Open dvorak42 opened 10 months ago
For Sec-Trust-Token-Clear-Data, we ended up removing it as part of #130 due to some of the potential attacks/privacy challenges with the feature and the fact that a malicious actor could just ignore the Clear-Data header, which makes it difficult to provide any guarantees on how it is used in the ecosystem. Issuers are encouraged to issue smaller batches of tokens .
This issue is for the Clear-Site-Data behavior when the user/client deletes all site data from a site (which for an issuer would delete the tokens/records stored there).
Will PST have a functionality similar to
Sec-Trust-Token-Clear-Data
in Trust tokens? I don't see any such functionality in the PST API. If not, is there a way for issuer to clear tokens for a client?