From e6ee3f25a9216ca7606242c755812b2fb82541ab Mon Sep 17 00:00:00 2001 From: Marcos Caceres Date: Thu, 9 Oct 2025 15:30:43 +0800 Subject: [PATCH 1/9] Define Digital Wallet --- index.html | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/index.html b/index.html index 1381f114..90a3c28c 100644 --- a/index.html +++ b/index.html @@ -539,6 +539,16 @@

issuance protocol is identified by a [=digital credential/protocol identifier=]. See also section [[[#protocol-registry]]]. +
+ Digital Wallet +
+
+ Software that acts as a [=holder=] of [=digital credentials=], and + manages the user's interaction with those credentials, including + selection of which credential to present in response to a [=digital + credential/presentation request=], and management of the user's + consent to share that credential with a [=verifier=]. +
From 41ea8f37f74b282d3c86e8625dae268ff9facfb3 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Marcos=20C=C3=A1ceres?= Date: Thu, 9 Oct 2025 15:33:35 +0800 Subject: [PATCH 2/9] Update index.html --- index.html | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/index.html b/index.html index 90a3c28c..bc8cdaf8 100644 --- a/index.html +++ b/index.html @@ -546,7 +546,7 @@

Software that acts as a [=holder=] of [=digital credentials=], and manages the user's interaction with those credentials, including selection of which credential to present in response to a [=digital - credential/presentation request=], and management of the user's + credential/credential request=], and management of the user's consent to share that credential with a [=verifier=]. @@ -761,7 +761,7 @@

credential/presentation request=]. It is used to specify an [=digital credential/exchange protocol=] and some [=digital credential/request data=], which the user agent MAY match against software used by a holder, - such as a digital wallet. + such as a [=digital wallet=]. 

       dictionary DigitalCredentialGetRequest {
@@ -1400,7 +1400,7 @@ 

         

         

           Explain that authentication (such as a PIN code to unlock) to a
-          particular app, such as a digital wallet, that responds to an API
+          particular app, such as a [=digital wallet=], that responds to an API
           request is crucial in high-risk use cases.
         

       
@@ -1620,8 +1620,8 @@ 

           presentations to conclude they concern the same user
           (verifier-verifier linkability), or that [=verifiers=] cannot collude
           with [=issuers=] to report the exchange of a credential from a
-          digital wallet to the [=issuer=] (verifier-issuer linkability). The
-          former is a property that can be maintained by the [=holder=] and
+          [=digital wallet=] to the [=issuer=] (verifier-issuer linkability).
+          The former is a property that can be maintained by the [=holder=] and
           [=issuer=], e.g. through issuing fresh credentials for individual
           [=verifiers=].
         

@@ -1641,7 +1641,7 @@ 

         

         

           Through the Digital Credentials API, the [=user agent=] can help
-          [=verifiers=] and digital wallets exchange unlinkable attributes,
+          [=verifiers=] and [=digital wallets=] exchange unlinkable attributes,
           but, because of response encryption, it cannot guarantee that no
           linkable information is passed between [=verifiers=] and digital
           wallets. It is recommended that [=user agents=] account for this fact
@@ -1667,19 +1667,19 @@ 

           ensure that an [=issuer=] isn't actively involved in the creation or
           validation of credential presentations after a user has given
           permission to proceed with a credential request. From that point on,
-          the digital wallet application owns this decision. While some digital
-          wallets can be considered [=user agents=], it is generally
+          the [=digital wallet=] application owns this decision. While some
+          digital wallets can be considered [=user agents=], it is generally
           recommended that the [=user agent=] implementing the Digital
           Credentials API designs its permission experience to prevent exposure of a request to the
-          digital wallet application before user confirmation (keeping in
-          mind considerations for integrating
-          multiple cooperating user agents).
+          [=digital wallet=] application before user confirmation (keeping
+          in mind considerations for
+          integrating multiple cooperating user agents).
         

         

           Protocols are required to support mechanisms that allow [=issuers=],
-          digital wallets, and [=verifiers=] to avoid or reduce the dependence
-          on "phone home" mechanisms.
+          [=digital wallets=], and [=verifiers=] to avoid or reduce the
+          dependence on "phone home" mechanisms.
         

         

           Which level of unlinkability is the goal for this API? To what degree
@@ -1806,7 +1806,7 @@ 

           
           
  • [=issuers=] and lawmakers might decide to restrict use of
           (particularly government-issued) credentials to specific
-          [=verifiers=] with purpose attestations. Digital wallets might be
+          [=verifiers=] with purpose attestations. [=Digital wallets=] might be
           expected to enforce these restrictions by law or policy.
           
    • 
           
  • The ultimate decision of whether or not to share their personal
@@ -2028,7 +2028,7 @@ 
    
           "#multiple-user-agents">different user agents to apply
           appropriate levels of friction and transparency. For example, a
           browser might delegate knowledge about credential requests to the
-          operating system, which might require digital wallets to register
+          operating system, which might require [=digital wallets=] to register
           known credential types and reject an exchange request for an unknown
           credential type.
         
