Add privacy considerations around data minimization

index.html

@@ -1068,6 +1068,11 @@ <h2>Privacy Considerations</h2>
             This section details the general privacy considerations and specific privacy
             implications of deploying this specification into production environments.
          </p>
+         <p>
+            When using the <code><a href="#jsonschemacredential">JsonSchemaCredential</a></code> 
+            <code>type</code>, implementers are advised to review the <a data-cite="VC-DATA-MODEL-2.0/#privacy-considerations">
+            Privacy Considerations</a> outlined in the [[VC-DATA-MODEL-2.0]].
+         </p>
          <section class="informative">
             <h3>Personally Identifiable Information</h3>
             <p>
@@ -1102,10 +1107,10 @@ <h3>Verifier Caching</h3>
          </section>
          <section class="informative">
             <h3>Schema Resolution</h3>
-           <p>
+            <p>
              <a>Schema resolution</a> is the process of dereferencing a credential schema's identifier in order to fetch a
              <a>credential schema</a>.
-           </p>
+            </p>
             <p>
                <a>Issuers</a> can increase the privacy of <a>holders</a> by using
                content distribution networks to reduce or eliminate requests for the
@@ -1114,17 +1119,34 @@ <h3>Schema Resolution</h3>
                on the server as well as cloaking <a>verifiers</a> and <a>holders</a>
                from <a>issuers</a>.
             </p>
-           <p>
+            <p>
              Furthermore, the use of <a href="https://ietf-wg-ohai.github.io/oblivious-http/draft-ietf-ohai-ohttp.html">Oblivious HTTP</a>
              can prevent linkage of schema requests made by <a>holders</a>. Implementers are encouraged to allow configuration
              of an <a href="https://ietf-wg-ohai.github.io/oblivious-http/draft-ietf-ohai-ohttp.html#dfn-relay">Oblivious Relay Resource</a>
              for use during <a>schema resolution</a>.
-           </p>
-           <p>
+            </p>
+            <p>
              When using <a>credential schema</a> identifiers that are unique to the issued credential, it is possible
              to correlate <a>schema resolution</a> of a credential with an IP address. Implementers are encouraged to prevent such
              correlation by selecting identifiers which are shared among a class of credentials.
-           </p>
+            </p>
+         </section>
+         <section>
+            <h3>Data Minimization</h3>
+            <p>
+               Data minimization refers to the principle of sharing the minimum necessary data for any given data request, such
+               as a <a>verifier</a> requesting one or more <a>verifiable credentials</a> from
+               a <a>holder</a>.
+            </p>
+            <p>
+               When using a <a>credential schema</a> with a credential that supports <a>selective disclosure</a>, it may be
+               possible for a <a>verifier</a> to deduce additional attributes that would be available but were not presented
+               when verifying a <a>credential</a> from a <a>holder</a>. To mitigate <i>data leakage</i>, <a>holders</a> may
+               choose to reject verification requests that could disclose such additional attributes, or, if the capability is
+               available, to selectively disclose properties in the associated <a>credential schema</a>. To enable this functionality,
+               <a>issuers</a> can use <a>selective disclosure</a> schemes when creating <a>credential schemas</a> using
+               the <code><a href="#jsonschemacredential">JsonCredentialSchema</a></code> <code>type</code>.
+            </p>
          </section>
       </section>
       <section class="informative">
@@ -1135,13 +1157,19 @@ <h2>Security Considerations</h2>
             not understanding the implications of this section can result in
             security vulnerabilities.
          </p>
+         <p>
+            When using the <code><a href="#jsonschemacredential">JsonSchemaCredential</a></code> 
+            <code>type</code>, implementers are advised to review the <a data-cite="VC-DATA-MODEL-2.0/#security-considerations">
+            Security Considerations</a> outlined in the [[VC-DATA-MODEL-2.0]].
+         </p>
          <section class="informative">
             <h3>Issuer Impersonation</h3>
             <p>
-               It is possible for a schema to become authoritative, such as schemas
-               provided by a recognized industry group like a consoritum of financial
-               companies. To avoid confusion as to the authorship of <a>credential schemas</a>
-               it is advised that they are packaged as secured <a>verifiable credentials</a>.
+               It is possible for a schema to become authoritative, such as a schema
+               provided by a recognized industry group like a consortium of financial
+               companies. To avoid confusion as to the authorship of <a>credential schemas</a>,
+               it is advised that they be packaged as <a>verifiable credentials</a> using the
+               <code><a href="#jsonschemacredential">JsonSchemaCredential</a></code> <code>type</code>.
             </p>
          </section>
       </section>

terms.html

@@ -94,11 +94,6 @@
   <dt><dfn data-lt="subjects|subject's">subject</dfn></dt>
   <dd>
 A thing about which <a>claims</a> are made.
-  </dd>
-  <dt><dfn class="lint-ignore">user agent</dfn></dt>
-  <dd>
-A program, such as a browser or other Web client, that mediates the
-communication between <a>holders</a>, <a>issuers</a>, and <a>verifiers</a>.
   </dd>
   <dt><dfn data-lt="credential validation">validation</dfn></dt>
   <dd>