|
62 | 62 | date: "2025-05-28", |
63 | 63 | publisher: "W3C" |
64 | 64 | }, |
| 65 | + "custom-schemes": { |
| 66 | + title: "Concerns with custom schemes for identity presentment", |
| 67 | + href: "https://github.com/w3c-fedid/digital-credentials/blob/main/custom-schemes.md", |
| 68 | + authors: ["Rick Byers"], |
| 69 | + date: "2024-05-01", |
| 70 | + publisher: "W3C" |
| 71 | + }, |
| 72 | + "presenting-credentials-on-the-web": { |
| 73 | + title: "Presenting Credentials on the Web", |
| 74 | + href: "https://docs.google.com/document/d/1Ppaz_EnhzHqPOz5UusRJvbSunh-RXPWgJ3Np_TM2EE0/", |
| 75 | + authors: ["Simone Onofri"] |
| 76 | + }, |
65 | 77 | }, |
66 | 78 | xref: { |
67 | 79 | profile: "web-platform", |
@@ -930,6 +942,60 @@ <h2> |
930 | 942 | evolving privacy landscape and participate in the corresponding |
931 | 943 | evolution of the API. |
932 | 944 | </p> |
| 945 | + <section> |
| 946 | + <h3> |
| 947 | + Design Considerations and Alternatives |
| 948 | + </h3> |
| 949 | + <p> |
| 950 | + The Digital Credentials API is designed to mediate requests for |
| 951 | + digital credentials from websites, being agnostic to the credential |
| 952 | + format and the information contained in it, as well as the protocol |
| 953 | + used to exchange it (within the bounds on the protocol registry |
| 954 | + inclusion criteria). This and other key design choices are derived |
| 955 | + from the goal of providing a more secure and private credential |
| 956 | + exchange experience for users than the existing alternatives (e.g., |
| 957 | + [[custom-schemes]]), that is still compatible with common exchange |
| 958 | + protocols for ease of adoption. |
| 959 | + </p> |
| 960 | + <p> |
| 961 | + The API provides the connection interface between [=verifiers=] and |
| 962 | + [=holders=], i.e. the means by which a [=digital credential/exchange |
| 963 | + protocol|credential exchange protocol=] is initiated and the user |
| 964 | + switches to the [=holder=] application to select a credential. |
| 965 | + Solutions that have been used for this purpose in the past include QR |
| 966 | + codes and custom URL schemes. As documented in |
| 967 | + [[[presenting-credentials-on-the-web]]] and [[[custom-schemes]]], |
| 968 | + those solutions have security, privacy, and accessibility concerns. |
| 969 | + </p> |
| 970 | + <p> |
| 971 | + With adoption of digital credential technology being driven by |
| 972 | + ecosystem demand and regulatory mandates, the Web platform offers an |
| 973 | + alternative to the aforementioned less-desirable technologies that is |
| 974 | + easy to use for developers, is compatible with existing credential |
| 975 | + exchange protocols and, most importantly, has better user privacy, |
| 976 | + security, and accessibility properties than these alternatives. |
| 977 | + </p> |
| 978 | + <p> |
| 979 | + The Digital Credentials API offers the user agent the ability to |
| 980 | + intermediate on behalf of the user (e.g. in the form of a |
| 981 | + [=credential chooser=]) to contextualize requests and <a href= |
| 982 | + "#permission-prior-to-wallet-selection">prevent immediate exposure to |
| 983 | + holder applications</a>. It also enforces certain minimum |
| 984 | + requirements on supported protocols, such as <a href= |
| 985 | + "#encrypting-credential-responses">response encryption</a>. |
| 986 | + </p> |
| 987 | + <aside class="note"> |
| 988 | + The Digital Credentials API is not intended to inhibit the |
| 989 | + development of other standardized solutions that enhance user |
| 990 | + privacy. For example, an API could be standardized that more strictly |
| 991 | + enforces unlinkability for specific purposes such as age |
| 992 | + verification. Higher-level, designed-for-purpose APIs often enable |
| 993 | + <a data-cite="privacy-principles#purpose-limitation">purpose |
| 994 | + limitation</a>, ease of explanation to the user, and privacy and |
| 995 | + security protections from <a data-cite= |
| 996 | + "design-principles#high-level-low-level">user agents</a>. |
| 997 | + </aside> |
| 998 | + </section> |
933 | 999 | <section data-cite="vc-data-model#spectrum-of-privacy"> |
934 | 1000 | <h3> |
935 | 1001 | Spectrum of Privacy |
|
0 commit comments