RD AD Attestation Result analogy

[mcr]

** Section 8.4.

   Thus, Attestation Results often need to include detailed information
   about the Attester, for use by Relying Parties, much like physical
   passports and drivers licenses include personal information such as
   name and date of birth.  

I'm not convinced this analogy is helpful. Yes, it conveys the need for detailed information but it also immediately suggests Attestation Results might include PII or privacy sensitive identifiers.

[nedmsmith]

I agree that the analogy to physical passports is misleading. The paragraph tries to justify AR as being detailed and privacy sensitive then in the next paragraph tries to describe them as not needing to be too specific; "Unlike Evidence, which is often very device- and vendor-specific, Attestation Results can be vendor-neutral, if the Verifier has a way to generate vendor-agnostic information based on the appraisal of vendor-specific information in Evidence."

It is sufficient to say that both Evidence and Attestation Results can contain privacy sensitive content. The Attester may rely on the Verifier to obfuscate privacy sensitive Claims that were shared as part of Evidence.

[henkbirkholz]

It should be clear that appraising Evidence involves various procedures that are part of the appraisal and that these can be quite resource intensive (like creating a passport), in contrast to Attestation Results that are intended to be easily digestible and universal understood (like using a passport)!

[mcr]

add, "...can contain privacy sensitive information as discussed in section {Privacy}"