From 5c3c97ead5497c4be7b87eb4d4a1ef1241a81e32 Mon Sep 17 00:00:00 2001 From: gabe Date: Tue, 20 Jun 2023 13:25:58 -0700 Subject: [PATCH 1/3] add section on pii --- index.html | 27 ++++++++++++++++++++++++--- 1 file changed, 24 insertions(+), 3 deletions(-) diff --git a/index.html b/index.html index 9d8f817..66e436e 100644 --- a/index.html +++ b/index.html @@ -777,7 +777,28 @@

Privacy Considerations

This section details the general privacy considerations and specific privacy implications of deploying this specification into production environments.

-
+
+

Personally Identifiable Information

+

+ Data associated with schemas and verifiable credentials are susceptible + to privacy violations when shared. Personally identifying data, such as a + government-issued identifier, address, or name, can be used to track and correlate + entities. Even less overt personal data such as a birthdate or postal code has + the ability to result in correlation and de-anonymization. +

+

+ Implementers are strongly advised to avoid constructing schemas with any personally + identifiable information. +

+

+ If such personally identifiable information is necessary in a schema, or a credential + schema, implementers are strongly advised to used mechanisms while storing and + transporting verifiable credentials that protect the data from those who should + not access it such as Transportation Layer Security (TLS) or other means of encrypting + the data whether in transit or at rest. +

+
+

Verifier Caching

Since schemas are immutable, they are highly cachable. @@ -788,7 +809,7 @@

Verifier Caching

verifier-based access patterns on the schema.

-
+

Content Distribution Networks

The use of content distribution networks by issuers can increase the @@ -808,7 +829,7 @@

Security Considerations

not understanding the implications of this section can result in security vulnerabilities.

-
+

Issuer Impersonation

It is possible for a schema to become authoritative, such as schemas From 6be3ff17ab69ca3dcb35ce6bf1a77c91434b49bc Mon Sep 17 00:00:00 2001 From: Gabe <7622243+decentralgabe@users.noreply.github.com> Date: Tue, 20 Jun 2023 17:03:34 -0500 Subject: [PATCH 2/3] Update index.html Co-authored-by: Andres Uribe --- index.html | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/index.html b/index.html index 66e436e..debb96a 100644 --- a/index.html +++ b/index.html @@ -792,7 +792,7 @@

Personally Identifiable Information

If such personally identifiable information is necessary in a schema, or a credential - schema, implementers are strongly advised to used mechanisms while storing and + schema, implementers are strongly advised to use mechanisms while storing and transporting verifiable credentials that protect the data from those who should not access it such as Transportation Layer Security (TLS) or other means of encrypting the data whether in transit or at rest. From 87647aeb9b72ecd37a9826b073b12097b8f1c4a5 Mon Sep 17 00:00:00 2001 From: Gabe <7622243+decentralgabe@users.noreply.github.com> Date: Wed, 21 Jun 2023 13:59:59 -0500 Subject: [PATCH 3/3] Update index.html Co-authored-by: Ted Thibodeau Jr --- index.html | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/index.html b/index.html index debb96a..221a55c 100644 --- a/index.html +++ b/index.html @@ -788,7 +788,7 @@

Personally Identifiable Information

Implementers are strongly advised to avoid constructing schemas with any personally - identifiable information. + identifiable information (PII).

If such personally identifiable information is necessary in a schema, or a credential