From b4844cdcd7f96387766914c5c88f6c77fddff00a Mon Sep 17 00:00:00 2001
From: Manu Sporny <msporny@digitalbazaar.com>
Date: Sat, 27 Jul 2024 16:15:26 -0400
Subject: [PATCH] Move identity provider terminology to ecosystem.

---
 index.html | 43 ++++++++++++++-----------------------------
 1 file changed, 14 insertions(+), 29 deletions(-)

diff --git a/index.html b/index.html
index 544584a51..7f657ae03 100644
--- a/index.html
+++ b/index.html
@@ -503,6 +503,20 @@ <h3>Ecosystem Overview</h3>
 [=verifiable credentials=] also provide benefit.
         </p>
 
+        <p>
+The ecosystem provided in this specification is in contrast to a typical
+two-party, or federated identity provider, model. An identity provider,
+sometimes abbreviated as <em>IdP</em>, is a system for creating, maintaining,
+and managing identity information for [=holders=], while providing
+authentication services to [=relying party=] applications within a federation or
+distributed network. In a federated identity model, the [=holder=] is tightly
+bound to the identity provider. This specification does not use the "identity
+provider", "federated identity", or "relying party" terminology unless comparing
+or mapping the concepts in this document to other specifications. This
+specification decouples the identity provider concept into two distinct
+concepts: the [=issuer=] and the [=holder=].
+        </p>
+
         <p class="note" title="Subjects are not always Holders">
 In many cases the [=holder=] of a [=verifiable credential=] is the subject, but
 in certain cases it is not. For example, a parent (the [=holder=]) might hold
@@ -597,11 +611,6 @@ <h2>Terminology</h2>
 credential used in this specification differs from,
 <a href="https://csrc.nist.gov/glossary/term/credential">NIST's definitions of
 credential</a>.
-        </dd>
-        <dt><dfn>data minimization</dfn></dt>
-        <dd>
-The act of limiting the amount of shared data strictly to the minimum
-necessary to successfully accomplish a task or goal.
         </dd>
         <dt><dfn data-lt="decentralized identifiers|DID|DIDs">decentralized identifier</dfn></dt>
         <dd>
@@ -651,30 +660,6 @@ <h2>Terminology</h2>
 from them. A holder is often, but not always, a [=subject=] of the
 [=verifiable credentials=] they are holding. Holders store their
 [=credentials=] in [=credential repositories=].
-        </dd>
-        <dt><dfn class="lint-ignore"
-                data-lt="identities|identity's">identity</dfn></dt>
-        <dd>
-The means for keeping track of [=entities=] across contexts. Digital
-identities enable tracking and customization of [=entity=] interactions
-across digital contexts, typically using identifiers and properties. Unintended
-distribution or use of identity information can compromise privacy. Collection
-and use of such information should follow the principle of
-[=data minimization=].
-        </dd>
-        <dt><dfn data-lt="identity providers|idp">identity provider</dfn></dt>
-        <dd>
-An identity provider, sometimes abbreviated as <em>IdP</em>, is a system for
-creating, maintaining, and managing identity information for [=holders=],
-while providing authentication services to [=relying party=] applications
-within a federation or distributed network. In this case the [=holder=] is
-always the [=subject=]. Even if the [=verifiable credentials=] are bearer
-[=credentials=], it is assumed the [=verifiable credentials=] remain with
-the [=subject=], and if they are not, they were stolen by an attacker. This
-specification does not use this term unless comparing or mapping the concepts in
-this document to other specifications. This specification decouples the
-[=identity provider=] concept into two distinct concepts: the [=issuer=]
-and the [=holder=].
         </dd>
         <dt><dfn class="export" data-lt="issuers|issuer's">issuer</dfn></dt>
         <dd>