Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Mitigate Threats for Digital Credentials API #98

Open
simoneonofri opened this issue Sep 16, 2024 · 3 comments
Open

Mitigate Threats for Digital Credentials API #98

simoneonofri opened this issue Sep 16, 2024 · 3 comments
Assignees
Labels
session Breakout session proposal

Comments

@simoneonofri
Copy link

simoneonofri commented Sep 16, 2024

Session description

This is an interactive session to understand how to mitigate a number of specific threats identified during the Federated Identity Working Group's recharter review for the addition of the Digital Credentials API:
a. Perpetuates sharing of personal data by making it more available via a browser API
b. Increased centralization through subtle tradeoffs
c. Content will be moved from the deep web to the “attributed deep web”
d. Exchanges user agency for greater compliance and convenience

This breakout is intended to be a collaborative, working session. The focus will be on gaining consensus on the mitigations.

Session goal

This breakout is intended to be a collaborative, working session. The focus will be on gaining consensus on the mitigations.

Additional session chairs (Optional)

No response

Who can attend

Anyone may attend (Default)

IRC channel (Optional)

#credential-threats

Other sessions where we should avoid scheduling conflicts (Optional)

#49, #12, #73, #93

Instructions for meeting planners (Optional)

Request a UTC-friendly time slot.

Agenda for the meeting.

Slides

Links to calendar

Meeting materials

@simoneonofri simoneonofri added the session Breakout session proposal label Sep 16, 2024
@tpac-breakout-bot
Copy link
Collaborator

Thank you for proposing a session!

You may update the session description as needed and at any time before the meeting, but please keep in mind that tooling relies on issue formatting: follow the instructions and leave all headings and other formatting intact in particular. Bots and W3C meeting organizers may also update the description, to fix formatting issues or add links and other relevant information. Please do not revert these changes. Feel free to use comments to raise questions.

Do not expect formal approval; W3C meeting organizers endeavor to schedule all proposed sessions that are in scope for a breakout. Actual scheduling should take place shortly before the meeting.

@simoneonofri simoneonofri changed the title Solving Threats for Digital Credentials API Mitigate Threats for Digital Credentials API Sep 16, 2024
@simoneonofri simoneonofri self-assigned this Sep 25, 2024
@bumblefudge
Copy link

heh, the poor scribe trying to jot down the core argument of my scattered thoughts had to boil them down a bit-- hopefully there will be time to write out more cogent thoughts in future documents. i'm not entirely clear on whether this is a work item for the Threat Modeling WG or the FedID group-- either way my offer to contribute stands but a little herding through the w3c system to get the relevant meetings on my calendar would be appreciated!

@simoneonofri
Copy link
Author

Hi @bumblefudge,

first of all, thank you very much for taking the notes. Much appreciated.

For the next steps:

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
session Breakout session proposal
Projects
Status: No status
Development

No branches or pull requests

3 participants