As verifiable credentials are adopted at scale in ecosystems around the world, addressing security and privacy challenges is becoming increasingly important. In this talk, I will discuss some of the most pressing issues around protocols and credential formats and how they can — or cannot — be addressed.
Using the OpenID and IETF specifications as examples, I will discuss the challenges of establishing trust, mitigating replay and phishing attacks, avoiding linkability and tracking, securing cross-device flows, addressing confidentiality and (non-)repudiation, and more. While some of these issues are well known in identity protocols, others only arise in the context of verifiable credentials.
As an editor of the OAuth Security Best Current Practice draft, the Cross-Device Flow Best Current Practice draft, the SD-JWT and SD-JWT VC specifications, and a contributor to many other specifications in this area, I will share my experiences and insights from moving from the world of OAuth and OpenID to the world of verifiable credentials.
Home
Agenda
Reasons to Attend
Why you can't afford to miss it
Agenda Overview
Check out the sessions
Continuing Professional Education
Earn your CPE credits
EIC Awards 2024
Submit your nomination
River Cruise
Join us on the Spree
Speakers
See the complete line-up
Event
Tickets
Find out about ticket options and pricing
Blog
Read the latest news and updates
Travel and Accommodation
Check out hotels nearby
Location
Learn more about local highlights
FAQ
Your questions answered
Sponsors
