15:04:12 RRSAgent has joined #credential-threats 15:04:16 logging to https://www.w3.org/2024/09/25-credential-threats-irc 15:04:16 RRSAgent, do not leave 15:04:17 RRSAgent, make logs public 15:04:18 Meeting: Mitigate Threats for Digital Credentials API 15:04:18 Chair: Simone Onofri 15:04:18 Agenda: https://github.com/w3c/tpac2024-breakouts/issues/98 15:04:18 Zakim has joined #credential-threats 15:04:19 Zakim, clear agenda 15:04:19 agenda cleared 15:04:19 Zakim, agenda+ Pick a scribe 15:04:20 agendum 1 added 15:04:20 Zakim, agenda+ Reminders: code of conduct, health policies, recorded session policy 15:04:20 agendum 2 added 15:04:20 Zakim, agenda+ Goal of this session 15:04:23 agendum 3 added 15:04:23 Zakim, agenda+ Discussion 15:04:23 agendum 4 added 15:04:23 Zakim, agenda+ Next steps / where discussion continues 15:04:23 agendum 5 added 15:04:23 tpac-breakout-bot has left #credential-threats 17:07:37 simone has joined #credential-threats 17:24:07 denkeni has joined #credential-threats 18:19:01 rbyers has joined #credential-threats 18:19:07 present+ 18:19:17 reillyg has joined #credential-threats 18:21:04 dezell has joined #credential-threats 18:21:09 present+ 18:21:50 kdenhartog has joined #credential-threats 18:22:09 scribe+ 18:22:24 RRSAgent, draft minutes 18:22:25 I have made the request to generate https://www.w3.org/2024/09/25-credential-threats-minutes.html reillyg 18:22:32 Geun-Hyung has joined #credential-threats 18:23:22 present+ 18:23:32 present+ 18:23:52 DavidTurner has joined #credential-threats 18:23:56 wes-smith has joined #credential-threats 18:24:00 bumblefudge has joined #credential-threats 18:24:00 ErikAnderson has joined #credential-threats 18:24:04 AramZS has joined #credential-threats 18:24:05 slideset https://docs.google.com/presentation/d/10wT2N4b5I2DX41hQY7uPX8cMpmHzCBcflp33ZB9I67s/edit?usp=drivesdk 18:24:05 present+ 18:24:06 present+ 18:24:12 present+ 18:24:17 should we self-introduce on irc? 18:24:17 [slide 3] 18:24:17 present+ 18:24:19 svaldez has joined #credential-threats 18:24:20 GregB has joined #credential-threats 18:24:36 Wip has joined #credential-threats 18:24:38 mandyv has joined #credential-threats 18:24:39 present+ 18:24:41 present+ 18:24:43 present+ 18:24:52 [slide 4] 18:25:02 present+ 18:25:12 present+ 18:25:59 [slide 5 18:26:06 s/[slide 5/[slide 5]/ 18:27:33 [slide 6] 18:28:36 [slide 7] 18:28:52 RRSAgent, draft minutes 18:28:54 I have made the request to generate https://www.w3.org/2024/09/25-credential-threats-minutes.html reillyg 18:29:12 xfq has joined #credential-threats 18:29:16 present+ 18:32:03 [slide 8] 18:32:38 [slide 9] 18:33:27 simone: The user (holder) only needs to trust the browser and wallet. 18:33:42 [slide 10] 18:35:55 [slide 11] 18:37:07 [slide 12] 18:37:58 [slide 13] 18:38:33 q+ 18:38:50 [slide 14] 18:39:44 [slide 15] 18:39:58 [slide 20] 18:40:14 wseltzer has joined #credential-threats 18:40:22 threat modeling document not open on gdocs 18:40:33 or rather, the credentials i'm presenting aren't enough to see it :D 18:41:13 ack rbyers 18:41:13 q? 18:41:27 Q+ to talk about framing concepts 18:41:39 rbyers: Let's discuss perpetuating sharing of data by making an API available. 18:42:17 ... Today with the EUDI wallet when using a custom scheme it goes directly to the wallet, while the browser API goes through extra screens. 18:42:20 q+ 18:42:34 ... So the browser API has greater friction. Does that make it less available? 18:43:02 for the scribe 18:43:12 that's anthony nadalin 18:43:34 https://github.com/WICG/mobile-document-request-api/issues/6 18:43:34 ^ tried adding this to the slides as a definition of Jevon's Paradox but its permissions are locked down 18:44:10 Tony: You might trust the custom scheme more than the browser because the API is more opaque to it. 18:44:41 rbyers: The question here is whether the browser here to be the user's agent (protecting user privacy) or is it a threat actor (potentially mining user data)? 18:44:51 ... That's a reasonable perspective but I disagree. 18:46:04 q+ 18:46:04 Muhammad, is an API or custom scheme easier for the developers? 18:46:21 rbyers: I don't think choice of tech will influence adoption, except for interoperability. 18:46:42 Tony: Browsers may deprecate or block specific custom URI schemes. 18:47:11 rbyers: Chrome's latest position is that it will not block custom URI schemes, but may introduce speedbumps. 