marcoscaceres
commented
5 months ago @bvandersloot-mozilla, I wonder if this would be best covered as as part of https://github.com/WICG/digital-credentials/pull/111 ?
Open bvandersloot-mozilla opened 6 months ago
marcoscaceres
commented
5 months ago @bvandersloot-mozilla, I wonder if this would be best covered as as part of https://github.com/WICG/digital-credentials/pull/111 ?
The privacy property in the principles is "Prevent website from silently querying for the availability of digital credentials and communicating with wallet providers without explicit user consent" which, while good, misses many of the privacy implications of a call to the API by putting them into the scope of the supported protocols.
This will be useful when thinking about the first open question "To what extent does the browser introspect the request to wallets (for security and privacy properties)?". If there are identifiable properties, like unlinkability or zero knowledge of anything but an age range, there would be good reason to introspect so that we can provide a smoother interaction for the user where there is reduced privacy risk.
Identifying the properties of a protocol's requests in our registry would be useful to provide clear communication to protocol designers of what properties the browsers view as beneficial and would allow us to make this truly dumb plumbing to the platform.