Re: mDL app = wallet app

On Thu, Oct 16, 2025 at 6:40 PM Jeffrey Yasskin <jyasskin@google.com> wrote:
> As Adam Langley argued for WebAuthn, if websites can restrict the wallet apps they work with, that's likely to prevent new wallet apps from entering the market. It'll also prevent users from using a minority OS of their choice, might require users to have several wallet apps to satisfy the conflicting requirements of the various apps they use, and might prevent users from choosing the best wallet app for their needs.

Yes, exactly. Wallet attestation is, on the whole, an anti-pattern and
has no place in an open ecosystem. Some of us in the VCWG have said
that repeatedly, and I'm concerned that these objections are being
ignored. It is a security issue, it is an open market competition
issue, it's government overreach, it's a scalability issue, and in
many cases, it's security theatre.

I'll also note that Tom's summary of the conversation we had in the
Credentials Community Group Incubation call isn't an accurate summary
of the discussion. The full transcript can be found here:

Discussion starts at 16 minutes into the video recording:
https://meet.w3c-ccg.org/archives/w3c-ccg-ccg-incubation-2025-10-15.mp4

The text transcript is here (search for "00:15:00"):
https://lists.w3.org/Archives/Public/public-credentials/2025Oct/0028.html

The arguments are in the video recording and transcript, so I won't
repeat them here.

I do think the issue needs to be written up more formally. We thought
this bad idea would die on the vine, but it looks like this is headed
to a bad place w/o an intervention of some kind. Perhaps some of us
can get together at W3C TPAC to hammer out a plan forward that doesn't
lead to the dangers that Jeffrey is speaking to; others in the
community have the same concerns.

-- manu

-- 
Manu Sporny - https://www.linkedin.com/in/manusporny/
Founder/CEO - Digital Bazaar, Inc.
https://www.digitalbazaar.com/

Received on Friday, 17 October 2025 01:12:21 UTC