chore: tidy up index.html (#192)

github-actions[bot] · RByers · web-flow · commit e818d0c36aca · 2024-12-06T03:59:02.000+09:00
Co-authored-by: RByers &lt;1280419+RByers@users.noreply.github.com&gt;
diff --git a/index.html b/index.html
@@ -433,15 +433,15 @@ <h3>
       <h2>
         Security Considerations
       </h2>
-      <div class="issue" title="Security Considerations section is a work in progress">
+      <div class="issue" title=
+      "Security Considerations section is a work in progress">
         <p>
           This section is a work in progress as this document evolves.
         </p>
-
         <p>
-          The documents listed below outline initial security considerations for
-          Digital Credentials, both broadly and for presentation on the web.
-          Their contents will be integrated into this document gradually.
+          The documents listed below outline initial security considerations
+          for Digital Credentials, both broadly and for presentation on the
+          web. Their contents will be integrated into this document gradually.
         </p>
         <ul>
           <li>
@@ -450,91 +450,92 @@ <h2>
             TAG Security and Privacy Considerations Questionnaire (WIP)</a>
           </li>
           <li>
-            <a href="https://github.com/w3c-cg/threat-modeling/blob/main/models/decentralized-identities.md">
+            <a href=
+            "https://github.com/w3c-cg/threat-modeling/blob/main/models/decentralized-identities.md">
             Threat Model for Decentralized Identities</a>
           </li>
         </ul>
       </div>
-
       <section>
-        <h3>Credential Protocols</h3>
-
+        <h3>
+          Credential Protocols
+        </h3>
         <p class="issue" title="Work in progress">
-Explain that while the API provides security at the browser API level, that
-security for the underlying credential issuance or presentation protocol is a
-separate concern and that developers need to understand that layer of the stack
-to get a total picture of the protections that are in place during any given
-transaction.
+          Explain that while the API provides security at the browser API
+          level, that security for the underlying credential issuance or
+          presentation protocol is a separate concern and that developers need
+          to understand that layer of the stack to get a total picture of the
+          protections that are in place during any given transaction.
         </p>
       </section>
-
       <section>
-        <h3>Cross-device Protocols</h3>
-
+        <h3>
+          Cross-device Protocols
+        </h3>
         <p class="issue" title="Work in progress">
-Explain that cross-device issuance or presentation uses a separate protocol
-that has its own security characteristics.
+          Explain that cross-device issuance or presentation uses a separate
+          protocol that has its own security characteristics.
         </p>
       </section>
-
       <section>
-        <h3>Quishing</h3>
-
+        <h3>
+          Quishing
+        </h3>
         <p class="issue" title="Work in progress">
-Explain that the API is designed to avoid the problem of quishing
-(phishing via QR Codes) and other QR Code and non-browser API-based attacks
-and to be aware of exposure of QR Codes during digital credential interactions.
+          Explain that the API is designed to avoid the problem of quishing
+          (phishing via QR Codes) and other QR Code and non-browser API-based
+          attacks and to be aware of exposure of QR Codes during digital
+          credential interactions.
         </p>
       </section>
-
       <section>
-        <h3>Data Integrity</h3>
-
+        <h3>
+          Data Integrity
+        </h3>
         <p class="issue" title="Work in progress">
-Explain that the API does not provide data integrity on the digital
-credential requests or responses and that responsibility is up to the
-underlying protocol used for the request or response.
+          Explain that the API does not provide data integrity on the digital
+          credential requests or responses and that responsibility is up to the
+          underlying protocol used for the request or response.
         </p>
       </section>
-
       <section>
-        <h3>Authentication</h3>
-
+        <h3>
+          Authentication
+        </h3>
         <p class="issue" title="Work in progress">
-Explain that authentication (such as a PIN code to unlock) to a particular app,
-such as a digital wallet, that responds to an API request is crucial in
-high-risk use cases.
+          Explain that authentication (such as a PIN code to unlock) to a
+          particular app, such as a digital wallet, that responds to an API
+          request is crucial in high-risk use cases.
         </p>
       </section>
-
       <section>
-        <h3>Cross-Site Scripting (XSS) and Cross-Site Request Forgery (CSRF)</h3>
-
+        <h3>
+          Cross-Site Scripting (XSS) and Cross-Site Request Forgery (CSRF)
+        </h3>
         <p class="issue" title="Work in progress">
-Explain what attacks are possible via XSS and CSRF, if any.
+          Explain what attacks are possible via XSS and CSRF, if any.
         </p>
       </section>
-
       <section>
-        <h3>Session Security</h3>
-
+        <h3>
+          Session Security
+        </h3>
         <p class="issue" title="Work in progress">
-Explain that once a secure session is established at a website using
-credentials exchanged over this API, that the subsequent security is no
-longer a function of the credential used or this API and is up to the
-session management utilized on the website.
+          Explain that once a secure session is established at a website using
+          credentials exchanged over this API, that the subsequent security is
+          no longer a function of the credential used or this API and is up to
+          the session management utilized on the website.
