07:52:53 <RRSAgent> RRSAgent has joined #holistic-id
07:52:57 <RRSAgent> logging to https://www.w3.org/2025/11/12-holistic-id-irc
07:52:57 <breakout-bot> RRSAgent, do not leave
07:52:58 <breakout-bot> RRSAgent, this meeting spans midnight
07:52:58 <breakout-bot> RRSAgent, make logs public
07:53:00 <breakout-bot> Meeting: Identity Systems and Threats: Towards a Holistic View
07:53:00 <breakout-bot> Chair: Simone Onofri, patsc
07:53:00 <breakout-bot> Agenda: https://github.com/w3c/tpac2025-breakouts/issues/55
07:53:00 <Zakim> Zakim has joined #holistic-id
07:53:01 <breakout-bot> Zakim, clear agenda
07:53:01 <Zakim> agenda cleared
07:53:01 <breakout-bot> Zakim, agenda+ Pick a scribe
07:53:03 <Zakim> agendum 1 added
07:53:03 <breakout-bot> Zakim, agenda+ Reminders: code of conduct, health policies, recorded session policy
07:53:03 <Zakim> agendum 2 added
07:53:03 <breakout-bot> Zakim, agenda+ Goal of this session
07:53:06 <Zakim> agendum 3 added
07:53:06 <breakout-bot> Zakim, agenda+ Discussion
07:53:06 <Zakim> agendum 4 added
07:53:06 <breakout-bot> Zakim, agenda+ Next steps / where discussion continues
07:53:06 <Zakim> agendum 5 added
07:53:06 <breakout-bot> Zakim, agenda+ Adjourn / Use IRC command: Zakim, end meeting
07:53:06 <Zakim> agendum 6 added
07:53:06 <breakout-bot> breakout-bot has left #holistic-id
08:28:36 <tantek-projector> tantek-projector has joined #holistic-id
08:29:24 <koalie> koalie has joined #holistic-id
08:29:51 <npdoty> npdoty has joined #holistic-id
08:30:24 <tako> tako has joined #holistic-id
08:31:29 <koalie> present+ Coralie
08:31:54 <npdoty> present+
08:32:48 <ErikAnderson> ErikAnderson has joined #holistic-id
08:33:18 <ErikAnderson> present+
08:33:37 <denkeni> denkeni has joined #holistic-id
08:34:09 <rbyers> rbyers has joined #holistic-id
08:34:32 <simone> simone has joined #holistic-id
08:35:55 <simone> Patrick: I work for ETH Zurich, and we're going to discuss, like with Simone and Amir, we started talking at GDC and in SING, on how to extend the threat models
08:36:06 <hsano> hsano has joined #holistic-id
08:36:36 <alanbuxey> alanbuxey has joined #holistic-id
08:36:38 <simone> ... also becouse sometimes threat models cannot be sufficient, presenting the threat stack approach, and having a discussion on that
08:36:44 <alanbuxey> present+ Alan Buxey
08:37:05 <rbyers> present+
08:37:11 <tara> tara has joined #holistic-id
08:37:29 <denkeni> present+
08:37:30 <simone> ... identity systems are systems that we need to protect with potential security, privacy, and societal impact issues, with different attacks
08:38:00 <simone> ... we have the famous picture about dependicy problem for identity solutions
08:38:15 <simone> ... when the identity can make the all the systems collapsing
08:38:24 <simone> ... as it is a complex design space
08:38:31 <simone> ... with differnet use cases
08:38:47 <simone> ... e.g., health systems
08:38:51 <Kazue> Kazue has joined #holistic-id
08:39:16 <simone> ... we have also different stakeholder
08:39:25 <simone> s/stakeholder/stakeholders
08:39:34 <csarven> csarven has joined #holistic-id
08:39:35 <simone> ... e.g., issuers, users, verifiers
08:39:41 <csarven> present+
08:39:43 <simone> ... and differnt security tools
08:39:59 <simone> ... threat modeling, formal verification, game-based proofs
08:40:42 <Tatsuya> Tatsuya has joined #holistic-id
08:40:42 <Yasu_sony> Yasu_sony has joined #holistic-id
08:41:11 <simone> ... we have also different approaches, e.g., formal security proof, and threat models
08:41:47 <simone> ... in the crypto layer, we have game-based and crypto implementations
08:42:39 <simone> ... it is a quetion of trade-offs
08:42:47 <tako> present+
08:42:47 <ErikAnderson> ErikAnderson has joined #holistic-id
08:43:33 <simone> ... e.g., giving or not more freedom to the user
08:44:45 <simone> Caroline: this is why we mapped the identity systems components to identity threats on different levels and also security goals and maturity
08:45:41 <simone> ... base layer is the math foundations
08:46:19 <simone> ... e.g., P=NP :)
08:47:07 <tara> present+
08:47:19 <simone> ... we have also crypto primitives
08:47:38 <simone> ... on building blocks or assumptions (e.g., random numbers)
