dcrousso
commented
2 years ago I've added some more information to that section that hopefully clarifies. Thanks for bringing this up!
Open npdoty opened 2 years ago
dcrousso
commented
2 years ago I've added some more information to that section that hopefully clarifies. Thanks for bringing this up!
dickhardt
commented
2 years ago While I agree with the non-goal of
- Define how the response to the request is used by the server is out of scope.
A discussion on the considerations in using the response is critical for a reader to understand the value of this API.
While requesting only some of the data elements improves privacy by minimizing disclosure, there is no binding between the data elements and the person presenting the data elements -- we only know the data elements are bound to the device.
For example, let's say an online wine vendor wants to verify an account belongs to a person who is over 21. If I lend my phone with my mDL to someone underage they can create an account at the vendor with their email and then the vendor website would request the minimal data element that the user is over 21 and store the conclusion. There is little disincentive for me to lend my credential as there are no consequences to me for lending.
To increase the disincentive for me to lend my credential, the wine merchant will request more data elements (such as name, address, DOB) that would identify me so that I am discouraged to lending. This is counter to the privacy objective of minimal disclosure.
Initial feedback would be that privacy and security concerns should be expected and are extremely considerable.
I would anticipate that privacy and security considerations would make up the majority of any specification along these lines and of any explainer/proposal that would allow for evaluation of whether this is promising work for the web platform. Reviewers can provide feedback once that write-up is available.