         </p>
       </section>
-
     </section>
-
     <section class="informative">
       <h2>
         Privacy Considerations
       </h2>
-      <div class="issue" title="Privacy Considerations section is a work in progress">
+      <div class="issue" title=
+      "Privacy Considerations section is a work in progress">
         <p>
-        This section is a work in progress as this document evolves.
+          This section is a work in progress as this document evolves.
         </p>
         <p>
           The documents listed below outline various privacy considerations for
@@ -555,90 +556,93 @@ <h2>
             for consideration in Internet and Web standardization
           </li>
           <li>
-            <a href="https://github.com/w3c-cg/threat-modeling/blob/main/models/decentralized-identities.md">
+            <a href=
+            "https://github.com/w3c-cg/threat-modeling/blob/main/models/decentralized-identities.md">
             Threat Model for Decentralized Identities</a>
           </li>
         </ul>
       </div>
-
       <section>
-        <h3>Unnecessary Requests for Credentials</h3>
-
+        <h3>
+          Unnecessary Requests for Credentials
+        </h3>
         <p class="issue" title="Work in progress">
-Explain how the API could be used to unnecessarily request digital credentials
-from individuals such as requesting a driver's license to log into a
-movie rating website and how the ecosystem can mitigate this risk.
+          Explain how the API could be used to unnecessarily request digital
+          credentials from individuals such as requesting a driver's license to
+          log into a movie rating website and how the ecosystem can mitigate
+          this risk.
         </p>
       </section>
-
       <section>
-        <h3>Over Collection of Data</h3>
-
+        <h3>
+          Over Collection of Data
+        </h3>
         <p class="issue" title="Work in progress">
-Explain how the API could be used to request more data than necessary for
-a transaction and how the ecosystem can mitigate that over collection.
+          Explain how the API could be used to request more data than necessary
+          for a transaction and how the ecosystem can mitigate that over
+          collection.
         </p>
       </section>
-
       <section>
-        <h3>Individual Consent</h3>
-
+        <h3>
+          Individual Consent
+        </h3>
         <p class="issue" title="Work in progress">
-Explain how the API acquires an individual's consent to share a digital
-credential and how digital wallets can also provide further consent when
-sharing information.
+          Explain how the API acquires an individual's consent to share a
+          digital credential and how digital wallets can also provide further
+          consent when sharing information.
         </p>
       </section>
-
       <section>
-        <h3>Data Retention</h3>
-
+        <h3>
+          Data Retention
+        </h3>
         <p class="issue" title="Work in progress">
-Explain how verifiers might retain data and what the ecosystem does to
-mitigate excessive data retention policies.
+          Explain how verifiers might retain data and what the ecosystem does
+          to mitigate excessive data retention policies.
         </p>
       </section>
-
       <section>
-        <h3>Compliance with Privacy Regulations</h3>
-
+        <h3>
+          Compliance with Privacy Regulations
+        </h3>
         <p class="issue" title="Work in progress">
-Explain to what extent the API complies with known privacy regulations (e.g.,
-consent) and what parts of those regulations are not possible to enforce via the
-API (e.g., retention).
+          Explain to what extent the API complies with known privacy
+          regulations (e.g., consent) and what parts of those regulations are
+          not possible to enforce via the API (e.g., retention).
         </p>
       </section>
-
       <section>
-        <h3>Selective and Unlinkable Disclosure</h3>
-
+        <h3>
+          Selective and Unlinkable Disclosure
+        </h3>
         <p class="issue" title="Work in progress">
-Explain how selective disclosure and unlinkable disclosure help preserve
-privacy as well as their limitations in doing so.
+          Explain how selective disclosure and unlinkable disclosure help
+          preserve privacy as well as their limitations in doing so.
         </p>
       </section>
-
       <section>
-        <h3>Phoning Home</h3>
-
+        <h3>
+          Phoning Home
+        </h3>
         <p class="issue" title="Work in progress">
-Explain how some systems might "phone home", the impact on privacy that
-might have, and what the ecosystem provides to mitigate the risk.
+          Explain how some systems might "phone home", the impact on privacy
+          that might have, and what the ecosystem provides to mitigate the
+          risk.
         </p>
       </section>
-
       <section>
-        <h3>Transmission of Personally Identifiable Information</h3>
-
+        <h3>
+          Transmission of Personally Identifiable Information
+        </h3>
         <p class="issue" title="Work in progress">
-Explain that the API does enable the transmission of personally identifiable
-information and that it does its best to ensure there is informed consent
-by the individual, but that the consent might be provided due to exhaustion
-or not understanding what PII is being transmitted and how to mitigate those
-concerns.
+          Explain that the API does enable the transmission of personally
+          identifiable information and that it does its best to ensure there is
+          informed consent by the individual, but that the consent might be
+          provided due to exhaustion or not understanding what PII is being
+          transmitted and how to mitigate those concerns.
         </p>
       </section>
-
     </section>
     <section class="informative">
       <h2>
