Threat Model for Decentralized Credentials

W3C Group Note Draft,

More details about this document
This version:
https://www.w3.org/TR/2026/DNOTE-threat-model-decentralized-credentials-20260618/
Latest published version:
https://www.w3.org/TR/threat-model-decentralized-credentials/
Editor's Draft:
https://w3c.github.io/threat-model-decentralized-credentials/
Previous Versions:
History:
https://www.w3.org/standards/history/threat-model-decentralized-credentials/
Feedback:
public-security@w3.org with subject line “[threat-model-decentralized-credentials] … message topic …” (archives)
GitHub
Editors:
Simone Onofri (W3C)
Amir Sharif (FBK)

Abstract

This document is a living threat model for decentralized credentials. It records security, privacy, and harms-related concerns across the ecosystem and identifies initial principles for discussion and future analysis.

Status of this document

This section describes the status of this document at the time of its publication. A list of current W3C publications and the latest revision of this technical report can be found in the W3C standards and drafts index.

This Group Note Draft is endorsed by the Security Interest Group, but is not endorsed by W3C itself nor its Members.

To provide feedback regarding this specification, the preferred method is using GitHub. It is free to create a GitHub account to file issues. A list of issues filed as well as archives of previous mailing list public-security@w3.org (archive) discussions are publicly available.

This document was published by the Security Interest Group as a Group Note Draft using the Note track.

Group Draft Notes are not endorsed by W3C nor its Members.

This is a draft document and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to cite this document as other than a work in progress.

The W3C Patent Policy does not carry any licensing requirements or commitments on this document.

This document is governed by the 18 August 2025 W3C Process Document.

1. Introduction

1.1. Scope

Digital identity is a broad topic. This threat model starts with a narrower scope: decentralized credentials related to people, especially high-assurance credentials such as government-issued credentials. It focuses on Layer 3: "Credentials", and more specifically on the credential-presentation phase, as described by the SSI Technology Stack from ToITP, the DIF FAQ, and the Identity & the Web Report:

decentralized identity layers

The immediate need arose in W3C discussion of the possible adoption of the Digital Credentials API by the Federated Identity Working Group. That API would allow user agents to mediate communication between a website that requests evidence and the user’s wallet. The discussion also identified the need for a broader model that analyzes security, privacy, and human-rights concerns across the relevant layers.

This threat model is a living document. It can be expanded to include other parts of the architecture or different levels of detail, such as the cryptographic properties of a specific profile or the broader governance context in which credentials are issued and used.

This generic model identifies security, privacy, and harms-related properties that can later be carried into a concrete architecture, profile, or implementation.

The document is intended to support a shared analysis. It starts from the Digital Credentials API at a high level and uses that starting point to discuss how decentralized credentials can be developed in a security- and privacy-preserving way while avoiding harm.

1.1.1. Terminology

This document uses the definition of identity from ISO/IEC 24760-1:2019, "IT Security and Privacy - A framework for identity management".

Identity is "a set of attributes related to an entity". An entity is something "that has recognizably distinct existence", and can be "logical or physical", such as "a person, an organization, a device, a group of such items, a human subscriber to a telecom service, a SIM card, a passport, a network interface card, a software application, a service or a website". Attributes are "characteristics or properties", such as "an entity type, address information, telephone number, a privilege, a MAC address, a domain name".

We present credentials to claim a certain identity, whether in the physical or digital world. Just as we do not have a one-size-fits-all definition of identity, we also do not have a one-size-fits-all definition of credentials in IT, as they vary by context.

The credential definition from the W3C Verifiable Credentials Data Model (VCDM) states: a "set of one or more claims made by an issuer". Its framing is in the decentralized identity model, and this document maps the ISO’s attributes to VCDM claims.

For example, a person’s characteristics can include physical appearance, voice, beliefs, and habits. Identity is distinct from an identifier, such as a username.

Digital credentials are often discussed in relation to people, particularly government-issued credentials or "real-world identities". They can also be used for non-human identities.

For that reason, this threat model also considers privacy as a right and harms as part of the analysis.

1.3. Methodology

Security can be understood as a separation function between an asset and a threat. In this document, a threat may have security, privacy, or harms-related effects.

There are many approaches to threat modeling. This document uses Adam Shostack’s four-question frame as the organizing structure:

The central phases use prompt lists and analysis frameworks as aids for finding issues, not as exhaustive taxonomies. Useful sources include:

This analysis also uses OSSTMM. OSSTMM controls help identify what can go wrong, such as a missing control or a control that fails in context.

Although OSSTMM is control-oriented and often reads as security-oriented, privacy can be treated as an operational control that connects different parts of the model.

1.4. Channel and Vector

OSSTMM analyses define a channel and a vector.

This model uses the COMSEC Data Networks channel and the Internet/Web vector.

Although different digital credentials may use different channels or vectors (e.g., Wireless), they can still be analyzed similarly.

2. Analysis

2.1. What are we working on?

This threat model first identifies the components of the decentralized identity architecture, which in this context is used as a synonym for self-sovereign identity, as defined in the W3C Verifiable Credentials Data Model, and how they interact.

2.1.1. Architecture and Actors

Decentralized Identity Model

Interactions between actors typically occur through software or other technological components. This document refers to those components as Agents. One agent might be embedded in a Wallet, the component that contains the Holder’s credentials. Another might be a browser, which is a user agent.

2.1.2. Flows

The model considers three general flows, with four "ceremonies" where the actors interact.

