digital-credentials icon indicating copy to clipboard operation
digital-credentials copied to clipboard
verified publisher icon WICG

Security Considerations: Writing Introduction

Open simoneonofri opened this issue 6 months ago • 5 comments

Following @johannhof's excellent introduction to privacy, here is the section on security considerations, with various points raised by @Sh-Amir and @ZAnsaroudi.

In particular:

  • Use scenarios
  • External Dependencies
  • Assumptions

Lists of the threats, in progress

simoneonofri avatar Jun 12 '25 18:06 simoneonofri

@simoneonofri this is marked as both draft and awaiting review. Should we start reviewing?

timcappalli avatar Jun 12 '25 19:06 timcappalli

@marcoscaceres, thanks for the feedback. This is just the introduction section. Threats/mitigations are arriving.

We considered putting everything in one PR, but we thought doing smaller, more focused PRs would be more practical. Please let me know if you think there are more practical ways to talk about it.

simoneonofri avatar Jun 16 '25 01:06 simoneonofri

We considered putting everything in one PR, but we thought doing smaller, more focused PRs would be more practical. Please let me know if you think there are more practical ways to talk about it.

Yes please. I think this was a good start, but it showed that the approach was overly broad.

Let's please do focused PRs instead.

marcoscaceres avatar Jun 24 '25 05:06 marcoscaceres

@simoneonofri ok to close this?

marcoscaceres avatar Jul 02 '25 01:07 marcoscaceres

@marcoscaceres yes thank you, followup here https://github.com/w3c-fedid/digital-credentials/wiki/Security-Considerations-Section

simoneonofri avatar Nov 04 '25 17:11 simoneonofri