Add normative text requiring protecting VCs and VPs.

Co-authored-by: Joe Andrieu <[email protected]> Co-authored-by: Gabe <[email protected]> Co-authored-by: Manu Sporny <[email protected]> Co-authored-by: Ted Thibodeau Jr <[email protected]>
w3c · Sep 29, 2023 · 286c2b2 · 286c2b2
1 parent 77f95bc
commit 286c2b2
Showing 1 changed file with 11 additions and 7 deletions.
diff --git a/index.html b/index.html
@@ -582,13 +582,13 @@ <h3>Use Cases and Requirements</h3>
         </p>
 
         <p>
-Digital proof mechanisms, a subset of which are digital signatures, are required
-to ensure the protection of a <a>verifiable credential</a>. Having and
-validating proofs, which may be dependent on the syntax of the proof
+<a>Verifiable credential</a> and <a>verifiable presentation</a> MUST be protected using a digital proof
+mechanism such as a digital signature. Having and
+verifying proofs, which may be dependent on the syntax of the proof
 (for example, using the JSON Web Signature of a JSON Web Token for proofing a
-key holder), are an essential part of processing a <a>verifiable credential</a>.
+key holder), are an essential part of processing <a>verifiable credentials</a> and <a>verifiable presentations</a>.
 At the time of publication, Working Group members had implemented
-<a>verifiable credentials</a> using at least three proof mechanisms:
+such protection using at least three proof mechanisms:
         </p>
 
         <ul>
@@ -612,8 +612,8 @@ <h3>Use Cases and Requirements</h3>
 One of the goals of this specification is to provide a data model that can be
 protected by a variety of current and future digital proof mechanisms.
 Conformance to this specification does not depend on the details of a particular
-proof mechanism; it requires clearly identifying the mechanism a
-<a>verifiable credential</a> uses.
+proof mechanism; it requires clearly identifying the mechanism used by
+each <a>verifiable credential</a> and <a>verifiable presentation</a>.
         </p>
 
         <p>
@@ -1994,6 +1994,10 @@ <h3>Securing Verifiable Credentials</h3>
 mutually exclusive.
         </p>
         <p>
+<a>Verifiable credentials</a> and <a>verifiable presentations</a> MUST be secured by at least
+one securing method.
+        </p>
+        <p>
 Methods of securing <a>verifiable credentials</a> or
 <a>verifiable presentations</a> that embed a proof in the data model MUST use
 the <code>proof</code> <a>property</a>.