danielfett
commented
3 weeks ago - When credential matching via claim_sets, the presence/absence of certain claims might leak data (all claims used for deciding response must be included in consent)
- Response must be the same, whether there is no match for credentials or the user didn't consent.
bc-pi