diff --git a/2024/wg-fedid.html b/2024/wg-fedid.html index 2e65b37..4b5fb71 100644 --- a/2024/wg-fedid.html +++ b/2024/wg-fedid.html @@ -75,7 +75,7 @@

DRAFT Federated Identity Working Group Charter

-

The mission of the Federated Identity Working Group is to develop specifications that enable users to authenticate an identity or present a credential or set of claims, in a way that is compatible with other protocols and is supportive of user privacy and agency. +

The mission of the Federated Identity Working Group is to develop specifications that enable users to authenticate an identity or present a credential or set of claims, in a way that is compatible with other protocols and is supportive of user security, privacy and agency.

Join the Federated Identity Working @@ -244,7 +244,7 @@

Tentative Deliverables

Digital Credentials API
-

This specification defines an API that enables user agents to mediate access to and presentation of Digital Credentials in a format-agnostic and protocol-agnostic fashion (e.g., supporting W3C Verifiable Credentials, ISO mDoc, etc.), enabling different use cases such as - but not limited to - government-issued documents, academic credentials, IoT and Supply Chain related identities.

+

This specification defines an API that enables user agents to mediate access to and presentation of Digital Credentials in a format-agnostic and protocol-agnostic fashion (e.g., W3C Verifiable Credentials, ISO mDoc, etc.), enabling different use cases such as - but not limited to - government-issued documents, academic credentials, IoT and Supply Chain related identities.

Draft state: Draft in the Web Incubator Community Group @@ -262,7 +262,7 @@

  • A test suite, available from web-platform-tests, will be created for each normative specification.
    • -
  • A deliverable considering the threats and mitigations of Digital Credentials-related technologies concerning security, privacy, and human rights. These findings will be used as input for any of the group's Digital Credentials deliverables. This will be developed in collaboration with W3C's Technical Architecture Group (TAG), Privacy Interest Group (PING), Verifiable Credentials Working Group (VCWG) and other relevant groups.
    • +
  • A Threat Model of Digital Credentials-related technologies concerning security, privacy, and human rights. These findings will be used as input for any of the group's Digital Credentials deliverables. This will be developed in collaboration with W3C's Technical Architecture Group (TAG), Privacy Interest Group (PING), Verifiable Credentials Working Group (VCWG) and other relevant groups.

    • Other non-normative documents may be created such as: @@ -302,10 +302,11 @@

    Success Criteria

    In order to advance to Proposed Recommendation, each normative specification must have an open test suite of every feature defined in the specification.

    - In order for the Digital Credential API to advance to Candidate Recommendation, the relevant portions of the corresponding joint deliverable on threats and mitigations must also be published. In order for the Digital Credential API to advance to Proposed Recommendation, the relevant portions of the corresponding joint deliverable on threats and mitigations must have completed a wide review and addressed issues raised by the community. + In order for the Digital Credential API to advance to Candidate Recommendation, the relevant portions of the corresponding joint deliverable on threats and mitigations must also be published. + In order for the Digital Credential API to advance to Proposed Recommendation, the relevant portions of the corresponding joint deliverable on threats and mitigations must have completed a wide review and addressed issues raised by the community.

    - In order to advance to Proposed Recommendation, the Digital Credential API must demonstrate support for at least two formats (e.g., W3C Verifiable Credentials, ISO mDoc). + In order to advance to Proposed Recommendation, the Digital Credential API must demonstrate support for at least two formats, for example those via OpenID4VP. (e.g., W3C Verifiable Credentials, ISO mDoc).

    Each specification should have testing plans, starting from the earliest drafts. @@ -323,7 +324,7 @@

    Success Criteria

    - Each specification will contain a Security Considerations section - that includes a Threat Model with threats, attacks, mitigations, and residual risks - and a Privacy Consideration section - that must contain an analysis of privacy aspects such as Unlinkability, Data Minimization and Tracking - as specified in Self-Review Questionnaire: Security and Privacy, RFC 3552, and RFC 6973, detailing all known security and privacy implications for implementers, Web authors, and end users. + Each specification will contain a Security Considerations section - that includes a Threat Model with threats, attacks, mitigations, and residual risks - and a Privacy Consideration section - that must contain an analysis of privacy aspects such as Unlinkability, Minimization and Tracking - as specified in Self-Review Questionnaire: Security and Privacy, RFC 3552, and RFC 6973, detailing all known security and privacy implications for implementers, Web authors, and end users.

    Each specification should contain a section on accessibility that describes the benefits and impacts, including