Add privacy considerations around data minimization (#213)

* tmp

* add section on selective disclosure/data minimization

* Apply suggestions from code review

Co-authored-by: Ted Thibodeau Jr <[email protected]>

---------

Co-authored-by: Ted Thibodeau Jr <[email protected]>

index.html

@@ -1122,6 +1122,11 @@ <h2>Privacy Considerations</h2>
             This section details the general privacy considerations and specific privacy
             implications of deploying this specification into production environments.
          </p>
+         <p>
+            When using the <code><a href="#jsonschemacredential">JsonSchemaCredential</a></code> 
+            <code>type</code>, implementers are advised to review the <a data-cite="VC-DATA-MODEL-2.0/#privacy-considerations">
+            Privacy Considerations</a> outlined in the [[VC-DATA-MODEL-2.0]].
+         </p>
          <section class="informative">
             <h3>Personally Identifiable Information</h3>
             <p>
@@ -1156,10 +1161,10 @@ <h3>Verifier Caching</h3>
          </section>
          <section class="informative">
             <h3>Schema Resolution</h3>
-           <p>
+            <p>
              <a>Schema resolution</a> is the process of dereferencing a credential schema's identifier in order to fetch a
              <a>credential schema</a>.
-           </p>
+            </p>
             <p>
                <a>Issuers</a> can increase the privacy of <a>holders</a> by using
                content distribution networks to reduce or eliminate requests for the
@@ -1168,17 +1173,34 @@ <h3>Schema Resolution</h3>
                on the server as well as cloaking <a>verifiers</a> and <a>holders</a>
                from <a>issuers</a>.
             </p>
-           <p>
+            <p>
              Furthermore, the use of <a href="https://ietf-wg-ohai.github.io/oblivious-http/draft-ietf-ohai-ohttp.html">Oblivious HTTP</a>
              can prevent linkage of schema requests made by <a>holders</a>. Implementers are encouraged to allow configuration
              of an <a href="https://ietf-wg-ohai.github.io/oblivious-http/draft-ietf-ohai-ohttp.html#dfn-relay">Oblivious Relay Resource</a>
              for use during <a>schema resolution</a>.
-           </p>
-           <p>
+            </p>
+            <p>
              When using <a>credential schema</a> identifiers that are unique to the issued credential, it is possible
              to correlate <a>schema resolution</a> of a credential with an IP address. Implementers are encouraged to prevent such
              correlation by selecting identifiers which are shared among a class of credentials.
-           </p>
+            </p>
+         </section>
+         <section>
+            <h3>Data Minimization</h3>
+            <p>
+               Data minimization refers to the principle of sharing the minimum necessary data for any given data request, such
+               as a <a>verifier</a> requesting one or more <a>verifiable credentials</a> from
+               a <a>holder</a>.
+            </p>
+            <p>
+               When using a <a>credential schema</a> with a credential that supports <a>selective disclosure</a>, it may be
+               possible for a <a>verifier</a> to deduce additional attributes that would be available but were not presented
+               when verifying a <a>credential</a> from a <a>holder</a>. To mitigate <i>data leakage</i>, <a>holders</a> may
+               choose to reject verification requests that could disclose such additional attributes, or, if the capability is
+               available, to selectively disclose properties in the associated <a>credential schema</a>. To enable this functionality,
+               <a>issuers</a> can use <a>selective disclosure</a> schemes when creating <a>credential schemas</a> using
+               the <code><a href="#jsonschemacredential">JsonCredentialSchema</a></code> <code>type</code>.
+            </p>
          </section>
       </section>
       <section class="informative">
@@ -1189,13 +1211,19 @@ <h2>Security Considerations</h2>
             not understanding the implications of this section can result in
             security vulnerabilities.
          </p>
+         <p>
+            When using the <code><a href="#jsonschemacredential">JsonSchemaCredential</a></code> 
+            <code>type</code>, implementers are advised to review the <a data-cite="VC-DATA-MODEL-2.0/#security-considerations">
+            Security Considerations</a> outlined in the [[VC-DATA-MODEL-2.0]].
+         </p>
          <section class="informative">
             <h3>Issuer Impersonation</h3>
             <p>
-               It is possible for a schema to become authoritative, such as schemas
-               provided by a recognized industry group like a consoritum of financial
-               companies. To avoid confusion as to the authorship of <a>credential schemas</a>
-               it is advised that they are packaged as secured <a>verifiable credentials</a>.
+               It is possible for a schema to become authoritative, such as a schema
+               provided by a recognized industry group like a consortium of financial
+               companies. To avoid confusion as to the authorship of <a>credential schemas</a>,
+               it is advised that they be packaged as <a>verifiable credentials</a> using the
+               <code><a href="#jsonschemacredential">JsonSchemaCredential</a></code> <code>type</code>.
             </p>
          </section>
       </section>