Nick Doty

I think we should indicate to the verifier that the multiple requests (and similarly for the request language) should be semantically compatible/equivalent, or the user/user agent/wallet are easily going to...

Was the "obscure, political or ideological reason" a reference to conducting privacy and security reviews? I don't follow the reasoning why doing security review (even though W3C reviews are certainly...

Is this the same issue as #184? Or was this "WIP" intended to be a work in progress pull request?

It seems user hostile to reveal or allow the control over the wallet to the issuer, both for privacy purposes (I might not want my government to know my software...

Loss of control of how a user presents their identity is described as a potential privacy risk here: https://github.com/w3c/credential-considerations/blob/main/credentials-considerations.md#invasions-of-privacy And the Privacy Principles include the need to help users present...

Agreed that cross-origin usage will be confusing to users and ripe for abuse. Is that something we need to support? W3C specs have in the past included recommendations around showing...

See also #84 for the requirements of issuers on the wallets they issue into. (Maybe there are separate issues about the implications of verifiers deciding which wallets are acceptable and...

If the spec were to no longer recommend user transparency, then you should simultaneously remove the part of the note in this section that recommends that authors use the `ping`...

Did it seem like we had consensus on #11309? I've tried my best to clarify the potential harm to users and privacy-friendly sites.

@timcappalli we don't have much experience with appointing additional people who can do not just a review, but also write up a suggested Working Group view of what fingerprinting risks...