Nick Doty

> in general we can't just provide some functionality to some sites and not others based on the whim of some group of individuals. I don't understand the proposal to...

High-level context for why registration is a useful protection, and one relevant legal citation: https://github.com/w3cping/credential-considerations/blob/main/credentials-considerations.md#registration

As credentials can be obtained and used in so many ways, does the single bit of information that a user has a credential of some kind, or a wallet app...

For government-issued credentials with high-assurance personal information, this shouldn't generally be a quick or automatic prompt, or something done on many webpages. Instead, the goal should be that a user...

(Apologies, forgot the follow-up request until now.) My thinking that because this request was likely to be high-context, explained with some alternatives and not something that would be prompted automatically...

This may be related to the concern about _irresponsible wallets_ and wallet attestations (as discussed on the 12 February and 21 February calls).

Enumeration of wallets or wallet capabilities is a serious privacy risk -- it would certainly be abused for fingerprinting, but even more so, it would be abused to learn perhaps...

Protocol needs to provide detail in the query such that the browser can understand what is a compatible credential and what are the specific data elements being requested, such that...

Protocol needs to enable passing an indication to the user to explain the context of the request (who is requesting it, why, with what privacy protections, etc.), and/or the elements...

An overall explanation like that might be useful, yes. But if selective disclosure is intended as one of the primary privacy-focused mechanisms of this technology, then people will also need...