From 2a5e1b45d3bee5f42c389db66ea4154c1483a99a Mon Sep 17 00:00:00 2001
From: Chris <34170038+bluesteens@users.noreply.github.com>
Date: Thu, 14 Sep 2023 15:32:52 +0200
Subject: [PATCH] limitation of audit scope re DIDComm added
---
content/DRAFT/index.html | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/content/DRAFT/index.html b/content/DRAFT/index.html
index 0e08e19..bd3ac0f 100644
--- a/content/DRAFT/index.html
+++ b/content/DRAFT/index.html
@@ -175,6 +175,10 @@ Scope of formal audit
Since the nature of the various conformance criteria differs, auditors SHOULD distinguish between Test of Details and Test of Controls as applicable to individual criteria or groups of criteria.
To the extent that OCI conformance criteria are covered by another audit, auditors MAY rely on audit work performed by other trustworthy entities to avoid duplication of work, for example in the context of a SOC2 or ISO audit.
+ Temporary limitation of audit scope
+ OCI has not yet standardized the DIDComm-based wallet-to-wallet communication that is to be implemented by Digital Wallet Providers. Since the initial overview of technologies proposed in the Digital Wallet Conformance Criteria only permits the implementation of custom DIDComm flows that might be outside of OCI's future recommendations,
+ OCI does not require conformance with any DIDcomm-specific elements of the Digital Wallet Conformance Criteria until the respective specifications have been updated. In this transition period, OCI permits other technological means for the issuance and exchange of verifiable credentials, such as API-based approaches.
+
Test of Details
OCI defines Test of Details as any audit method that assesses factual evidence of whether the required conformance criteria have been met as stated.
This is a direct testing approach and may involve methods such as sampling, reperformance, or analytical review.