As noted in our formal objection, we're concerned that the reliance on third party attested data will lead to greater compliance on the Web in exchange for the users agency to be able to self assert claims about themselves. This issue is intended to track this concern to mitigate it or develop pragmatic limitations on the usage of the API:

We believe that these systems will further perpetuate the imbalances of power between users and the platforms they interact with on the Web today. In most cases, these systems will only grant further power, in that they will allow the system operators to know when basic attributes will be shared; in exchange, the trust of the user to self attest their information will be deferred to third parties selected by the verifiers. As such, users will further become just subjects of the online systems they use rather than a person with agency who chooses to provide information to use a technology or service. This loss therefore only stands to further reduce the control a user has over their data, because we as individuals would be considered second-rate authorities of our own data (the authority of the "issuers" becoming the more-trusted source). A great example of this would be a credential being issued by a government that doesn’t recognize a gender change on a passport. This leads to the user being forced to misgender themselves each time a gender attribute is requested from a credential such as a digital passport. In total, this issue is one where the user loses agency and leads to a misprioritization of constituents by allowing issuers and verifiers to take precedence over the desires of users.

In many cases, these systems will not be systems we've chosen to use. Instead, the majority of the cases where this API will be used are ones prescribed by institutions. In other words, cases where "Issuers" and "Verifiers" have made decisions out of convenience, aiming to improve their business processes or bespoke regulations established to scale compliance and ivory tower regulations. These systems are chosen by those who already have power, and that subjugate users further into the trust structures established by institutions rather than treating individuals as agents of their own choice. This leaves users with only the limited “option” to share attested data or not use a Web service at all (at least in the regulated cases). As such, by extension the Web will inherit these properties through the acceptance of this API.

Therefore, if we believe that user agency is a core principle of the Web, the reasonable thing for us to do is to push back on the acceptance of this API’s usage altogether.