- From: John, Anil <anil.john@hq.dhs.gov>
- Date: Tue, 14 Nov 2023 18:00:26 +0000
- To: W3C Credentials Community Group <public-credentials@w3.org>
- Message-ID: <PH0PR09MB79771E5CA1716F0073FD82FDC5B2A@PH0PR09MB7977.namprd09.prod.outlook.com>
> shared definition of what capabilities a digital wallet must have >> Fundamentally, I do think we have defined these and they're represented within the data model pretty well. I guess this is where I am having a disconnect. I consider the work done to define how to secure the VCDM (using a variety of approaches) and the work being done on how to ensure that protocol interactions that move that data (model) around between issuers, holders, and verifiers are also secure, to be distinct and different from the work that needs to be done to understand and implement the security and privacy properties of the wallet itself. Some semi-random questions to drill down a bit into this: * Is the wallet storing the data locally on the device or is it storing it in the cloud? Does that have any impact on the attack surface exposed by the wallet? If so, how are they being mitigated? * Is wallet simply behaving like a filesystem that allows read/writes by anyone or is it implementing some manner of sealed storage capabilities? * Is the wallet leveraging the cryptographic primitives of the operating system or are those capabilities externalized? * Is the wallet using or able to use hardware storage of the platform or does it leverage a secure hardware storage mechanism in the cloud? I absolutely get the https://disco.xyz use case and the need to have a nuanced and thoughtful discussion so that we are not applying the same high assurance need/bar to all use cases, and I will also agree that many of the questions I ask above are related to high assurance use cases. But W3C VCDM usage is not just related to low assurance use cases but to all use cases, so limiting the conversation to only securing the payload and the pipes looks to be something that is very much a gap that exists. Given that for even low assurance use cases, you would need *some* level of confidence that you can have in the wallet that is distinct and different from the confidence in the pipe and the payload. >... push for that capability to be added to the web platform it will be a non starter To be clear, I am not pushing for anything at this time other than the need for a discussion to identify what the needs and capabilities *for wallets* are across the ecosystem AND to understand the options that exist or need to be exist to meet them. That would give a solid foundation and the language needed to those interested in the conversation to have an informed discussion, which could lead to identifying who needs to do what and/or their willingness or lack thereof to do it. Best Regards, Anil Email Response Time – 24 Hours or more; I sometimes send emails outside of business days/times because it works for me; please do not feel any obligation to reply to them outside of your normal working patterns.
Received on Tuesday, 14 November 2023 18:01:33 UTC