@@ -1021,17 +1021,19 @@ <h3>
1021
1021
< p class ="issue " title ="Work in progress "> </ p >
1022
1022
< p >
1023
1023
The Digital Credentials API enables the sharing of highly personal,
1024
- sensitive, and at-risk user information with websites via credentials,
1025
- potentially granting the ability to track users online and offline,
1026
- through permanent, unique, irrevocable, cross-context identifiers. It
1027
- also reveals parts of the user's browsing activity as well as their
1028
- intent to identify to specific websites and/or wallets. One crucial
1029
- responsibility of the user agent in a credential request is to gather
1030
- permission from the user to proceed with the exchange of information.
1024
+ sensitive, and at-risk user information with websites via
1025
+ credentials, potentially granting the ability to track users online
1026
+ and offline, through permanent, unique, irrevocable, cross-context
1027
+ identifiers. It also reveals parts of the user's browsing activity as
1028
+ well as their intent to identify to specific websites and/or wallets.
1029
+ One crucial responsibility of the user agent in a credential request
1030
+ is to gather permission from the user to proceed with the exchange of
1031
+ information.
1031
1032
</ p >
1032
1033
< p >
1033
- Important context details that are needed for a user to make an informed
1034
- decision about proceeding with a credential exchange include the following:
1034
+ Important context details that are needed for a user to make an
1035
+ informed decision about proceeding with a credential exchange include
1036
+ the following:
1035
1037
</ p >
1036
1038
< ul >
1037
1039
< li > The origin of the verifier that requests the credential.
@@ -1066,13 +1068,13 @@ <h4>
1066
1068
Depending on the technical architecture of a user's system, it is
1067
1069
likely that the definition of a "user agent" will include multiple
1068
1070
cooperating layers of the software stack, such as a browser and the
1069
- operating system. The greatest priority for these layers has to be
1070
- a safe and well-informed user permission experience. As such,
1071
+ operating system. The greatest priority for these layers has to be a
1072
+ safe and well-informed user permission experience. As such,
1071
1073
integration can be vital for user safety. Some layers may hold
1072
1074
information that is inaccessible by other layers, such as the
1073
1075
availability of a user's credentials. Overprompting or prompting
1074
- without sufficient context could lead to (exploitable) confusion
1075
- and prompt blindness.
1076
+ without sufficient context could lead to (exploitable) confusion and
1077
+ prompt blindness.
1076
1078
</ p >
1077
1079
< p >
1078
1080
For this reason, user agents prompting for permission are encouraged
@@ -1102,8 +1104,8 @@ <h4>
1102
1104
wallet before sharing information with the verifier, or by the
1103
1105
verifier itself before initiating the request. With frameworks and
1104
1106
regulations for obtaining consent still being developed, this API
1105
- aims to enable the exchange of the necessary information, which
1106
- could include the following:
1107
+ aims to enable the exchange of the necessary information, which could
1108
+ include the following:
1107
1109
</ p >
1108
1110
< ul >
1109
1111
< li > The privacy policy of the verifier receiving the credential.
0 commit comments