SID-PRIV-01 — Minimal Disclosure Enforcement

Property	Value
Owner	platform
Category	technical
CSF Function	protect
Group	Privacy Controls

Description

OID4VP limit_disclosure='required' enforces only explicitly requested fields are disclosed. DCQL (Digital Credentials Query Language) enables precise credential and claim selection. SD-JWT and mDOC both support per-claim/element selective disclosure.

Components

VC Issuer/Verifier
Wallet Backend (Go)

Source References

go-wallet-backend/oid4vp.go
vc/openid4vp/dcql.go

Framework Requirements

EUDI Security Requirements: WUM-8.2.2-Fun-10, WUP-8.2.3-Fun-11

FitCEM Wallet Instance: FIT-DS-04, FIT-AU-16

ISO 27001 Annex A: A.5.34, A.8.11, A.8.12

GDPR Checklist: Take data protection into account at all times, object to you processing

OWASP ASVS 4.0.3 Level 3: V1.8, V8.3

STRIDE Threat Model: FT-I-1

Description​

Components​

Source References​

Framework Requirements​

Description

Components

Source References

Framework Requirements