08:48:39 <simone> ... and on this layer we have different protections, then we have teh hardware and platform
08:49:43 <simone> ... there are some incident cases such as the seed extraction on trezor
08:50:03 <simone> ... going to the uppere layer we havec the communication protocols (specifications)
08:50:49 <simone> ... e.g., EMV credot card protocol bypassed
08:52:01 <simone> ... another layer is the role assignment
08:52:08 <simone> ... e.g., the attacks on BBS
08:53:12 <simone> ... then we have the layer of implementations
08:54:32 <simone> ... e.g., data leak on biometric data from police
08:54:41 <simone> ... an approach is viper
08:54:53 <simone> ... the top layer is UX, ecosystem and interoperability
08:55:15 <Kazue> Kazue has joined #holistic-id
08:55:19 <simone> ... e.g., users unaware of implications, misunderstanding
08:55:46 <simone> ... and attack is dusting attack
08:56:32 <simone> .... or the bug in the covid certification app
08:58:08 <simone> ... the idenitified threats can be evaluteds using impact*likelihood matrix
08:58:20 <simone> ... thus, risk management strategies
08:58:40 <simone> ... e.g., risk acceptance, risk transfer
08:59:02 <simone> ... and risk avoidance
08:59:24 <simone> ... and mitigation
08:59:57 <simone> ... one approach is reducing likelihood
09:00:42 <simone> ... but we need to look also at interactions within different layers
09:01:02 <simone> ... otherwise that can be wrong assumptions or vulnerabile protocols
09:01:52 <simone> ... on the ohter side, also different components on the same layer
09:02:05 <simone> ... interaction result is attacks
09:02:30 <simone> s/is attacks/in attack/
09:02:41 <simone> ... such as tehe Card Brand Mixup attack
09:03:25 <simone> Patrick: the threat stack can be adapted
09:04:35 <simone> ... layers can be splitted, consolidated, added or reordered
09:06:47 <simone> ... as it is required an holistic approach, not only looking risks at each layer
09:07:10 <simone> q?
09:07:26 <simone> ... happy to collect feedback and questions
09:07:57 <npdoty> q+ on holistic beyond traditional security
09:08:32 <simone> Manu: thank you for the presentation, is there a plan to apply this is digital credentials in W3C
09:08:34 <dwaite> dwaite has joined #holistic-id
09:08:44 <simone> Patrick: the idea is to use it as a landscape
09:09:16 <simone> ... and it can be used also for communication
09:09:29 <simone> q?
09:10:14 <simone> Manu: it does makes sense, i am concerned that we do some level on this, but hoping the researchers are also ineterested in looking inside some WGs
09:10:17 <simone> ... we need more people
09:10:24 <simone> ... to embed them in the groups
09:12:47 <simone> Patrick: we can talk with some researchers
09:12:47 <simone> Caroline: we are reasoning also on the concept related to the DC API in relation also to EUDI ARF
09:13:06 <tara> q?
09:13:08 <simone> Dan: +1 to manu
09:14:00 <simone> ... how we potentially lock down problems at spec level but the requirements... and shiting left can be useful
09:14:53 <simone> Caroline: yes, and security is sometimes a compromise
09:15:01 <simone> ack np
09:15:01 <Zakim> npdoty, you wanted to comment on holistic beyond traditional security
09:15:11 <manu_> manu_ has joined #holistic-id
09:15:24 <simone> Nick: thank you for the presentation, good to have an holistic view
09:15:24 <manu_> q?
09:16:53 <simone> ... as I am more on privacy, how you think about threats, such as the one for survelliance when a state can known when i use the credential on the web
09:17:29 <simone> Caroline: we captured this threat at UX/Interop level, but maybe we should solve it as a lower level
09:17:39 <manu_> q+
09:17:39 <simone> ... iterating on the problem
09:18:08 <simone> Patrick: you are also pointing on properties on the design phase?
09:18:19 <manu_> q+ dan
09:18:29 <simone> .... at fist we need to make them more explicit
09:18:38 <simone> ack dan
09:18:59 <simone> Dan: the specific threat, it is something we talked about in the TAG finding
09:19:24 <simone> ... on the abuse on credentials and we should work on this related to the standard
09:19:40 <simone> ... and a spec should NOT permit this
09:20:00 <simone> ... as we talked this morning in the human rights session
09:20:05 <simone> q
09:20:07 <simone> q?