The flow stops here, but deployments can continue it in several ways. For example, the Holder receives credentials from an Issuer and uses them to identify themselves to a Verifier to buy a physical object or a ticket to an event. The Verifier could then become an Issuer to issue a certificate of authenticity for the object, or issue the ticket directly into the Holder’s Wallet.

2.1.3. Trust and Trust Boundaries

Trust is a key element in threat modeling. In fact, in OSSTMM, it is an element of privileged access to the asset, which, when trusted, lowers various operational controls.

At the Process level, trust relationships are:

At the Software level, Trust boundaries are documented in the Data Model in section 8.2:

However, from a threat modeling perspective, the Issuer, Verifier, and Holder are external entities, so there are trust boundaries between them. This makes sense and is also why we have the concept of (crypto) verification.

2.1.4. Data Model, Formats, Protocols

To model Decentralized Identities and Credentials, it is possible to use them as a high-level meta-model using Verifiable Credentials documentation (the list of technologies is partial; feel free to extend):

2.1.5. Assets

Assuming that the main asset is the credential and information derived during its life cycle, this model uses the three privacy properties defined by Ben Laurie as a starting point:

These properties were defined in a very specific case of Decentralized Identities. Those related to people, and, more specifically, those issued by governments, are based on the concept of Privacy for the protection of the Holder.

The Minimal and Unlinkable properties primarily protect the Holder. The Verifiable property is relevant to all actors. Verifiable means that the Verifier can confirm who issued the credential, that it has not been tampered with, has not expired or been revoked, contains the required data, and may be associated with the Holder.

This threat model starts with government-issued credentials for people because that use case exposes many of the relevant security, privacy, and harms-related tensions.

Minimization and Unlinkability are generally interrelated: the less data a Holder discloses, the less data can be linked. They need to coexist with Verifiability. For example, checking whether a credential has been revoked may require contacting the Issuer or a service that maintains revocation information, but that approach can also make the credential linkable.

2.1.5.1. Minimization Scale

The following scale helps qualify Minimization:

2.1.5.2. Unlinkability Scale

The Nymity Slider helps qualify Unlinkability by classifying credentials as:

One possible response is to move the design toward Unlinkable Anonymity where the credential properties and use case allow it.

2.2. What can go wrong?

After identifying the assets and properties, the model identifies who can affect them.

2.2.1. Threat Actors

Protecting the Holder is a central concern. A conservative model treats each actor as a possible threat actor to the others:

Holder, Issuer, Verifier, and their agents/software components (e.g., Browser, Wallet, Websites). Each actor can threaten the others, and an actor can also create threats for itself (e.g., Alert fatigue).

In addition, although there are trust relationships between the various actors and their software (which hold across the various steps), such software can also be malicious. It can track Holders, the type of credential they have, and how and where they use it through telemetry and statistical collection, and it can influence user choices.

The analysis also needs to consider a possible external threat actor, who could also be an observer or use active techniques, and who wants to track the three main actors or their agents, such as Marketers, Data brokers, Stalkers, Identity thieves, intelligence and law enforcement agencies (laws often constrain them), and OSINT investigators.

The model also considers combinations of actors, such as multiple Verifiers acting together or an Issuer and Verifier collaborating to track the Holder.

2.2.2. Evil user stories

Using this model, the following Evil User Stories can be used as starting points:

2.2.3. Finding the Threats

One effective, though inefficient, approach to threat modeling is to cycle through the lists of threats and attacks, controls, and objectives in a brainstorming session to assess how they may affect architecture components, actors, assets, and the overall flow. Using multiple frameworks may result in some elements being repeated.

2.2.3.1. Ben’s Privacy Properties (Objectives)
2.2.3.2. LINDDUN (Threats)
2.2.3.3. RFC 6973 (Threats)
2.2.3.4. RFC 3552 (Attacks)
2.2.3.5. STRIDE (Threats)
2.2.3.6. OSSTMM (Controls)
2.2.3.7. Responsible Innovation (Harms)

2.2.4. Other Threats and Harms

2.2.4.1. Government-issued credentials

For government credentials issued to people, the following use cases illustrate additional threats:

2.2.4.2. Credentials used for authentication

Another scenario is the use of a credential for authentication:

Other threats to consider:

2.2.4.3. Societal Threats

Other threats to consider as specified in the Team report on Federated Identity Working Group Charter Formal Objection - Adding Digital Credentials API:

2.2.4.4. Socio-technical Threats

This section records results from a threat modeling activity that combined cards derived from A Framework for Institutional and Technical Harm Prevention Inspired by Microsoft’s Harms Modeling with LEGO SERIOUS PLAY. The activity was applied in a series of workshops analyzing decentralized identity in the context of national digital identity systems.

A key finding is that the analysis should not just look at individual threats. It needs to consider their context and how they connect. For example, constraining how a person can present identity, making enrolment effectively compulsory, or tying access to a single official wallet path can create conditions for additional downstream threats.

This section captures those relations as connected threats. While not every deployment follows the same pattern, these threats should not be viewed as isolated events. In government-issued digital credential systems, it is more useful to view them as part of a propagation path, similar to a "kill-chain" model. Different patterns were identified:

A system may look secure and privacy-preserving at one interface and still produce an adverse social impact if it normalizes forced enrolment, persistent correlation, discriminatory classification, or exclusion from the channels through which social, civic, or economic life is conducted.

For that reason, connected threats are an additional analytical layer. They do not replace security or privacy analysis. They make visible how local design choices accumulate.

These workshop outputs suggest that threat modeling for decentralized credentials should account for propagation across layers: from credential design, to wallet and issuer behaviour, to governance choices, to participation conditions.

Single threats are:

2.3. What are we going to do about it?

Potential responses and features: