It's interesting. But not practical. We need wallets to be accountable. Free and accountable does not compute. thx ..Tom (mobile) On Sat, Oct 21, 2023, 6:28 PM Salvatore D'Agostino <sal@idmachines.com> wrote:

Thanks Adrian, really like #5

IDmachines 4 Lamson Place Cambridge, MA 02139-2612 +1 617.201.4809 https://IDmachines.com ------------------------------ *From:* Adrian Gropper <agropper@gmail.com> *Sent:* Saturday, October 21, 2023 4:21 PM *To:* John Wunderlich <john@wunderlich.ca> *Cc:* aglasscock@nascio.org <aglasscock@nascio.org>; andrewhughes3000@gmail.com <andrewhughes3000@gmail.com>; athomabaker@apple.com <athomabaker@apple.com>; chaudhury@google.com < chaudhury@google.com>; gail.hodges@oidf.org <gail.hodges@oidf.org>; hannah.sutor@gmail.com <hannah.sutor@gmail.com>; hlf@sphericalcowconsulting.com <hlf@sphericalcowconsulting.com>; jazzmine.dowtin@idemia-nss.com <jazzmine.dowtin@idemia-nss.com>; jimpasquale@gmail.com <jimpasquale@gmail.com>; lisa.levasseur@internetsafetylabs.org < lisa.levasseur@internetsafetylabs.org>; ljordaan@aamva.org < ljordaan@aamva.org>; maria.vachino@jhuapl.edu <maria.vachino@jhuapl.edu>; maronson@notary.org <maronson@notary.org>; mcristinatl@outlook.es < mcristinatl@outlook.es>; noreen.whysel@me2ba.org <noreen.whysel@me2ba.org>; peter.davis@airsidemobile.com <peter.davis@airsidemobile.com>; Salvatore D'Agostino <sal@idmachines.com>; thomasclinganjones@gmail.com < thomasclinganjones@gmail.com>; tim@entrustient.com <tim@entrustient.com>; vkrishnaraj@google.com <vkrishnaraj@google.com>; williams.2560@gmail.com < williams.2560@gmail.com> *Subject:* Re: Spreadsheet shared with you: "PEMC Requirements Coverage"

It's an interesting list but I'm unclear about the scope of the charter that supports it. Is there one?

From where I stand, I would like to see some things clearly stated:

1 - The Holder SHOULD be a semi-autonomous and delegatable agent of the subject. This would help to address the power asymmetry between Issuers and Verifiers vs. subjects.

2 - Verifiers MUST scope and sign their verification requests. Scope MUST include a purpose. The signature MUST be sufficient to keep the verifier accountable if they breach their stated purpose of the request.

3 - The process of unwitnessed online verification must be clear. For example, under what use-cases is the subject expected to use a user-agent (mobile or hosted) that is "certified" or otherwise controlled by some government or federated private entity. A *single-purpose* wallet controlled by an Issuer or Verifier and not used for interaction outside of that specific scope could, of course, be certified by either the Issuer or Verifier.

4 - Protocols for presentation to the Verifier must consider the cost and inconvenience of doing request verifications, making authorization decisions, and keeping logs for Verifier accountability. Verifiers SHOULD post a payment or deposit in order to prevent spam and offset these costs borne by the subject. We cannot assume that subjects have a choice or that verifiers always compete fairly for subject engagement.

5 - The essential components, including wallets, for use of government-issued credentials MUST be free and accessible to all. We expect that for paper credentials, don't we?

Adrian

On Mon, Oct 16, 2023 at 1:01 PM John Wunderlich (via Google Sheets) < drive-shares-dm-noreply@google.com> wrote:

...

John Wunderlich shared a spreadsheet [image: Unknown profile photo] John Wunderlich (john@wunderlich.ca) has invited you to *edit* the following spreadsheet: As a participant in the PEMC workgroup, this link provides you editor access to the Google Sheet that we are using to gather requirements. It should be relatively self explanatory but feel free to reach out to me or to join the call this Wedndesay.

John Wunderlich john@wunderlich.ca PEMC Requirements Coverage

<https://docs.google.com/spreadsheets/d/1yJ1B9fAXMsj1IGiI2tsAihxXvXhj7VUM0xj6w6rUX4A/edit?usp=sharing_eil_m&ts=652d6c80>

Open <https://docs.google.com/spreadsheets/d/1yJ1B9fAXMsj1IGiI2tsAihxXvXhj7VUM0xj6w6rUX4A/edit?usp=sharing_eip_m&ts=652d6c80> If you don't want to receive files from this person, block the sender <https://drive.google.com/drive/blockuser?blockerEmail=agropper@gmail.com&blockeeEmail=john@wunderlich.ca&usp=sharing_eib_m> from Drive Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA You have received this email because john@wunderlich.ca shared a spreadsheet with you from Google Sheets. [image: Google] <https://workspace.google.com/>

This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This message contains confidential information and is intended only for the individual named. If you are not the named addressee you should not disseminate, distribute or copy this e-mail. Please notify the sender immediately by e-mail if you have received this e-mail by mistake and delete this e-mail from your system. If you are not the intended recipient you are notified that disclosing, copying, distributing or taking any action in reliance on the contents of this information is strictly prohibited.