Four-Party Model

[giadas]

Referring to Section 4 "The Four-Party Model":

1. the relationship between Holder, Wallet Provider, Wallet Solution, End-User and End-User's Wallet should be clarified. They are all mentioned in the text however it is not clear which ones are part of the Four-Party Model and their relationships. For example, is the Holder an End-User of the Wallet Instance or is mapping with the Wallet Instance itself?
2. evaluate to remove from Figure 1 (6 entities) the entities that are not part of the Four-Party Model. E.g., the Authentic Source is not discussed in this section.
3. Intermediates are not part of Figure 1 but they are discussed in the text

[peppelinux]

1. I would not describe the relationships between End-User and End-User's Wallet since we only have to consider the Holder in the proposed model (for simplicity)

1.1 and 2. the representation is a sort of extended description of the entities interactions where only the four parties interacts each other, while authentic sources and wallet provider are held on the edge, interacting exclusively with their direct audience. In the first proposal of this draft they was included in a 6-party model, during the first revision the co-authors agreed to mention only the most peculiar 4 parties for sake of simplicity and also to not consider exclusive interactions between the parties

3. Intermediates are part of the openid federation specs and represent trusted third parties, therefore the Trust Anchor and its intermediaries are cosidered trusted third parties and therefore represented like a single entity for sake of simplicity

[giadas]

While I like simplicity, I still suggest being consistent in the document regarding the terminology used.

If the choice is to consider only the Holder, is it possible to avoid the term "End-User" (e.g., in the sentence "Consequently, the End-User obtains and holds the Digital Credentials without disclosing their intended use to the Credential Issuers. At any subsequent time, the End-User can present these Digital Credentials to a Credential Verifier to authenticate themselves.")?

Plus, which is the relationship between the Holder and the term "Wallet Instance" (or "End-User's Wallet") that is defined in this specification?

While I understand the choice to have 4 parties in the model and to consider the Intermediaries as part of the Trust Anchor, I suggest adding the reason behind this choice to help the reader understand why these entities are treated differently.