18:47:37 ... We were concerned about malicious web sites reaching out to wallets via custom schemes 18:47:52 ... I believe Firefox has gone on the record that they may block. 18:47:59 q? 18:47:59 Tony: There are issues both ways. 18:48:04 q? 18:48:08 q? 18:48:21 nina has joined #credential-threats 18:48:26 ack bum 18:48:26 bumblefudge, you wanted to talk about framing concepts 18:48:50 mamir has joined #credential-threats 18:49:15 bumblefudge, It feels like we've jumped ahead to assuming that a browser API is how all credentials will be passed. 18:49:51 ... which formats are used needs to be part of the conversation 18:50:29 ... the threat model should consider the non-technical threats of allowing credentials to be passed anywhere that browsers are installed 18:51:07 ... more or less browser friction doesn't solve the legal problem, the Jevon's Paradox problem 18:51:41 q- 18:51:52 q+ 18:52:25 simone: The objective of the threat model is to understand the global threats 18:52:48 ... Also to understand the requirements, what are the privacy and security properties we need to protect 18:53:56 ack kdenhartog 18:54:27 aram: evaluative methods !== solving underlying problems, it's encouraging implementers to own their role in the rollout of technology in society 18:54:30 kdenhartog: We see that there are 2nd order effects that come into play when bringing in an API. 18:54:52 governments LOVE evaluative methods to tell them which levers and cudgels are worth reaching for 18:54:56 ... This ossifies the way that it should be done. 18:55:20 ... E.g. we've seen issues trying to take out cookies 18:56:35 ... How we're going to pass credentials in the browser defines and ossifies how we're going to share credentials. 18:56:44 q- 18:56:44 q? 18:56:48 ack simone 18:57:03 q+ 18:57:11 *simone we also need comment rights here: https://docs.google.com/presentation/d/1fvZ4aR5Q7ipoMRcrHnoJQ8aiiLJLC8UF/edit#slide=id.p1 18:57:26 simone: What can we do on different levels? 18:57:43 q? 18:57:43 ... (Asks the audience.) 18:57:48 ack kdenhartog 18:58:35 kdenhartog: We posit that this tech has been worked on for quite a long time and we wanted adoption when working in this space. 18:58:47 ... It wasn't until we left this space that there were social implications that come into play. 18:59:18 ... We've been able to limit the extent of the technology by limiting adoption. 18:59:35 ... Let this technology continue to grow on its own. 18:59:45 ... Once we have an understanding of the threat model, let it ossify. 18:59:53 ... Wait and see. Don't ossify now. 19:00:17 q? 19:00:19 ... Why are we certain that this is the correct time to design, when we haven't seen it adopted. 19:00:28 q+ to comment on mDL 19:01:05 Tony: mDL has an API, the goal of ISO was to find a more supported way of getting things out of the wallet 19:01:19 ... The interface is very specific about what you can get out of the wallet. 19:02:16 simone: While we wait... what can we do? 19:02:31 ... What would you (kdenhartog) like to see while we are waiting? 19:03:01 kdenhartog: We just wait. Is this the right time to move fast and break things? 19:03:12 ... We shouldn't be moving fast. Move slow and figure out the right answer. 19:03:30 ... If browser APIs are a form of ossification (like cookies) we shouldn't be moving fast. 19:03:41 q+ pam dingle is on the queue 19:03:48 q+ 19:03:54 q+ to put pam dingle is on the queue 19:04:28 simone: If I just wait, there might be a worse situation. While we wait, what should we be doing? 19:04:35 q+ pam 19:04:41 kdenhartog: As a browser, do nothing. For people in this space, iterate at the app level. 19:05:08 q+ nadalin 19:05:15 q+ John 19:05:24 q- 19:05:34 q? 19:05:56 rbyers: I previously agreed, but governments moved to advance this tech, we risk missing the boat because it was ossifying already. 19:06:09 ... Do we let it ossify, or engage now to try to improve it. 19:06:30 ... It's more responsible to accept that it is happening and engage. 19:06:43 ... Google will not legally be allowed to ignore it. 19:07:00 q+ 19:07:05 ... If we do nothing now, the W3C will be too late to do anything at all. 19:07:11 ack rby 19:07:15 ack dez 19:07:15 dezell, you wanted to comment on mDL 19:07:18 ack rbyers 19:07:48 dezell: I represent the convenience store industry. We've had to engage in age checking requirements. 19:08:15 ... Rejected mDL in the past, preferred Verifiable Credentials as it does not infect a data set 19:08:56 q? 19:09:03 ack greg 19:09:24 GregB: I come from VC perspective (application layer from your perspective). 