Improving Identity Management with W3C Verifiable Credentials presented at OWASPNewZealandDay 2020

by David Chadwick,

Summary : The W3C Verifiable Credentials Data Model was published as a Proposed Recommendation in September 2019, and it places the user at the centre of identity eco-systems.Users receives their VCs from issuers, they store their VCs locally in digital wallets on their devices, and then present their VCs to service providers when required, in order to access its protected resources.VCs are privacy protecting: they support selective disclosure and least privileges, and they make it much easier for issuers and service providers to comply with GDPR.This presentation will introduce the concept of VCs to the audience, and show how they overcome many of the deficiencies in today’s federated identity management systems. The presentation will also show how VCs can be combined with the W3C Web Authentication recommendation (FIDO2) in order to provide strong authentication and strong authorisation on the web. Our implementation completely removes the need for usernames and passwords, thereby making identity management systems more secure and less susceptible to identity theft.