While defining the global identity system is clearly out of scope, the document does not consider how an RP will gather other identity data that may be required for a transaction. There are examples hinted at of private parties being able to store credentials in the wallet, but unclear how that would work. Would a corner cafe be able to do what is needed to be an RP to use the wallet as a loyalty program?
The architecture is vague on what the technical requirements are for an RP, how using the wallet might fit into existing registration flows, how an RP will discover if the user has a wallet, and what an RP will do if the user does not have a wallet. How will an RP be notified if the user's wallet had been compromised in a previous transaction?
While defining the global identity system is clearly out of scope, the document does not consider how an RP will gather other identity data that may be required for a transaction. There are examples hinted at of private parties being able to store credentials in the wallet, but unclear how that would work. Would a corner cafe be able to do what is needed to be an RP to use the wallet as a loyalty program?
The architecture is vague on what the technical requirements are for an RP, how using the wallet might fit into existing registration flows, how an RP will discover if the user has a wallet, and what an RP will do if the user does not have a wallet. How will an RP be notified if the user's wallet had been compromised in a previous transaction?