The term Issuer SHOULD NOT be used to refer to an entity acting "for all three roles"

[Denisthemalice]

On page 3, the text states:

If not further specified, the term Issuer may refer to an entity acting for all three roles.

This sentence should be removed.

The role of the Issuer and of the Status Issuer should be kept separate in the whole document.
A Status Issuer does not have access to the data that has been provided when the user was enrolled by the Issuer.

As a consequence, the following sentence should be reconsidered:

If the roles of the Issuer and the Status Provider are performed by
two different entities, this may give additional privacy assurances
as the Issuer has no means to identify the Relying Party or its
request.

These "additional privacy assurances" exist as soon as the role of the Issuer and of the Status Issuer are kept separate.

[paulbastian]

Could you elaborate at which parts of the draft it does not fit in your opinion?

[Denisthemalice]

See the issue #227 "Which keys should be used to sign and verify Status List Tokens ?" which contains more details.

If the same key is used to sign the Referenced Token and the Token Status List, then the term Issuer may refer to an entity acting for all three roles.

If the Issuer and the Status Issuer use different keys, then the role of the entity signing Referenced Tokens should not be confused with the role of the entity signing Token Status Lists.

[paulbastian]

And are there particular sections in the draft where you think the usage of the term "Issuer" is not correct?

[paulbastian]

Editors Call:

• pending close unless specific line references to the draft are given on this issue

[paulbastian]

The issues from #227 are being resolved in #248