Merge pull request #7 from Open-Credentialing-Initiative/bluesteens-d…

…idcomm

limitation of audit scope re DIDComm added

content/DRAFT/index.html

@@ -175,6 +175,10 @@ <h3>Scope of formal audit</h3>
           Since the nature of the various conformance criteria differs, auditors SHOULD distinguish between Test of Details and Test of Controls as applicable to individual criteria or groups of criteria.<br><br>
           To the extent that OCI conformance criteria are covered by another audit, auditors MAY rely on audit work performed by other trustworthy entities to avoid duplication of work, for example in the context of a SOC2 or ISO audit.
         </p>
+        <b>Temporary limitation of audit scope</b>
+        <p> OCI has not yet standardized the DIDComm-based wallet-to-wallet communication that is to be implemented by Digital Wallet Providers. Since the initial overview of technologies proposed in the <a href="https://open-credentialing-initiative.github.io/Digital-Wallet-Conformance-Criteria/latest/index.html">Digital Wallet Conformance Criteria</a> only permits the implementation of custom DIDComm flows that might be outside of OCI's future recommendations, 
+          OCI does not require conformance with any DIDcomm-specific elements of the Digital Wallet Conformance Criteria until the respective specifications have been updated. In this transition period, OCI permits other technological means for the issuance and exchange of verifiable credentials, such as API-based approaches.
+        </p>
       <h3>Test of Details</h3>
         <p>OCI defines Test of Details as any audit method that assesses factual evidence of whether the required conformance criteria have been met as stated. <br><br>
           This is a direct testing approach and may involve methods such as sampling, reperformance, or analytical review.