Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix: gender neutral editorials, closes https://github.com/openid/OpenID4VCI/issues/123 #143

Merged
merged 8 commits into from
Dec 18, 2023
Merged

fix: gender neutral editorials, closes https://github.com/openid/OpenID4VCI/issues/123 #143

merged 8 commits into from
Dec 18, 2023

Conversation

peppelinux
Copy link
Member

@peppelinux peppelinux commented Dec 9, 2023
edited by tplooker
Loading

This PR closes #123

@peppelinux peppelinux mentioned this pull request Dec 9, 2023
Closed
Sakurann
Sakurann reviewed Dec 11, 2023
View reviewed changes
Copy link
Collaborator

@Sakurann Sakurann left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

thank you for doing the PR! the current text looks good.

I found one more occurrence of "her". Would it be possible to also fix a sentence in the first security considerations section
from

The Credential Issuer MAY want to ensure that private keys are properly protected from exfiltration and replay to prevent an adversary from impersonating the legitimate Credential holder by presenting her Credential.

to something like?

The Credential Issuer MAY want to ensure that private keys are properly protected from exfiltration and replay to prevent an adversary from impersonating the legitimate Credential holders by presenting their Credentials.

@peppelinux
Copy link
Member Author

oh yes, done @Sakurann

ju-cu
ju-cu requested changes Dec 12, 2023
View reviewed changes
openid-4-verifiable-credential-issuance-1_0.md Outdated Show resolved Hide resolved
openid-4-verifiable-credential-issuance-1_0.md Outdated Show resolved Hide resolved
openid-4-verifiable-credential-issuance-1_0.md Outdated Show resolved Hide resolved
@ju-cu
Copy link
Contributor

ju-cu commented Dec 12, 2023

Missing pronouns:

Line #1675: Use Case: Credential Offer - Cross-Device (with Information Pre-Submitted by the End-User)
The End-User is starting a job at a new employer. An employer has requested the End-User to upload certain documents to the employee portal. A few days later, the End-User receives an email from the employer notifying her that the employee Credential is ready and asking her to scan a QR code to retrieve it. The End-User scans the QR code with her smartphone, which opens her Wallet. Meanwhile, the End-User has received a text message with a Transaction Code to her smartphone. After entering that Transaction Code in the Wallet for security reasons, the End-User confirms the Credential issuance, and receives Credential into the Wallet.

I believe, it does not matter whether or not the User receives the transaction code on the same smartphone, so I suggest to remove that part.

The End-User is starting a job at a new employer. An employer has requested the End-User to upload certain documents to the employee portal. A few days later, the End-User receives an email from the employer with a note that the employee Credential is ready. The email includes a QR code that the End-User should scan to retrieve the Credential.The End-User scans the QR code with a personal smartphone, which opens the Wallet. Meanwhile, the End-User received a text message with a Transaction Code. After entering that Transaction Code in the Wallet, the End-User confirms the Credential issuance, and receives the Credential into the Wallet.

@ju-cu
Copy link
Contributor

ju-cu commented Dec 12, 2023

Missing pronoun:

Line #1685: Wallet Initiated Issuance during Presentation
[...] The Wallet selects a Credential Issuer capable of issuing the lacking Credential and, upon End-User consent, sends the End-User to the Credential Issuer's End-User experience (Web site or app). Upon being authenticated and providing consent to issue the Credential into her Wallet, the End-User is sent back to the Wallet. The Wallet informs the End-User that Credential was successfully issued into the Wallet and is ready to be presented to the verifier app that originally requested presentation of that Credential.

"her Wallet" => "the Wallet"; Avoid duplicate wording at the beginning of a clause ("upon being authenticated").

[...] The Wallet selects a Credential Issuer capable of issuing the lacking Credential and, upon End-User consent, sends the End-User to the Credential Issuer's End-User experience (Web site or app). The Credential Issuer authenticates the End-User and the End-User provides the consent to issue the Credential to the Wallet. Then, the Credential Issuer sends the End-User back to the Wallet. The Wallet informs the End-User that the Credential was successfully issued into the Wallet and that it can now present it to the verifier app that originally requested the presentation of that Credential.

tplooker
tplooker reviewed Dec 12, 2023
View reviewed changes
Copy link
Contributor

@tplooker tplooker left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Minor editorial changes, but with those applied I'm happy to approve

@peppelinux @ju-cu @tplooker
Apply suggestions from code review
a65b250 
Co-authored-by: Judith <[email protected]>
Co-authored-by: Tobias Looker <[email protected]>
selfissued
selfissued requested changes Dec 13, 2023
View reviewed changes
Copy link
Member

@selfissued selfissued left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

As I wrote in the corresponding issue, use of "they" to refer to a single person is grammatically incorrect. The correct way to not use "he" or "she" is to remove the pronouns entirely, replacing them with descriptive phrases like "the End-User".

Please do this. We should not knowingly introduce grammar errors into the specification.

peppelinux
peppelinux commented Dec 13, 2023
View reviewed changes
openid-4-verifiable-credential-issuance-1_0.md
@@ -1668,27 +1668,27 @@ This is a non-exhaustive list of sample use cases.

