Orie Steele

@Sakurann The first part of what you wrote seems to be aligned with what I wrote. If the APIs this group designs do not transport credentials to wallets, but do...

Consider this hypothetical device response: - https://github.com/auth0-lab/mdl?tab=readme-ov-file#generating-a-device-response ```ts const document = await new Document('org.iso.18013.5.1.mDL') .addIssuerNameSpace('org.iso.18013.5.1', { family_name: 'Jones', given_name: 'Ava', birth_date: '2007-03-25', }) .useDigestAlgorithm('SHA-256') .addValidityInfo({ signed: new Date(), }) .addDeviceKeyInfo({...

You could probably build a nice local model that could manage disclosure risk based on pending presented claims. Would such a model consider disclosure of a driver's license number more...

under what threat model, does encrypting the response defend against? can we pose some hypothetical attacks?

I'd say that this principle applies to both directions. Website -> request to wallet -> learns nothing if consent is denied. Wallet -> accepts / responds to request -> browser...

This thread needs flow diagrams to be comprehensible. The use of the word "nonce" is also extremely ambiguous, because it could be random, signed or encrypted.

Can we see an example of this data structure in the context of the existing navigator APIs? I'd especially like to make sense of the multiple certs use case, in...

I can make a mermaid. How much detail are you looking for?

Here is a quick sketch... Obviously the method names would need to align to the webIDL. ```mermaid flowchart LR subgraph mobile_device credential_private_key credential_private_key --> public_key_credential subgraph public_key_credential[Mobile Driver's License] credential_public_key...

Perhaps a better diagram: https://github.com/WICG/digital-identities/blob/main/resources/IdentityCredentialAPI-Layering-2023.pdf Green arrows seem to be controlled by Chromium, Safari, Geko (Browsers) Purple arrows seem to be controlled by iOS and Android / Samsung. (Mobile OS)...