digital-credentials icon indicating copy to clipboard operation
digital-credentials copied to clipboard
verified publisher icon WICG

[spec] add statement about responses with PII MUST be encrypted

Open timcappalli opened this issue 1 year ago • 2 comments

from #109, specifically https://github.com/WICG/digital-credentials/issues/109#issuecomment-2145712700

Add something along the lines of:

implementations which pass PII in the response MUST encrypt that information to the verifier in some fashion"

timcappalli avatar Jun 11 '24 21:06 timcappalli

Can we put that if some input is present the output must be encrypted? Then we can force that algorithmically (and maybe test for it).

marcoscaceres avatar Jun 12 '24 05:06 marcoscaceres

I don't disagree with a sentiment in a proposed statement, but is a MUST in it really enforceable at the browser API level (somewhat elaborating on https://github.com/WICG/digital-credentials/issues/109#issuecomment-2144546607)? In reality, wouldn't it be up to a wallet to decide if the encryption is required and reject the request without a public key for encryption, when the wallet requires encryption?

Sakurann avatar Aug 01 '24 01:08 Sakurann

To Do: add requirement to registry criteria (https://github.com/WICG/digital-credentials/pull/157)

timcappalli avatar Nov 17 '24 14:11 timcappalli

Added in https://github.com/WICG/digital-credentials/pull/157/commits/38f0a01f13e4786fc515b85d21b6c47621a66020

timcappalli avatar Mar 26 '25 12:03 timcappalli