digital-credentials
digital-credentials copied to clipboard
WICG
Digital Credentials, like driver's licenses
From the TAG security and privacy questionnaire: what behavior do we want if the API is invoked from a disconnected document (like a same-origin iframe)? Probably just immediately fail, right?...
**_301 Moved Permanently_: The [updated version of the Threat Model](https://github.com/w3c-cg/threat-modeling/blob/main/models/decentralized-identities.md) is in the [Threat Model Community Group](https://www.w3.org/community/tmcg/) Repository** # Introduction ## Status of this document An outline of the many...
Should we have a common and interoperable definition of request types and their privacy properties?
We discussed in the last CG call how to handle registries, and I think we realized as a group that there are two layers here: the protocol layer (e.g. OpenID4VP)...
raised by @Sakurann among others: should we define a registry of types of credentials, which may have different sorts of privacy implications and necessary protections? It seems like a government-issued...
Under the new eIDAS regulation (EU Digital Identity Wallet), there is a mandate for mutual authentication between the Relying Party instance and the Wallet Instance during each attestation (credential) presentation....
In order to reduce harmful over-requesting of 3P attested information it would be useful to have a registry of origins allowed to request credentials. If the origin is not listed...
Many users, and all users initially, won't have any wallets installed on their device. Letting an app know if there are any wallets lets the app know if the user...
For those unfamiliar with [this principle](https://en.wikipedia.org/wiki/Robustness_principle#:~:text=In%20computing%2C%20the%20robustness%20principle,what%20you%20accept%20from%20others%22.), it boils down to > be conservative in what you do, be liberal in what you accept from others". It is often reworded as:...
Closes #86 by asserting scoping around matching, consent, and what is learned by a website and 3rd party software. *** Preview | Diff
The digital identity draft - https://wicg.github.io/digital-identities/ - does not specify whether the digital identity API should be callable from an Should there be a digital-identity-specific permission policy - which enables...
