Fix more grammar and flow throughout specification.

decentralgabe · TallTed · msporny · commit 0ad738327ced · 2024-09-15T17:43:51.000-04:00
Co-authored-by: Ted Thibodeau Jr &lt;tthibodeau@openlinksw.com&gt;
diff --git a/index.html b/index.html
@@ -267,20 +267,14 @@
   <body>
     <section id='abstract'>
       <p>
-This specification provides normative and non-normative guidance on
-implementing and managing [=verifiable credentials=] and associated
-cryptographic practices. It emphasizes the importance of understanding and
-updating cryptographic systems and managing private signing keys with limited
-cryptoperiods. It discusses mechanisms for ensuring content integrity of
-linked external resources and highlights the risks of unsigned claims.
-Strategies are provided to mitigate man-in-the-middle (MITM), replay, and
-spoofing attacks, and to address issues related to credential atomization,
-validity periods, and device security. This specification also covers
-acceptable use of credentials, warns against code injection risks, and
-underscores the need for accessibility and internationalization
-considerations, advocating for a data-first approach and adherence to
-internationalization standards to ensure correct rendering of
-multilingual text.
+[=Credentials=] are integral to our daily lives: driver's licenses confirm
+our capability to operate motor vehicles; university degrees assert our level
+of education; and government-issued passports attest to our citizenship when 
+traveling between countries. This specification provides a mechanism for
+expressing these sorts of [=credentials=] on the Web in a way that is 
+cryptographically secure, privacy respecting, and machine verifiable. These
+[=credentials=] provide benefits to us when used in the physical world, but
+their use on the Web continues to be elusive.
       </p>
     </section>
 
@@ -312,8 +306,8 @@ <h2>Introduction</h2>
 
       <p>
 [=Credentials=] are integral to our daily lives: driver's licenses confirm
-our capability to operate motor vehicles, university degrees assert our level
-of education, and government-issued passports attest to our citizenship when 
+our capability to operate motor vehicles; university degrees assert our level
+of education; and government-issued passports attest to our citizenship when 
 traveling between countries. This specification provides a mechanism for
 expressing these sorts of [=credentials=] on the Web in a way that is 
 cryptographically secure, privacy respecting, and machine verifiable. These
@@ -4870,9 +4864,9 @@ <h3>Spectrum of Privacy</h3>
 For example, many people would prefer to remain anonymous when purchasing
 alcohol because the regulation is only to verify whether a purchaser is
 above a specific age. In contrast, when filling prescriptions written by
-a medical professional for a patient, the pharmacy must more strongly
-identify both the prescriber and the patient. No single approach to
-privacy works for all use cases.
+a medical professional for a patient, the pharmacy is legally required
+to more strongly identify both the prescriber and the patient. No single
+approach to privacy works for all use cases.
         </p>
 
         <p class="note"
@@ -4980,7 +4974,7 @@ <h3>Personally Identifiable Information</h3>
 [=Issuers=] are strongly advised to provide privacy-protecting [=verifiable
 credentials=] when possible — for example, by issuing `ageOver` [=verifiable
 credentials=] instead of `dateOfBirth` [=verifiable credentials=] for use when a
-[=verifier=] wants to determine whether an [=entity=] is 18 years of age.
+[=verifier=] wants to determine whether an [=entity=] is at least 18 years of age.
         </p>
 
         <p>
@@ -5095,7 +5089,7 @@ <h3>Signature-Based Correlation</h3>
           </li>
           <li>
 cryptographic material associated with the digital signature, such as
-a public key identifier.
+a public key identifier
           </li>
         </ul>
 
@@ -5519,7 +5513,7 @@ <h3>Aggregation of Credentials</h3>
         <p>
 The solution to the privacy implications of correlation or aggregation tends
 not to be technological in nature, but policy-driven instead. Therefore, if a
-[=holder=] wishes to avoid the aggregation of their information, they must
+[=holder=] wishes to avoid the aggregation of their information, they need to
 express this in the [=verifiable presentations=] they transmit, and
 by the [=holders=] and [=verifiers=] to whom they transmit their
 [=verifiable presentations=].
@@ -5728,17 +5722,17 @@ <h3>Data Theft</h3>
 transaction.
         </p>
         <p>
-Regulators are advised to reconsider audit requirements such that mechanisms
-that better preserve privacy can be used to achieve similar enforcement and
-audit capabilities. For example, audit-focused regulations that insist on the
-collection and long-term retention of personally identifiable information can
-cause harm to individuals and organizations if that same information is later
-compromised and accessed by an attacker. The technologies
-described by this specification enable [=holders=] to prove properties about
-themselves and others more readily, reducing the need for long-term data
-retention by [=verifiers=]. Alternatives include keeping logs that the
-information was collected and checked, as well as random tests to ensure
-that compliance regimes are operating as expected.
+Regulators are advised to reconsider existing audit requirements such that
+mechanisms that better preserve privacy can be used to achieve similar
+enforcement and audit capabilities. For example, audit-focused regulations
+that insist on the collection and long-term retention of personally
+identifiable information can cause harm to individuals and organizations
+if that same information is later compromised and accessed by an attacker.
+The technologies described by this specification enable [=holders=] to
+prove properties about themselves and others more readily, reducing the
+need for long-term data retention by [=verifiers=]. Alternatives include
+keeping logs that the information was collected and checked, as well as
+random tests to ensure that compliance regimes are operating as expected.
         </p>
       </section>
 
@@ -5823,7 +5817,7 @@ <h3>Issuer Cooperation Impacts on Privacy</h3>
 such features. In many cases, privacy protections which make use of zero-knowledge
 proofs, data minimization techniques, bearer credentials, abstract claims, and
 protections against signature-based correlation require active support by the
-[=issuer=], who must incorporate those capabilities into the [=verifiable
+[=issuer=], who need to incorporate those capabilities into the [=verifiable
 credentials=] they issue.
         </p>
         <p>
@@ -6741,8 +6735,8 @@ <h3>"Artificial Intelligence" and "Machine Learning"</h3>
 and/or "machine learning" might be capable of performing complex tasks at a
 level that meets or exceeds human performance. This might include tasks such as
 the acquisition and use of [=verifiable credentials=]. Using such tasks to
-distinguish between human and automated "bot" activity, as is
-commonly done today with a <a href="https://en.wikipedia.org/wiki/CAPTCHA">CAPTCHA</a>,
+distinguish between human and automated "bot" activity, as is commonly done
+today with a <a href="https://en.wikipedia.org/wiki/CAPTCHA">CAPTCHA</a>,
 for instance, might thereby cease to provide adequate or acceptable protection.
         </p>
 
