multiple comments on the introduction section

[patsc]

Find below a few comments on the introduction section:

• Paragraph 1.1

  • "A verifiable credential can represent all the same information that a physical credential represents." to my understanding this implies that a "verifiable credential" is a digital object (at least something different than a "physical credential"), however, this has not been explicitly said/defined yet.
  • "The persistence of digital information, and the ease with which disparate sources of digital...., comprise a privacy concern that the use of verifiable and easily machine-readable credentials threatens to make worse." one might add here that for physical equivalents the security measures are typically "intuitive" and understandable for the average user, whereas security measures for the digital equivalent are typically difficult to understand for non-experts.
  • The last two sentence in 1.1 "Instead, upon establishing the authenticity and currency of a verifiable credential or verifiable presentation, a verifier validates the included claims using their own business rules before relying on them. Such reliance only occurs after evaluating the issuer, the proof, the subject, and the claims against one or more verifier policies." sound to me more confusing than helpful. It is, for example, unclear to me, if mentioning "business rules" in this context helps.

• Paragraph 1.2

  • I guess "Example holders include students, employees, and customers." is not necessary might create more confusion.
  • Wouldn't it make sense to say that in many cases the subject coincides with the holder (e.g., passport)?
  • Does the role "verifier" not include the process of "verifying" the correctness/integrity of a claim in a verifiable credential/presentation? Also here, the examples do not make too much sense from my point of view, perhaps one could add what they are verifying (e.g., a website checks that a user controls the correct authentication credentials associated with the claimed identity)
  • In "verifiable data registry" a "system" is introduced as a new term. Furthermore, the sub-sentence "... which might require using verifiable credentials." seems not necessary and confusing. In the last sentence of the definition an "is" is missing ("...more than one type of verifiable data registry IS used in an ecosystem.").
  • In Figure 1: How does an issuer verify identifiers?
  • The "NOTE: Other types of ecosystems exist" is not adding any additional information, also "ecosystem" is not defined. It is unclear to me, why "ecosystem" in Figure 1 could not be a "protected environment" or a "proprietary systems"?
  • The difference to the federated identity provider model is not clear to me at this stage in the way it is formulated. For example, in OpenID Connect the userinfo endpoint might provide additional information about the user to the relying party.