Here I am mostly drawing from a slide deck created by the MIT Credential Consortium of Universities throughout the world. The killer app turns out to be rendering the VC. So not only the subject, but others (like even the issuer) need to see the WHOLE THING in a format that is human readable. From a privacy perspective it is necessary (IMHO) for the subject and the holder to understand what a VC actually contains.

Here are 2 proposed requirements.

1, The subject of any mobile credential can see the entire contents of the credential in a format that they can understand. (Note that this does not say they need all of the exact contents of the VC because it might make any sense to them. It does not need to be specified if the rendering occurs on the issuer or by the provider.)

Now whether this is on the phone or as a PDF does not need to be what the PEMC requires.

The other requirement I proposed at the last meeting.

2. If the holder gives the verifier access to the data that the verifier requested then the verifier MAY NOT ask for more data to meet the requirement specified by the initial request. This is designed to prevent a dark pattern of continued incremental requests for more data and more data.

attachment is from a university in Mexico

..tom