Additional guidance regarding credentials and privacy #189
Conversation
#77 Added two bits of guidance for RPs based on 4 May 2022 privacy discussion. https://www.w3.org/2022/05/04-wpwg-minutes#t02
|
cc @npdoty |
There was a problem hiding this comment.
No objection from me, but perhaps @npdoty would like to opine, since (as I recall) it was his suggestion.
spec.bs
Outdated
|
|
||
| However, if payment methods that involve less identifying information | ||
| (e.g., tokenization) become commonplace, it is important that | ||
| ecosystem stakeholders take non-technical steps to preserve user |
There was a problem hiding this comment.
Are these all specifically "non-technical" steps? While the first bullet seems to refer to contractual limitations, the next two are not.
There was a problem hiding this comment.
Hi @npdoty. The simplest fix might be to remove "non-technical." Having said that, I think of bullets 2 and 3 as non-technical because "not-sharing" seems like a policy decision and "one credential per instrument" seems also like a policy constraint. I would be comfortable deleting "non-technical".
There was a problem hiding this comment.
Yeah, we're often vague about what qualifies as technical vs non-technical. Separating identifiers or minimizing data shared seem like technical mitigations to me, but I don't feel strongly about it.
|
Looks fine to me otherwise. Apologies for the delayed review on my side. |
the substantive meaning of the text.
SHA: efd6ab9 Reason: push, by @ianbjacobs Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Based on 4 May 2022 privacy discussion [1], added additional guidance to 11.3 to address issue #77.
[1] https://www.w3.org/2022/05/04-wpwg-minutes#t02
Preview | Diff