bot: autopublish

trustoverip · Nov 30, 2023 · f172dad · f172dad
1 parent aeb8f00
commit f172dad
Showing 1 changed file with 10 additions and 1 deletion.
diff --git a/docs/index.html b/docs/index.html
@@ -259,13 +259,21 @@ <h4 class='ui smallest header'  id="profiledocumentsample">Profile Document Samp
   }
 }
 </code></pre>
+<h3 class='ui small header'  id="securityconsiderations">Security Considerations</h3>
+<p>This section describe a non-normative, non-exhaustive list of security considerations. </p>
+<h4 class='ui smallest header'  id="cryptographysuitesandlibraries">Cryptography Suites and Libraries</h4>
+<p><em>This section is non-normative.</em></p>
+<p>Some aspects of the profile model described in this specification can be protected through the use of cryptography. It is important for implementers to understand the cryptography suites and libraries used to create and process credentials and presentations. Implementing and auditing cryptography systems generally requires substantial experience. Effective red teaming can also help remove bias from security reviews.</p>
+<h4 class='ui smallest header'  id="unsignedprofiledocuments">Unsigned Profile Documents</h4>
+<p><em>This section is non-normative.</em></p>
+<p>This specification allows profiles to be produced that do not contain signatures or proofs of any kind. These types of profiles are often useful for cases where users may not have the ability to take advantage of the cryptographic proof mechanisms. Endpoint systems should be aware that these types of profiles are not verifiable because the authorship either is not known or cannot be trusted.</p>
 <h3 class='ui small header'  id="futurework">Future Work</h3>
 <p><strong>Service Descriptors and Capability Declarations</strong> We intentionally excluded a
 feature from this specification that we are eager to explore in future versions.
 This pertains to defining the capabilities or services associated with the
 profile data. By outlining the functions embodied by the profile, this section
 provides clarity on the profile's purpose and its role within the DID ecosystem.</p>
-<h3 class='ui small header'  id="references">References</h3>
+<h3 class='ui small header'  id="referencesandacknowledgements">References and Acknowledgements</h3>
 <ul class='ui list' >
 <li class='ui item' >Initial Proposal: https://github.com/trustoverip/tswg-trust-registry-tf/discussions/96</li>
 <li class='ui item' >DID Linked Resources :
@@ -274,6 +282,7 @@ <h3 class='ui small header'  id="references">References</h3>
 <li class='ui item' >DID Core: https://www.w3.org/TR/did-core/ - Referenced mainly the DID Core spec.</li>
 <li class='ui item' >DIDComm Messaging:  https://identity.foundation/didcomm-messaging/spec/ - used
 for understanding how to update the service endpoint of the DID Document.</li>
+<li class='ui item' >https://www.w3.org/TR/vc-data-model/ : For the securtiy considerations and guidance on the profile document structure. </li>
 </ul>
 
 </body>