From 0ad738327ced33c3ae153528dec341564c30010e Mon Sep 17 00:00:00 2001
From: Gabe <7622243+decentralgabe@users.noreply.github.com>
Date: Tue, 27 Aug 2024 12:22:54 -0700
Subject: [PATCH] Fix more grammar and flow throughout specification.
Co-authored-by: Ted Thibodeau Jr
-This specification provides normative and non-normative guidance on
-implementing and managing [=verifiable credentials=] and associated
-cryptographic practices. It emphasizes the importance of understanding and
-updating cryptographic systems and managing private signing keys with limited
-cryptoperiods. It discusses mechanisms for ensuring content integrity of
-linked external resources and highlights the risks of unsigned claims.
-Strategies are provided to mitigate man-in-the-middle (MITM), replay, and
-spoofing attacks, and to address issues related to credential atomization,
-validity periods, and device security. This specification also covers
-acceptable use of credentials, warns against code injection risks, and
-underscores the need for accessibility and internationalization
-considerations, advocating for a data-first approach and adherence to
-internationalization standards to ensure correct rendering of
-multilingual text.
+[=Credentials=] are integral to our daily lives: driver's licenses confirm
+our capability to operate motor vehicles; university degrees assert our level
+of education; and government-issued passports attest to our citizenship when
+traveling between countries. This specification provides a mechanism for
+expressing these sorts of [=credentials=] on the Web in a way that is
+cryptographically secure, privacy respecting, and machine verifiable. These
+[=credentials=] provide benefits to us when used in the physical world, but
+their use on the Web continues to be elusive.
[=Credentials=] are integral to our daily lives: driver's licenses confirm
-our capability to operate motor vehicles, university degrees assert our level
-of education, and government-issued passports attest to our citizenship when
+our capability to operate motor vehicles; university degrees assert our level
+of education; and government-issued passports attest to our citizenship when
traveling between countries. This specification provides a mechanism for
expressing these sorts of [=credentials=] on the Web in a way that is
cryptographically secure, privacy respecting, and machine verifiable. These
@@ -4870,9 +4864,9 @@ Introduction
Spectrum of Privacy
For example, many people would prefer to remain anonymous when purchasing
alcohol because the regulation is only to verify whether a purchaser is
above a specific age. In contrast, when filling prescriptions written by
-a medical professional for a patient, the pharmacy must more strongly
-identify both the prescriber and the patient. No single approach to
-privacy works for all use cases.
+a medical professional for a patient, the pharmacy is legally required
+to more strongly identify both the prescriber and the patient. No single
+approach to privacy works for all use cases.
Personally Identifiable Information [=Issuers=] are strongly advised to provide privacy-protecting [=verifiable credentials=] when possible — for example, by issuing `ageOver` [=verifiable credentials=] instead of `dateOfBirth` [=verifiable credentials=] for use when a -[=verifier=] wants to determine whether an [=entity=] is 18 years of age. +[=verifier=] wants to determine whether an [=entity=] is at least 18 years of age.
@@ -5095,7 +5089,7 @@
The solution to the privacy implications of correlation or aggregation tends not to be technological in nature, but policy-driven instead. Therefore, if a -[=holder=] wishes to avoid the aggregation of their information, they must +[=holder=] wishes to avoid the aggregation of their information, they need to express this in the [=verifiable presentations=] they transmit, and by the [=holders=] and [=verifiers=] to whom they transmit their [=verifiable presentations=]. @@ -5728,17 +5722,17 @@
-Regulators are advised to reconsider audit requirements such that mechanisms -that better preserve privacy can be used to achieve similar enforcement and -audit capabilities. For example, audit-focused regulations that insist on the -collection and long-term retention of personally identifiable information can -cause harm to individuals and organizations if that same information is later -compromised and accessed by an attacker. The technologies -described by this specification enable [=holders=] to prove properties about -themselves and others more readily, reducing the need for long-term data -retention by [=verifiers=]. Alternatives include keeping logs that the -information was collected and checked, as well as random tests to ensure -that compliance regimes are operating as expected. +Regulators are advised to reconsider existing audit requirements such that +mechanisms that better preserve privacy can be used to achieve similar +enforcement and audit capabilities. For example, audit-focused regulations +that insist on the collection and long-term retention of personally +identifiable information can cause harm to individuals and organizations +if that same information is later compromised and accessed by an attacker. +The technologies described by this specification enable [=holders=] to +prove properties about themselves and others more readily, reducing the +need for long-term data retention by [=verifiers=]. Alternatives include +keeping logs that the information was collected and checked, as well as +random tests to ensure that compliance regimes are operating as expected.
@@ -5823,7 +5817,7 @@@@ -6741,8 +6735,8 @@