19:09:49 q? 19:10:08 ... We're happy to help here and are working on new crypto standards for unlinkability. 19:10:20 q+ to push back on "decentralized versus federated" model a little 19:10:37 RRSAgent, draft minutes 19:10:38 I have made the request to generate https://www.w3.org/2024/09/25-credential-threats-minutes.html reillyg 19:10:50 q? 19:10:50 q+ 19:11:11 q? 19:11:12 GregB: We can help on these issues. 19:11:23 ack pam 19:11:31 Pam: I'm glad we're having this conversation. 19:11:51 ... Ossification of de-facto vs. an intentional design 19:12:00 q? 19:12:10 ack nad 19:12:14 ack Joh 19:12:41 John_Bradley: Speaking with my EUID wallet provider hat on. 19:13:20 ... The research and education community has been building its own wallet. 19:13:53 ... We are concerned that QR code system introduces security vulns 19:13:57 ... Working on better cross device 19:14:24 ... Also concerned about a JS API that only supported mdocs 19:14:47 ... People are involved in our project because they want to see a more privacy-preserving option 19:15:16 ... If we do nothing, 40% of the ecosystem will have an mdocs-only API 19:15:34 wes-smith has joined #credential-threats 19:16:02 ... There are a lot of things stopping us from delivering perfect solutions on day 1. 19:16:35 q+ tony 19:16:37 ... European Commission at least wants a unified solution for age verification. 19:16:58 ... How do we direct some of the energy happening in the government space in a better direction. 19:17:03 q? 19:17:11 Tony: There is already an mdoc browser API. 19:17:19 ... It doesn't solve cross-device. 19:17:39 ... ISO is looking for a browser API to solve that, but it opens up some different problems. 19:17:44 q? 19:18:10 RRSAgent, draft minutes 19:18:11 I have made the request to generate https://www.w3.org/2024/09/25-credential-threats-minutes.html reillyg 19:18:51 ack kdenhartog 19:19:05 Zakim, close the queue 19:19:05 ok, reillyg, the speaker queue is closed 19:19:43 kdenhartog: To use FedCM as an example, OpenID has existed for a long time and bow is the point where a browser API is coming into play. 19:19:52 s/bow/now/ 19:20:11 kdenhartog: If the goal is interoperability that is speeding up adoption and Jevon's Paradox. 19:20:47 ... We can make some decisions, like we've done in FedCM, but we're forcing decisions now. 19:21:06 ... We're going to determine the proper way of doing it by setting a browser API 19:21:35 ... mDLs haven't succeeded yet, so there isn't a good app-level design to turn into a browser API 19:21:35 q? 19:21:40 ack bumblefudge 19:21:40 bumblefudge, you wanted to push back on "decentralized versus federated" model a little 19:21:42 ack bum 19:22:04 bumblefudge: We shouldn't spend too much time on the speed up/down decision. 19:22:37 ... All the formats being compared here have different decentralization properties. 19:23:17 ... All of these layers aren't three-party models. 19:23:30 ... All of this has consequences for governments and regulators. 19:24:04 ... The evaluative questions matter as much as the threat model. 19:24:43 ... How you right an evaluative document can have more influence than API good/bad. 19:24:55 q? 19:25:00 ... Most important work is to evaluate the impact of the formats. 19:25:34 ... Governments would love that input from technical experts. 19:25:48 ack AramZS 19:25:52 ack ara 19:26:09 AramZS: It seems like there will be an increasing number of entities who feel they have to consume these credentials. 19:26:35 ... Consider whether consumers won't want to consume all the data in these credentials. 19:26:54 ... Then on the other hand consumers who want data that we don't want them to consume. 19:27:13 ... I don't want people to have to present their driver's license to prove they're human. 19:27:30 q? 19:27:38 ErikAnderson has left #credential-threats 19:27:39 ack Tony 19:27:46 RRSAgent, draft minutes 19:27:47 I have made the request to generate https://www.w3.org/2024/09/25-credential-threats-minutes.html reillyg 19:30:06 Geun-Hyung has left #credential-threats 20:18:30 wseltzer has joined #credential-threats 20:18:49 AramZS has joined #credential-threats 20:19:35 reillyg has left #credential-threats 20:50:37 AramZS has left #credential-threats 21:35:41 wseltzer has joined #credential-threats 21:36:57 AramZS has joined #credential-threats 21:51:23 xfq has left #credential-threats 23:02:42 wseltzer has joined #credential-threats 23:03:41 AramZS has joined #credential-threats