From f634b5499897b2470a3b18b30eb365b591ec120d Mon Sep 17 00:00:00 2001 From: Manu Sporny Date: Tue, 23 Jan 2024 14:20:02 -0500 Subject: [PATCH] Fix grammar in Security Considerations section on Deletion. Co-authored-by: Ted Thibodeau Jr --- index.html | 25 ++++++++++++------------- 1 file changed, 12 insertions(+), 13 deletions(-) diff --git a/index.html b/index.html index d54987a..3b2ff25 100644 --- a/index.html +++ b/index.html @@ -1117,7 +1117,7 @@

Deletion

The APIs provided by this specification enable the deletion of verifiable credentials and verifiable presentations from storage services. The result of these deletions -and the side-effects caused by them are out of scope for this specification. +and the side-effects they might cause are out of scope for this specification. However, implementers are advised to understand the various ways deletion can be implemented. There are at least two types of deletion that are contemplated by this specification. @@ -1126,31 +1126,30 @@

Deletion

Partial deletion marks a record for deletion but continues to store some or all of the original information. This mode of operation can be useful if -there are requirements to be able to audit all credentials or presentations over -a particular time period or if recovering the original credential might be a -useful feature to provide an entity. +there are audit requirements for all credentials and/or presentations over +a particular time period, or if recovering an original credential might be a +useful feature to provide.

Complete deletion purges all information related to a given verifiable credential or verifiable presentation in a way that is unrecoverable. This mode of operation can be useful when removing information -that is outdated and beyond the needs of an audit or when responding to any +that is outdated and beyond the needs of any audit or when responding to any sort of "right to be forgotten" request.

-When deleting a verifiable credential, what to do with the status -information needs to be considered. Some use cases might call for a deletion +When deleting a verifiable credential, handling of its status +information needs to be considered. Some use cases might call for deletion of a particular verifiable credential to also set the revocation -and suspension bits of the verifiable credential such that any sort of -status check for the deleted credential fails and usage of the credential is +and suspension bits of that verifiable credential, such that any sort of +status check for the deleted credential fails and use of the credential is halted.

-Given the scenarios above, it is advisable that implementers allow the -moderation of what happens after a delete to be programmable such that -system flexibility is achieved to address any verifiable credential use -case. +Given the scenarios above, implementers are advised to allow the system actions +that occur after a delete to be configurable, such that system flexibility is +sufficient to address any verifiable credential use case.