## Credential Offer - Same-Device {#use-case-3}

While browsing the university's home page, the End-User finds a link "request your digital diploma". The End-User clicks on this link and is being redirected to a digital Wallet. The Wallet notifies the End-User that a Credential Issuer offered to issue a diploma Credential. User confirms this inquiry and is taken to the university's Credential issuance service's End-User experience. After authenticating at the university and consenting to the issuance of a digital diploma, the End-User is sent back to the Wallet, where she can check the successful creation of the digital diploma.
While browsing the university's home page, the End-User finds a link "request your digital diploma". The End-User clicks on this link and is being redirected to a digital Wallet. The Wallet notifies the End-User that a Credential Issuer offered to issue a diploma Credential. User confirms this inquiry and is taken to the university's Credential issuance service's End-User experience. Upon successful authentication at the university and consent to the issuance of a digital diploma, the End-User is redirected back to the Wallet. Here, the End-User can verify the successful creation of the digital diploma.
Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
While browsing the university's home page, the End-User finds a link "request your digital diploma". The End-User clicks on this link and is being redirected to a digital Wallet. The Wallet notifies the End-User that a Credential Issuer offered to issue a diploma Credential. User confirms this inquiry and is taken to the university's Credential issuance service's End-User experience. Upon successful authentication at the university and consent to the issuance of a digital diploma, the End-User is redirected back to the Wallet. Here, the End-User can verify the successful creation of the digital diploma.
While browsing the university's home page, the End-User finds a link "request your digital diploma". The End-User clicks on this link and is being redirected to a digital Wallet. The Wallet notifies the End-User that a Credential Issuer offered to issue a diploma Credential. End-User confirms this inquiry and is taken to the university's Credential issuance service's End-User experience. Upon successful authentication at the university and consent to the issuance of a digital diploma, the End-User is redirected back to the Wallet. Here, the End-User can verify the successful creation of the digital diploma.

@Sakurann
Copy link
Collaborator

"they" to refer to a single person is grammatically incorrect.

I don't think this is incorrect anymore, or at least rapidly changing, with a lot of people choosing to use "they" as a pronoun pointing to an individual.
I agree we should probably use "end-user" wherever possible, but wanted to clarify that we are not doing that because it is grammatically incorrect.

@peppelinux
Copy link
Member Author

I didn't attended the editor's call, and probably I don't know the details behind this discussion. I just want to say that I removed any "he/she/they" related to human subjects and I can continue doing this if you would kindly point me in the text where these pronouns are, if I miss some of them

peppelinux
peppelinux commented Dec 14, 2023
View reviewed changes
openid-4-verifiable-credential-issuance-1_0.md
@@ -1250,7 +1250,7 @@ This specification also defines a new OAuth 2.0 Authorization Server metadata [@

Credential Issuers often want to know what Wallet they are issuing Credentials to and how private keys are managed for the following reasons:
Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
Credential Issuers often want to know what Wallet they are issuing Credentials to and how private keys are managed for the following reasons:
Credential Issuers needs to know the Wallet that is receiving the Credentials and the security measures in place for managing private keys, for the following reasons:

Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

the original text honestly sounds ok..

peppelinux
peppelinux commented Dec 14, 2023
View reviewed changes
openid-4-verifiable-credential-issuance-1_0.md
@@ -1250,7 +1250,7 @@ This specification also defines a new OAuth 2.0 Authorization Server metadata [@

Credential Issuers often want to know what Wallet they are issuing Credentials to and how private keys are managed for the following reasons:

* The Credential Issuer MAY want to ensure that private keys are properly protected from exfiltration and replay to prevent an adversary from impersonating the legitimate Credential holder by presenting her Credential.
* The Credential Issuer MAY want to ensure that private keys are properly protected from exfiltration and replay to prevent an adversary from impersonating the legitimate Credential Holders by presenting their Credentials.
Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
* The Credential Issuer MAY want to ensure that private keys are properly protected from exfiltration and replay to prevent an adversary from impersonating the legitimate Credential Holders by presenting their Credentials.
* The Credential Issuer MAY want to ensure that private keys are adequately protected against exfiltration and replay. This precaution helps prevent adversaries from impersonating legitimate Credential Holders and presenting the Credentials.

Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

the original text is grammatically correct, too :).

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I'm neutral, I only have tried to resolve the pending comments. If the authors agreed they may reject or merge this last suggestion, no worries.

@peppelinux
Copy link
Member Author

@selfissued I have added some additional rewording in the desperate will to remove any concerning element. Please review

@Sakurann
Copy link
Collaborator

@selfissued can you please point to the specific instances of the usage of they that you are requesting changes?

@Sakurann Sakurann requested a review from selfissued December 14, 2023 17:25
selfissued
selfissued approved these changes Dec 16, 2023
View reviewed changes
Copy link
Member

@selfissued selfissued left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM now - thanks

@Sakurann Sakurann merged commit 06c2d06 into main Dec 18, 2023
2 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@Sakurann Sakurann Sakurann approved these changes

@ju-cu ju-cu ju-cu approved these changes

@tplooker tplooker tplooker approved these changes

@selfissued selfissued selfissued approved these changes

@jogu jogu Awaiting requested review from jogu

@danielfett danielfett Awaiting requested review from danielfett

@tlodderstedt tlodderstedt Awaiting requested review from tlodderstedt

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Gender-neutral language
5 participants
@peppelinux @ju-cu @Sakurann @selfissued @tplooker