-
Notifications
You must be signed in to change notification settings - Fork 8
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add scoping language related to matching and consent. #89
base: main
Are you sure you want to change the base?
Conversation
anything about the a holder's [=digital credentials=] or their software | ||
unless the [=user agent=] has gained explicit user consent. | ||
</li> | ||
<li>Ensuring that any non-[=user agent=] software will not learn anything |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This one is little ambiguous. Maybe @samuelgoto can help us make it more clear?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I was trying to generalize @leecam's notion of "wallet software". I'm wondering if we should call these things "native apps"? ... but then that leaves out "web apps", which could also hold/provide digital credentials. I think we do mean "any software that is not the user agent", but agree that the language is a bit unwieldy.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I would avoid the term native as a prefix, based on comments of I seen on inclusive language elsewhere.
Platform specific is probably a better term.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
What about this?
<li>Ensuring that any non-[=user agent=] software will not learn anything | |
<li>Ensuring that any platform-specific software will not learn anything |
OR
<li>Ensuring that any non-[=user agent=] software will not learn anything | |
<li>Ensuring that any installed application software will not learn anything |
/cc @samuelgoto
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
What if it is a PWA or browser extension running in another browser?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Hmm, what about "software that is not involved in the consent-seeking process"? (though that's an unfortunate mouthful).
What we're trying to say here is that "The request is supposed to start off super secret and is only to be exposed to the holder via the software that they use to signal consent (the browser). After that point, the software that they chose to receive the request, and only that piece of software, is supposed to receive the request."
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This might work —
<li>Ensuring that any non-[=user agent=] software will not learn anything | |
<li>Ensuring that any software external to the consent-seeking process will not learn anything |
If that's not sufficient, some broader rephrasing may be called for, perhaps including minting some terms-of-art for "the software that they use to signal consent (the browser)" and/or "the software that they chose to receive the request"
Co-authored-by: Marcos Cáceres <marcos@marcosc.com>
anything about the a holder's [=digital credentials=] or their software | ||
unless the [=user agent=] has gained explicit user consent. | ||
</li> | ||
<li>Ensuring that any non-[=user agent=] software will not learn anything |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This might work —
<li>Ensuring that any non-[=user agent=] software will not learn anything | |
<li>Ensuring that any software external to the consent-seeking process will not learn anything |
If that's not sufficient, some broader rephrasing may be called for, perhaps including minting some terms-of-art for "the software that they use to signal consent (the browser)" and/or "the software that they chose to receive the request"
Co-authored-by: Ted Thibodeau Jr <tthibodeau@openlinksw.com>
Closes #86 by asserting scoping around matching, consent, and what is learned by a website and 3rd party software.
Preview | Diff