuers and Verifiers vs. subjects.
2 - Verifiers MUST scope and sign their verification requests. Scope MUST include a purpose. The signature MUST be sufficient to keep the verifier accountable if they breach their stated purpose of the request.
3 - The process of unwitnessed online verification must be clear. For example, under what use-cases is the subject expected to use a user-agent (mobile or hosted) that is "certified" or otherwise controlled by some government or federated private entity.
A single-purpose wallet controlled by an Issuer or Verifier and not used for interaction outside of that specific scope could, of course, be certified by either the Issuer or Verifier.
4 - Protocols for presentation to the Verifier must consider the cost and inconvenience of doing request verifications, making authorization decisions, and keeping logs for Verifier accountability. Verifiers SHOULD post a payment or deposit in order to
prevent spam and offset these costs borne by the subject. We cannot assume that subjects have a choice or that verifiers always compete fairly for subject engagement.
5 - The essential components, including wallets, for use of government-issued credentials MUST be free and accessible to all. We expect that for paper credentials, don't we?
Adrian
|
John Wunderlich shared a spreadsheet
|
|
As a participant in the PEMC workgroup, this link provides you editor access to the Google Sheet that we are using to gather requirements. It should be relatively self explanatory but feel free to reach
out to me or to join the call this Wedndesay.
John Wunderlich
john@wunderlich.ca |
If you don't want to receive files from this person,
block the sender from Drive |
Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA
You have received this email because
john@wunderlich.ca shared a spreadsheet with you from Google Sheets. |
 |
|
|
|
This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify
the system manager. This message contains confidential information and is intended only for the individual named. If you are not the named addressee you should not disseminate, distribute or copy this e-mail. Please notify the sender immediately by e-mail
if you have received this e-mail by mistake and delete this e-mail from your system. If you are not the intended recipient you are notified that disclosing, copying, distributing or taking any action in reliance on the contents of this information is strictly
prohibited.
