Define registry inclusion rules

index.html

@@ -423,8 +423,11 @@ <h2>
       </p>
     </section>
     <h2 id="protocol-registry">
-      Registry of protocols for requesting digital credential
+      Registry of protocols
     </h2>
+    <p>
+      Initiating the registration a protocol is done by <a href="https://github.com/w3c-fedid/digital-credentials/issues">filing an issue</a> in our GitHub repository.
+     </p>
     <p>
       The following is the registry of [=digital credential/exchange
       protocols=] that are supported by this specification.
@@ -434,11 +437,114 @@ <h2 id="protocol-registry">
       the future.
     </p>
     <h3>
-      Inclusion criteria
+      General inclusion criteria
     </h3>
+    <aside class="note">
+      The below criteria are a work in progress and are likely to change as
+      this document evolves.
+    </aside>
     <p>
-      To be included in the registry...
+      To be included in the registry, the [=digital credential/exchange
+      protocol=]:
     </p>
+    <ol>
+      <li>MUST be standardized at a <a href=
+      "https://www.w3.org/liaisons/">consortium the W3C liaises with</a>
+      </li>
+      <li>MUST be defined in a specification which is freely and publicly
+      available at the stable URL listed in the registry.
+      </li>
+      <li>MUST define a representation, as either a [[WebIDL]] [=dictionary=]
+      or a JSON object, of the [=digital credential/exchange protocol=] request
+      structure (i.e., the [=dictionary=] which defines the semantics and
+      validation of the {{DigitalCredentialsProvider}}'s
+      {{DigitalCredentialsProvider/request}} member.
+      </li>
+      <li>MUST define a representation, as either a [[WebIDL]] [=dictionary=]
+      or a JSON object, of the [=digital credential/exchange protocol=]
+      response structure (i.e., the [=dictionary=] which defines the
+      semantics and validation of the {{DigitalCredential}}'s 
+      {{DigitalCredential/data}} member.
+      </li>
+      <li>MUST define validation rules for members of the request and response
+      structures.
+      </li>
+      <li>MUST have undergone privacy review by the W3C's <a href="https://www.w3.org/Privacy/IG/">Privacy Interest
+      Group</a> and <a href="https://www.w3.org/groups/wg/fedid/">Federated Identity Working Group</a>.
+      <aside class="note" title="Organizing reviews">
+        Once an expression of registration is received via GitHub, the registry maintainers will organize the privacy review with the <a href="https://www.w3.org/Privacy/IG/">Privacy Interest Group</a> . Please see the [[[[security-privacy-questionnaire]]] for the kind of questions that will be asked of the protocol you are registering. 
+      </aside>
+      </li>
+      <li>MUST have undergone security review by the  <a href="https://www.w3.org/groups/wg/fedid/">Federated Identity Working Group</a>.
+      </li>
+      <li>MUST have implementation commitment from at least one browser engine,
+      one credential provider/wallet, and one issuer or verifier (depending on
+      the protocol type). Each component MUST be from independent organizations.
+      </li>
+      <li>MUST have formally recorded consensus by the Federated Identity Working Group to be
+      included in the registry.
+      </li>
+    </ol>
+    <h4>
+      Presentation-specific inclusion criteria
+    </h4>
+    <p>
+      To be included as a presentation protocol in the registry (used with
+      `navigator.credentials.get`), the [=digital credential/exchange
+      protocol=]:
+    </p>
+    <ol>
+      <li>MUST support response encryption.
+      </li>
+      <li>MUST encrypt any response containing personally identifiable
+      information (PII).
+      </li>
+    </ol>
+    <h3>
+      Change process
+    </h3>
+    <p>
+      To add a new [=digital credential/exchange protocol=] to the registry, or
+      to update an existing one:
+    </p>
+    <dl>
+      <dt>
+        Define a protocol identifier
+      </dt>
+      <dd>
+        The protocol identifier MUST be a unique string that is not already in
+        use in the registry. Use only lowercase ASCII letters, digits, and
+        hyphens (e.g., "protocol", "the-protocol"). The protocol identifier 
+        MUST uniquely define the set of required parameters and/or behavior
+        that a digital credential provider implementation needs to support 
+        to successfully handle the request. If the set of required parameters 
+        or behaviors is updated in a way which would require a digital credential
+        provider to also require an update to remain functional, a new protocol 
+        identifier MUST be assigned and be added to the registry.
+      </dd>
+      <dt>
+        Specify a protocol type
+      </dt>
+      <dd>
+        The protocol type is either "Presentation" for presentation protocols
+        used with `navigator.credentials.get` or "Issuance" for issuance
+        protocols used with `navigator.credentials.create`.
+      </dd>
+      <dt>
+        Describe the protocol
+      </dt>
+      <dd>
+        The description MUST be a brief summary of the protocol's purpose and
+        use case.
+      </dd>
+      <dt>
+        Provide a link to the specification
+      </dt>
+      <dd>
+        The specification MUST be a stable URL that points to the authoritative
+        source for the protocol, including validation rules.
+      </dd>
+    </dl>
     <aside class="issue" data-number="58"></aside>
     <p>
       [=User agents=] MUST support the following [=digital credential/exchange
@@ -452,13 +558,15 @@ <h3>
       <thead>
         <tr>
           <th>
-            Protocol identifier
+            <dfn data-dfn-for="digital credentials registry">Protocol
+            identifier</dfn>
           </th>
           <th>
-            Description
+            <dfn data-dfn-for="digital credentials registry">Type</dfn>
           </th>
           <th>
-            Specification
+            <dfn data-dfn-for=
+            "digital credentials registry">Specification</dfn>
           </th>
         </tr>
       </thead>