digital-credentials
digital-credentials copied to clipboard
WICG
Digital Credentials, like driver's licenses
When calling `.get()`, we need to check: * origin is opaque origin? Throw SecurityError. * is the effective domain a valid domain? no, then throw SecurityError. As with Web Auth,...
From discussion in F2F meeting today, we have a few goals: - No silent information disclosure (eg. can't reveal no matching credential as distinct from user cancelled) - Developers have...
As came up in #71, "providers" might not be the most clear member name to use: @timcappalli [proposed](https://github.com/WICG/digital-credentials/pull/71#issuecomment-2260675780): ```WebIDL dictionary DigitalCredentialRequestOptions { sequence presentationRequests; }; ``` I'd be ok with...
When ingesting any presentation format, presumably there will be a set of requirements/constraint that need to be satisfied. For example, expected_origins in OpenID4VP: > expected_origins: REQUIRED when signed requests defined...
The spec is currently missing a model for dealing with subsequent call to get() (i.e., subsequently calling `.get()`). We have two options. A subsequent call to get(): 1. aborts the...
We currently have an over-reliance on NotAllowedError (particularly in Cred Man). This makes things a bit more distinguishable (for interop testing), and lets developers know a bit more about what's...
When building a privacy model, selective disclosure is a key feature of the lower protocols and formats being used by this API. However, the properties of that selective disclosure are...
The term "selective disclosure" covers a range of sins, but when it comes to use in the browser, the most interesting is perhaps the use of zero-knowledge proofs, which can...
The [`CredentialRequestOptions`](https://w3c.github.io/webappsec-credential-management/#dictdef-credentialrequestoptions) dictionary provides [CredentialMediationRequirement](https://w3c.github.io/webappsec-credential-management/#enumdef-credentialmediationrequirement) [mediation](https://w3c.github.io/webappsec-credential-management/#dom-credentialrequestoptions-mediation) that defaults to "optional". The other possible values are: - ["silent"](https://w3c.github.io/webappsec-credential-management/#dom-credentialmediationrequirement-silent), - ["optional"](https://w3c.github.io/webappsec-credential-management/#dom-credentialmediationrequirement-optional), - ["conditional"](https://w3c.github.io/webappsec-credential-management/#dom-credentialmediationrequirement-conditional), - ["required"](https://w3c.github.io/webappsec-credential-management/#dom-credentialmediationrequirement-required) I think that any call to `.get()`...