Define registry inclusion rules

index.html

@@ -423,7 +423,7 @@ <h2>
       </p>
     </section>
     <h2 id="protocol-registry">
-      Registry of protocols for requesting digital credential
+      Registry of protocols
     </h2>
     <p>
       The following is the registry of [=digital credential/exchange
@@ -434,11 +434,112 @@ <h2 id="protocol-registry">
       the future.
     </p>
     <h3>
-      Inclusion criteria
+      General inclusion criteria
     </h3>
+    <aside class="note">
+      The below criteria are a work in progress and are likely to change as
+      this document evolves.
+    </aside>
     <p>
-      To be included in the registry...
+      To be included in the registry, the [=digital credential/exchange
+      protocol=]:
     </p>
+    <ol>
+      <li>MUST be standardized at a <a href=
+      "https://www.w3.org/liaisons/">consortium the W3C liaises with</a>
+      </li>
+      <li>MUST be defined in a specification which is freely and publicly
+      available at the stable URL listed in the registry.
+      </li>
+      <li>MUST define a representation, as either a [[WebIDL]] [=dictionary=]
+      or a JSON object, of the [=digital credential/exchange protocol=] request
+      structure (i.e., the [=dictionary=] which defines the semantics and
+      validation of the {{DigitalCredentialsProvider}}'s
+      {{DigitalCredentialsProvider/request}} member.
+      </li>
+      <li>MUST define a representation, as either a [[WebIDL]] [=dictionary=]
+      or a JSON object, of the [=digital credential/exchange protocol=]
+      response structure (i.e., the [=dictionary=] which defines the
+      semantics and validation of the {{DigitalCredential}}'s 
+      {{DigitalCredential/data}} member.
+      </li>
+      <li>MUST define validation rules for members of the request and response
+      structures.
+      </li>
+      <li>MUST have undergone privacy review by the W3C's Privacy Interest
+      Group and Federated Identity Working Group.
+      </li>
+      <li>MUST have undergone security review by the Federated Identity Working
+      Group.
+      </li>
+      <li>MUST have implementation commitment from at least one browser engine,
+      one credential provider/wallet, and one issuer or verifier (depending on
+      the protocol type). Each component MUST be from independent organizations.
+      </li>
+      <li>MUST have formally recorded consensus by the Working Group to be
+      included in the registry.
+      </li>
+    </ol>
+    <h4>
+      Presentation-specific inclusion criteria
+    </h4>
+    <p>
+      To be included as a presentation protocol in the registry (used with
+      `navigator.credentials.get`), the [=digital credential/exchange
+      protocol=]:
+    </p>
+    <ol>
+      <li>MUST support response encryption.
+      </li>
+      <li>MUST encrypt any response containing personally identifiable
+      information (PII).
+      </li>
+    </ol>
+    <h3>
+      Change process
+    </h3>
+    <p>
+      To add a new [=digital credential/exchange protocol=] to the registry, or
+      to update an existing one:
+    </p>
+    <dl>
+      <dt>
+        Define a protocol identifier
+      </dt>
+      <dd>
+        The protocol identifier MUST be a unique string that is not already in
+        use in the registry. Use only lowercase ASCII letters, digits, and
+        hyphens (e.g., "protocol", "the-protocol"). The protocol identifier 
+        MUST uniquely define the set of required parameters and/or behavior
+        that a digital credential provider implementation needs to support 
+        to successfully handle the request. If the set of required parameters 
+        or behaviors is updated in a way which would require a digital credential
+        provider to also require an update to remain functional, a new protocol 
+        identifier MUST be assigned and be added to the registry.
+      </dd>
+      <dt>
+        Specify a protocol type
+      </dt>
+      <dd>
+        The protocol type is either "Presentation" for presentation protocols
+        used with `navigator.credentials.get` or "Issuance" for issuance
+        protocols used with `navigator.credentials.create`.
+      </dd>
+      <dt>
+        Describe the protocol
+      </dt>
+      <dd>
+        The description MUST be a brief summary of the protocol's purpose and
+        use case.
+      </dd>
+      <dt>
+        Provide a link to the specification
+      </dt>
+      <dd>
+        The specification MUST be a stable URL that points to the authoritative
+        source for the protocol, including validation rules.
+      </dd>
+    </dl>
     <aside class="issue" data-number="58"></aside>
     <p>
       [=User agents=] MUST support the following [=digital credential/exchange
@@ -452,13 +553,15 @@ <h3>
       <thead>
         <tr>
           <th>
-            Protocol identifier
+            <dfn data-dfn-for="digital credentials registry">Protocol
+            identifier</dfn>
           </th>
           <th>
-            Description
+            <dfn data-dfn-for="digital credentials registry">Type</dfn>
           </th>
           <th>
-            Specification
+            <dfn data-dfn-for=
+            "digital credentials registry">Specification</dfn>
           </th>
         </tr>
       </thead>