Add initial spec

index.html

@@ -0,0 +1,302 @@
+<!DOCTYPE html>
+<html lang="en">
+  <head>
+    <meta charset="utf-8">
+    <title>
+      Digital Identities
+    </title>
+    <script src="https://www.w3.org/Tools/respec/respec-w3c" class=
+    "remove"></script>
+    <script class="remove">
+    "use strict";
+    // See https://github.com/w3c/respec/wiki/ for how to configure ReSpec
+    var respecConfig = {
+      github: "WICG/digital-credentials",
+      editors: [
+        {
+          name: "Marcos Caceres",
+          email: "marcosc@apple.com",
+          company: "Apple Inc.",
+          companyURL: "https://apple.com",
+        },
+        {
+          name: "Sam Goto",
+          email: "goto@google.com",
+          company: "Google Inc.",
+          companyURL: "https://google.com",
+        },
+        // Add additional editors here.
+        // https://github.com/w3c/respec/wiki/editors
+      ],
+      shortName: "digital-identity",
+      specStatus: "CG-DRAFT",
+      group: "wicg",
+      localBiblio: {
+      },
+      xref: {
+        profile: "web-platform",
+      },
+    };
+    </script>
+  </head>
+  <body data-cite="credential-management-1">
+    <section id="abstract">
+      <p>
+        This document specifies an API to allow user agents to mediate access
+        to, and representing, a verifiably-issued digital identity (e.g. a government issued digital driver's license, a passport issued by a country, a student card or diploma issued by a university, an employee card issued by a company, a passenger's boarding pass issued by an airline, a profile issued by an online social network, membership cards, vaccination records, etc)  
+        license). The API builds on [[[credential-management-1]]] as a means to
+        request a digital identity from the user agent or underlying platform.
+      </p>
+    </section>
+    <section id="sotd">
+      <p>
+        This is an unofficial proposal.
+      </p>
+    </section>
+    <h2>
+      Introduction
+    </h2>
+    <p>
+      TBW
+    </p>
+    <h2>
+      Model
+    </h2>
+    <dl class="definitions" data-sort="">
+      <dt>
+        <dfn>Identity credential</dfn>
+      </dt>
+      <dd>
+        <p>
+          A specialized type of [=credential=] corresponding to the real-world
+          identity of a person enabling a [=verifier=] to make authentication
+          decisions based on identity statements verifiably made by an [=issuer=].
+        </p>
+        <aside class="Note">
+          [=Credentials=] that are classified as [=identity credentials=]
+          always inherit from the {{Identity}} interface.
+        </aside>
+      </dd>
+      <dt>
+        <dfn data-local-lt="digital identities">Digital identity</dfn>
+      </dt>
+      <dd>
+        <p>
+          A digital representation of an [=identity credential=], such as a
+          digital driver's license or passport, embodying verifiable claims
+          about an individual's identity. Issued by a trusted [=digital
+          identity/issuer=], it enables authenticated interactions.
+        </p>
+        <aside class="note">
+          [=Digital identities=] are represented as instances of the
+          {{DigitalIdentity}} interface.
+        </aside>
+      </dd>
+      <dt>
+        <dfn>Identity credential provider</dfn>
+      </dt>
+      <dd>
+        An application or service that provides a user interface for selecting
+        and/or querying a [=digital identity=], such as a digital wallet that
+        manages various identity documents and credentials.
+      </dd>
+      <dt>
+        <dfn data-for="digital identity">Request protocol</dfn>
+      </dt>
+      <dd>
+        A standardized format for requesting a [=digital identity=], designed
+        to ensure the secure, private, and interoperable exchange of identity
+        information. See section [[[#protocol-registry]]].
+      </dd>
+      <dt>
+        <dfn data-for="Digital identity">Issuer</dfn>
+      </dt>
+      <dd>
+        The entity that issues a [=digital identity=], such as a government
+        agency or certified organizations.
+      </dd>
+    </dl>
+    <h2>
+      Scope
+    </h2>
+    <p>
+      The following items are within the scope of this specification:
+    </p>
+    <ul>
+      <li>Requesting a [=digital identity=], including mechanisms for secure
+      presentation.
+      </li>
+    </ul>
+    <p>
+      The following items are out of scope:
+    </p>
+    <ul>
+      <li> Issuance process for establishing a [=digital identity=].
+      </li>
+      <li>UI/UX considerations, with the exception of privacy considerations,
+      which are addressed to ensure the protection of user data during the
+      request process.
+      </li>
+    </ul>
+    <h2>
+      Extensions to the `Navigator` interface
