Pillar 2: Security - Presentation Protocols

[tlodderstedt]

I would argue bullets i-iv & vi describe requirements for the implementation of a wallet while only v is about the protocol between wallet and verifier. I suggest to add the following requirements:

• protocols shall ensure the integrity of the exchange, e.g. prevent injection, phishing, and session fixation attacks
• protocols shall ensure confidentiality of the exchange, e.g. prevent credentials from leakage
• protocols shall prevent replay of credential presentations being exchange, e.g. through binding of the presentation to a transaction specific nonce and an audience
• protocols shall enable the holder to reliably authenticate the verifier (as a basis for informed consent and potential follow-up actions, such as complaints)

[tlodderstedt]

I would also encourage you to add a similar section on issuance protocols.

[andy-tobin]

I think these four additions are valid and useful additions, thanks @tlodderstedt. The first three are fairly generic for issuance and presentation (and other bidirectional interactions).

Would you mind submitting a pull request to this effect, but leave out the words in brackets on the last bullet point (as we don't want to specify particular follow-on actions).