of “authorized to use the service” will be application specific.
either party to reveal sensitive information unencrypted.
the User’s location information unless this is necessary as part of service
provision or necessary for the server to verify that
the user is authorized to use the service.
identifiers that can be straightforwardly linked to the User’s real-world
identity (VIN, license number, etc.).
shall, as far as practical, use temporary and one-time identifiers. Separate
instances of the exchange shall, as far as
practical, not use identifiers (USER MAC address, UE-ID (IMEI) , IP address, certificate,
temporary ID, session ID, etc.) that have been used in a previous instance of
§Removal of Misbehaving
architecture and systems are designed to address all these needs – now we are
testing them to see how well they work, both with transactional data, and in
able to detect bad actors/bad data