diff --git a/index.html b/index.html index f977aadcd..1fdbf3338 100644 --- a/index.html +++ b/index.html @@ -267,20 +267,14 @@
-This specification provides normative and non-normative guidance on -implementing and managing [=verifiable credentials=] and associated -cryptographic practices. It emphasizes the importance of understanding and -updating cryptographic systems and managing private signing keys with limited -cryptoperiods. It discusses mechanisms for ensuring content integrity of -linked external resources and highlights the risks of unsigned claims. -Strategies are provided to mitigate man-in-the-middle (MITM), replay, and -spoofing attacks, and to address issues related to credential atomization, -validity periods, and device security. This specification also covers -acceptable use of credentials, warns against code injection risks, and -underscores the need for accessibility and internationalization -considerations, advocating for a data-first approach and adherence to -internationalization standards to ensure correct rendering of -multilingual text. +[=Credentials=] are integral to our daily lives: driver's licenses confirm +our capability to operate motor vehicles; university degrees assert our level +of education; and government-issued passports attest to our citizenship when +traveling between countries. This specification provides a mechanism for +expressing these sorts of [=credentials=] on the Web in a way that is +cryptographically secure, privacy respecting, and machine verifiable. These +[=credentials=] provide benefits to us when used in the physical world, but +their use on the Web continues to be elusive.
[=Credentials=] are integral to our daily lives: driver's licenses confirm -our capability to operate motor vehicles, university degrees assert our level -of education, and government-issued passports attest to our citizenship when +our capability to operate motor vehicles; university degrees assert our level +of education; and government-issued passports attest to our citizenship when traveling between countries. This specification provides a mechanism for expressing these sorts of [=credentials=] on the Web in a way that is cryptographically secure, privacy respecting, and machine verifiable. These @@ -4870,9 +4864,9 @@
Personally Identifiable Information [=Issuers=] are strongly advised to provide privacy-protecting [=verifiable credentials=] when possible — for example, by issuing `ageOver` [=verifiable credentials=] instead of `dateOfBirth` [=verifiable credentials=] for use when a -[=verifier=] wants to determine whether an [=entity=] is 18 years of age. +[=verifier=] wants to determine whether an [=entity=] is at least 18 years of age.
@@ -5095,7 +5089,7 @@
The solution to the privacy implications of correlation or aggregation tends not to be technological in nature, but policy-driven instead. Therefore, if a -[=holder=] wishes to avoid the aggregation of their information, they must +[=holder=] wishes to avoid the aggregation of their information, they need to express this in the [=verifiable presentations=] they transmit, and by the [=holders=] and [=verifiers=] to whom they transmit their [=verifiable presentations=]. @@ -5728,17 +5722,17 @@
-Regulators are advised to reconsider audit requirements such that mechanisms -that better preserve privacy can be used to achieve similar enforcement and -audit capabilities. For example, audit-focused regulations that insist on the -collection and long-term retention of personally identifiable information can -cause harm to individuals and organizations if that same information is later -compromised and accessed by an attacker. The technologies -described by this specification enable [=holders=] to prove properties about -themselves and others more readily, reducing the need for long-term data -retention by [=verifiers=]. Alternatives include keeping logs that the -information was collected and checked, as well as random tests to ensure -that compliance regimes are operating as expected. +Regulators are advised to reconsider existing audit requirements such that +mechanisms that better preserve privacy can be used to achieve similar +enforcement and audit capabilities. For example, audit-focused regulations +that insist on the collection and long-term retention of personally +identifiable information can cause harm to individuals and organizations +if that same information is later compromised and accessed by an attacker. +The technologies described by this specification enable [=holders=] to +prove properties about themselves and others more readily, reducing the +need for long-term data retention by [=verifiers=]. Alternatives include +keeping logs that the information was collected and checked, as well as +random tests to ensure that compliance regimes are operating as expected.
@@ -5823,7 +5817,7 @@@@ -6741,8 +6735,8 @@