Information

Mitigate Threats for Digital Credentials API: Episode III - Revenge of the Wallet
  • Past
  • Confirmed
  • Breakout Sessions

Meeting

Event details

Date:
Japan Standard Time
Status:
Confirmed
Location:
Floor 3 - 303
Participants:
Joel Antoci, Christian Biesinger, Arnar Birgisson, Rick Byers, Tim Cappalli, Denken Chen, Stephen Curran, Kevin Dean, Nick Doty, Zahra Ebadi Ansaroudi, Sam Goto, Yi Gu, Tatsuya HAYASHI, Johann Hofmann, Fershad Irani, Nishant Kaushik, Jay Kishigami, Eiji Kitamura, Christian Liebel, Emil Lundberg, Natalia Markoborodova, Stephen McGruer, Simone Onofri, SHUNJI OTSUKA, Daniel Pelegero, Nicolas Pena Moreno, Helen Qin, Hiroyuki Sano, Florian Scholz, Wendy Seltzer, Amir Sharif, Manu Sporny, Sami Tikkala, David Waite, Elaine Wooton, Paul Ziv
Big meeting:
TPAC 2025 (Calendar)

In the first episode we focused on high-level threats related to the Formal Objection received for the addition of the Digital Credentials API.

In the second episode, we discussed the presentation side, in particular how Digital Credentials API can differentiate between different presentation approaches (e.g., custom schemes and QR Codes).

In this third episode, we will discuss the new layered heart model in the presentation, and on how to derive the security consideration sections, then we'll prioritize threats - e.g., of Malicious Wallets during issuance or othres - to propose mitigations.

Agenda

Chairs:
Simone Onofri, Amir Sharif, Zahra Ebadi Ansaroudi

Description:
In the first episode we focused on high-level threats related to the Formal Objection received for the addition of the Digital Credentials API.

In the second episode, we discussed the presentation side, in particular how Digital Credentials API can differentiate between different presentation approaches (e.g., custom schemes and QR Codes).

In this third episode, we will discuss the new layered heart model in the presentation, and on how to derive the security consideration sections, then we'll prioritize threats - e.g., of Malicious Wallets during issuance or othres - to propose mitigations.

Goal(s):
DC API Security Consideration Section / Mitigation

Materials:

Minutes

 Read minutes

Export options

Personal Links

Please log in to export this event with all the information you have access to.

Public Links

The following links do not contain any sensitive information and can be shared publicly.

Feedback

Report feedback and issues on GitHub.