+    </h2>
+    <pre class="idl">
+    partial interface Navigator {
+      [SecureContext, SameObject] readonly attribute CredentialsContainer identity;
+    };
+    </pre>
+    <h3>
+      The `identity` attribute
+    </h3>
+    <p data-dfn-for="Navigator">
+      The <dfn>identity</dfn> attribute provides access to the the underlying
+      {{CredentialsContainer}} for managing [=identity credentials=].
+    </p>
+    <h3>
+      Extensions to Credential Management API
+    </h3>
+    <aside class="issue" data-number="65"></aside>
+    <h2>
+      Extensions to `CredentialRequestOptions` dictionary
+    </h2>
+    <pre class="idl">
+    partial dictionary CredentialRequestOptions {
+      sequence&lt;IdentityRequestProvider&gt; providers;
+    };
+    </pre>
+    <h3>
+      The `providers` member
+    </h3>
+    <p>
+      The <dfn data-dfn-for="CredentialRequestOptions">providers</dfn> member
+      is a sequence of [=digital identity/request protocol=] that can
+      potentially be handled by a user's selected [=identity credential
+      provider=].
+    </p>
+    <h2>
+      The `IdentityRequestProvider` dictionary
+    </h2>
+    <p>
+      The {{IdentityRequestProvider}} dictionary is used to specify a [=digital
+      identity/request protocol=] and structured request, which the user agent
+      MAY match against a [=identity credential provider=].
+    </p>
+    <pre class="idl">
+    dictionary IdentityRequestProvider {
+      required DOMString protocol;
+      required DOMString request;
+    };
+    </pre>
+    <h3>
+      The `protocol` member
+    </h3>
+    <p>
+      The <dfn data-dfn-for="IdentityRequestProvider">protocol</dfn> member
+      denotes the [=digital identity/request protocol=] when requesting an
+      identify credential.
+    </p>
+    <p>
+      The {{IdentityRequestProvider/protocol}} member's value is be one of the
+      well-defined keys defined in [[[#protocol-registry]]] or any other custom one.
+    </p>
+    <h3>
+      The `request` member
+    </h3>
+    <p>
+      The <dfn data-dfn-for="IdentityRequestProvider">request</dfn> member is
+      the request to be handled by the user's selected [=identity credential
+      provider=].
+    </p>
+    <h2>
+      The `Identity` interface
+    </h2>
+    <p>
+      The <dfn>Identity</dfn> interface is used in the API to represent
+      [=credentials=] that are classified as an [=identity credential=].
+    </p>
+    <pre class="idl">
+      [Exposed=Window]
+      interface Identity : Credential {
+        // Future things...
+      };
+    </pre>
+    <h2>
+      The `DigitalIdentity` interface
+    </h2>
+    <p>
+      The <dfn>DigitalIdentity</dfn> interface represents a [=digital
+      identity=].
+    </p>
+    <pre class="idl">
+    [Exposed=Window, SecureContext]
+    interface DigitalIdentity : Identity {
+      readonly attribute DOMString protocol;
+      readonly attribute ArrayBuffer data;
+    };
+    </pre>
+    <h3>
+      The `protocol` member
+    </h3>
+    <p>
+      The <dfn data-dfn-for="DigitalIdentity">protocol</dfn> member is the
+      [=digital identity/request protocol=] that was used to request the
+      [=identity credential=].
+    </p>
+    <h3>
+      The `data` member
+    </h3>
+    <p>
+      The <dfn data-dfn-for="DigitalIdentity">data</dfn> member is the
+      credential's encrypted data.
+    </p>
+    <h2 id="protocol-registry">
+      Registry of protocols for requesting digital identity
+    </h2>
+    <p>
+      The following is the registry of [=digital identity/request protocols=]
+      that are supported by this specification.
+    </p>
+    <p class="note" title="Official Registry" data-cite="w3c-process">
+      It is expected that this registry will be become a [=W3C registry=] in
+      the future.
+    </p>
+    <h3>
+      Inclusion criteria
+    </h3>
+    <p>
+      To be included in the registry...
+    </p>
+    <aside class="issue" data-number="58"></aside>
+    <p>
+      [=User agents=] MUST support the following [=digital identity/request
+      protocols=]:
+    </p>
+    <table class="data">
+      <caption>
+        Table of officially registered [=digital identity/request protocols=].
+      </caption>
+      <thead>
+        <tr>
+          <th>
+            Protocol identifier
+          </th>
+          <th>
+            Description
+          </th>
+          <th>
+            Specification
+          </th>
+        </tr>
+      </thead>
+      <tbody>
+        <tr>
+          <td colspan="3">
+            Coming soon...
+          </td>
+        </tr>
+      </tbody>
+    </table>
+    <section id="conformance"></section>
+  </body>
+</html>

tidyconfig.txt

@@ -0,0 +1,6 @@
+char-encoding: utf8
+indent: yes
+indent-spaces: 2
+wrap: 80
+tidy-mark: no
+custom-tags: yes