W3C home > Mailing lists > Public > public-credentials@w3.org > May 2019

Re: committing fraud with credentials

From: Daniel Hardman <daniel.hardman@evernym.com>
Date: Tue, 14 May 2019 23:48:22 -0600
Message-ID: <CAFBYrUrGF0WEeT5goAugnZBD77Nm5ntfEpNm3QZXFSXRcdMjUQ@mail.gmail.com>
To: Credentials Community Group <public-credentials@w3.org>
Since I announced this effort to attack the problem of credential fraud in
a methodical way, I've had numerous people ask how they can help or
participate. I've also learned about some efforts spinning up in other
places. It's a little bit challenging to draw all the disparate threads
together. I thought it would be useful to at least create a mailing list
where the conversation could take place publicly, with an archive. So I've
done that: credential-fraud-study@googlegroups.com. Feel free to join the
group or pass its address along to colleagues that you think would be

If we get some meaningful momentum, perhaps the CCG would like to be more
formally involved. Let's see what headway we start to make.

On Wed, May 8, 2019 at 1:39 PM Daniel Hardman <daniel.hardman@evernym.com>

> At IIW last week, Rouven Heck called a session to explore the topic of
> committing fraud with link secrets. This was a very interesting session,
> and I think it generated some new knowledge and a set of follow-on topics.
> I then called a follow up session on the broader topic of committing fraud
> with credentials in general--both ZKP- and non-ZKP-based. We had a number
> of smart minds in the room, including good representation from the CCG's
> own Daniel Burnett.
> I intend to pursue this topic in greater detail. In the second IIW
> session, we began to create a matrix that lists particular attack scenarios
> as rows, and that shows remediations for particular credential types as
> columns. It is still quite sparse, but already has important info in it.
> Anybody can comment on the spreadsheet
> <https://docs.google.com/spreadsheets/d/1HALoNgZ7GTogw324squ7LRL4unfLSmPH_8B1ibxCQgE/edit#gid=0>;
> if you want edit access, ping me.
> I intend to pursue this topic more carefully, and hope to produce some
> kind of a whitepaper about it. If people would like to collaborate, let me
> know. We could do this under the auspices of the CCG, as an official work
> item, but I am not specifically proposing that here. I will probably
> publish something under my own name regardless.
> --Daniel
Received on Wednesday, 15 May 2019 05:48:56 UTC

This archive was generated by hypermail 2.4.0 : Thursday, 24 March 2022 20:24:54 UTC