09:21:11 <simone> Patrick: we have a discusssion in CH about the wallet that should be secure by design
09:22:07 <simone> Manu: +1 to work on this important problem. I don't know if we can address this at standard layer, but maybe on governance layer
09:22:15 <simone> ... that we should influence as an SDO
09:22:21 <npdoty> I'm not sure where to locate the responsibility. it doesn't seem like a usability problem.
09:23:50 <npdoty> we aren't trying to protect against hackers by using some unclear governance layer happening somewhere else
09:23:51 <simone> ... I am concerned on how to operationalize this, also to be part of the process
09:23:53 <JoeAndrieu> JoeAndrieu has joined #holistic-id
09:24:02 <JoeAndrieu> q+
09:24:29 <npdoty> q+ on interaction across layers
09:24:55 <simone> joe: the threat model and the sec consideration section are is the place to write these threats
09:25:04 <simone> ... this is when we operationalize it
09:25:08 <simone> q?
09:25:12 <simone> ack joe
09:25:13 <simone> ack manu
09:25:22 <simone> Dan: we can also use prompts in specs
09:25:32 <simone> q?
09:25:43 <simone> ... and use normative requirements
09:25:59 <simone> ... we should try
09:26:05 <simone> akc np
09:26:09 <simone> ack np
09:26:09 <Zakim> npdoty, you wanted to comment on interaction across layers
09:26:32 <ErikAnderson> ErikAnderson has joined #holistic-id
09:27:05 <hta> hta has joined #holistic-id
09:27:13 <hta> q?
09:27:28 <simone> npdoty: the point is how we can try to solve it, this is a challenge for the groups
09:28:04 <simone> Patrick: it is related to the gov layer
09:28:14 <simone> ... and we need this holistic approach
09:28:15 <npdoty> some people might be okay with risk acceptance, especially if the risk will primarily be borne by a marginalized group
09:29:01 <npdoty> npdoty: might be thrown off by the layer diagram, debating which individual layer can mitigate the risk. but actually need to coordinate between governance and spec design, rather than expecting either to handle it alone.
09:29:07 <simone> q+
09:29:56 <manu_> simone: To add one point -- often the source, layering of threats are located are on the government, we should consider them as a source of threats. With experience, they just defined the requirements and law and push people to write standards to feed the requirements -- user point of view, who is going to protect the user.
09:29:57 <manu_> q+
09:30:09 <manu_> q-
09:30:14 <simone> ack sim
09:30:32 <simone> Patrick: happy TPAC
09:30:43 <simone> RRSAgent, draft minutes
09:30:44 <RRSAgent> I have made the request to generate https://www.w3.org/2025/11/12-holistic-id-minutes.html simone
09:33:47 <koalie> present+ Patrick_Schaller, Carolin_Beer, Kohei_Watanabe, Takaachi_Nishioka, Takumi_Mouri, Hiroyuki_Sano, Natalia, Markus_Sabadello, Nour_Nabil, Yuichi_Morioka< Masashi_Hirano
09:33:53 <koalie> RRSagent, make minutes
09:33:54 <RRSAgent> I have made the request to generate https://www.w3.org/2025/11/12-holistic-id-minutes.html koalie
09:34:49 <koalie> present+ Manu_Sporny, DKA, Simone_Onofri, Marcos_Caceres, Joe_Andrieu, Osamu_Nakamura
09:34:52 <koalie> RRSagent, make minutes
09:34:53 <RRSAgent> I have made the request to generate https://www.w3.org/2025/11/12-holistic-id-minutes.html koalie
09:36:51 <koalie> koalie has left #holistic-id
09:37:25 <JoeAndrieu> JoeAndrieu has joined #holistic-id
09:43:23 <JoeAndrieu> JoeAndrieu has joined #holistic-id
09:53:07 <JoeAndrieu> JoeAndrieu has joined #holistic-id
10:07:02 <JoeAndrieu> JoeAndrieu has joined #holistic-id
10:23:09 <JoeAndrieu> JoeAndrieu has joined #holistic-id
10:42:01 <JoeAndrieu> JoeAndrieu has joined #holistic-id
11:01:31 <JoeAndrieu> JoeAndrieu has joined #holistic-id
11:06:26 <JoeAndrieu> JoeAndrieu has joined #holistic-id
13:50:12 <tidoust> tidoust has joined #holistic-id
13:50:15 <tidoust> RRSAgent, bye
13:50:15 <RRSAgent> I see no action items