    
@@ -2090,7 +2090,7 @@ 
    
           To ensure authenticity of a credential, its presentation to
           [=verifiers=] generally includes more information than the content
           the [=verifier=] is requesting access to. It will usually contain at
-          least a signature of the [=issuer=] and the digital wallet, and
+          least a signature of the [=issuer=] and the [=digital wallet=], and
           potentially other metadata.
         
    
         
    
@@ -2115,9 +2115,9 @@ 
    
           through {{DigitalCredential/userAgentAllowsProtocol()}}. It mitigates
           browser fingerprinting and revealing information about the user's
           device configuration by not customizing its response based on, for
-          example, which digital wallet applications are installed on a user's
-          device. The returned information is thus, at best, equivalent to a
-          [=user agent=] version.
+          example, which [=digital wallet=] applications are installed on a
+          user's device. The returned information is thus, at best, equivalent
+          to a [=user agent=] version.
         
    
         
    
           Avoiding leaks of credential availability
@@ -2168,7 +2168,7 @@ 
    
           
    • 
           
  • Whether presenting this information will enable tracking.
           
    • 
-          
  • Which digital wallets can be used to fulfill the credential
+          
  • Which [=digital wallets=] can be used to fulfill the credential
           request.
           
    • 
           
  • Which credential would be used to share the requested
@@ -2222,10 +2222,11 @@ 
    
         
    
           As part of the user permission flow, the [=user agent=] needs to
           ensure that users retain the power to choose whether to forward a
-          credential request to a digital wallet, and which digital wallet to
-          select. This is due to the information disclosure that happens as
-          part of the request, and the ability of digital wallets to retain or
-          share this information at the time of the request.
+          credential request to a [=digital wallet=], and which [=digital
+          wallet=] to select. This is due to the information disclosure that
+          happens as part of the request, and the ability of [=digital
+          wallets=] to retain or share this information at the time of the
+          request.
         
    
         
    
           Permission vs. Consent
@@ -2234,8 +2235,8 @@ 
    
           The permission mediated by the [=user agent=] is not consent, which
           has specific legal definitions that can vary among different legal
           and regulatory environments and may need to be collected by the
-          digital wallet before sharing information with the [=verifier=], or
-          by the [=verifier=] itself before initiating the request. With
+          [=digital wallet=] before sharing information with the [=verifier=],
+          or by the [=verifier=] itself before initiating the request. With
           frameworks and regulations for obtaining consent still being
           developed, this API aims to enable the exchange of the necessary
           information, which could include the following:

From a5f0d554f4474e76e1296e326c9335f3013065e2 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Marcos=20C=C3=A1ceres?= 
Date: Sat, 11 Oct 2025 15:36:51 +0800
Subject: [PATCH 6/9] Apply suggestions from code review

---
 index.html | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/index.html b/index.html
index 6371b9b2..a521f3d2 100644
--- a/index.html
+++ b/index.html
@@ -556,8 +556,8 @@ 
    
         Digital Wallet
       
       
    
-        Software that acts as a [=holder=], and manages the user's interaction
-        with those credentials, including selection of which credential to
+        Software that acts as a [=holder=], and [=credential manager|manages=] the user's interaction
+        with those credentials, including [=credential chooser|choosing=] which credential to
         present in response to a [=digital credential/credential request=], and
         management of the user's consent to share that credential with a
         [=verifier=].

From 210f25bf15c89ee1325b9706587bc4de243afb35 Mon Sep 17 00:00:00 2001
From: Marcos Caceres 
Date: Wed, 15 Oct 2025 13:31:55 +0800
Subject: [PATCH 7/9] Integrate Manu's suggestions

---
 index.html | 26 +++++++++++++++++++++-----
 1 file changed, 21 insertions(+), 5 deletions(-)

diff --git a/index.html b/index.html
index 9891a346..a775abb9 100644
--- a/index.html
+++ b/index.html
@@ -555,12 +555,28 @@ 
    
       
    
         Digital Wallet
       
    
+      
    
+      
    
+        Digital Wallet
+      
    
       
    
-        Software that acts as a [=holder=], and [=credential manager|manages=] the user's interaction
-        with those credentials, including [=credential chooser|choosing=] which credential to
-        present in response to a [=digital credential/credential request=], and
-        management of the user's consent to share that credential with a
-        [=verifier=].
+        
    
+          A [=credential manager=] (software or hardware) used by a [=holder=]
+          to [=digital credential/issuance|receive=], [=credential
+          store|store=], manage, and [=digital
+          credential/presentation|present=] [=digital credentials=]. A digital
+          wallet orchestrates [=digital credential/issuance=] and [=digital
+          credential/presentation=] flows, such as [=credential
+          chooser|choosing=] which credential to present in response to
+          [=digital credential/credential request=], and mediating the user's
+          decision to share credentials with a [=verifier=].
+        
    
+