SecAppDev 2025 lecture details
Verifiable Credentials: Concepts to Practice
A technical introduction to Verifiable Credentials, highlighting use cases, implementation lessons, interoperability profiles, and recent updates to the related specifications.
Download handoutsMonday June 2nd, 14:00 - 15:30
Room Lemaire
Recording session on Tuesday June 3rd, 11:00 - 12:30
Room Heilige-Geesttafel
Abstract
This session introduces the core concepts of Verifiable Credentials (VCs) with a focus on OpenID for Verifiable Credentials (OpenID4VC) protocols, main credential formats (ISO mdoc and IETF SD-JWT VC). We’ll explore real-world use cases, key implementation lessons, and the role of interoperability profiles in enabling secure and scalable deployments. The talk also includes highlights challenges and design decisions across the identity tech stack and updates to different specifications driven by implementation feedback.
Key takeaway
Interoperability in the wallet model requires aligned choices across the stack that meet use case requirements in terms of UX, security, privacy, etc.
Content level
Introductory
Target audience
Developers, researchers, and architects exploring wallets, or verifiable credentials
Prerequisites
Familiarity with identity protocols (e.g., OAuth2, OpenID Connect) and public key cryptography
Kristina Yasuda
Product Owner, SPRIND - German Federal Agency for Disruptive Innovation
Expertise: Decentralized Identity, Verifiable Credentials, Technical Standards
Related lectures
Germany’s EUDI Wallet Ecosystem Development
Deep-dive lecture by Kristina Yasuda in room West Wing
Tuesday June 3rd, 16:00 - 17:30
Explore the architecture, governance, and real-world implementation of Germany’s EUDI Wallet ecosystem within the EU Digital Identity Framework.
Key takeaway: National-scale digital identity is built on both compliance and collaboration - Germany’s EUDI Wallet shows how strategy meets technical execution.
PKI and eIDAS
Introductory lecture by Bart Preneel in room Lemaire
Wednesday June 4th, 09:00 - 10:30
This talk covers PKI technologies, their role in web security, key failures and fixes (e.g., EV, pinning, transparency), and the impact of eIDAS 2.0 on EU PKI services and upcoming European Digital Identity Wallets.
Key takeaway: PKI is a core technology that are essential to secure large open systems; surprisingly, it is technically complex and presents governance challenges.
My Name Is Not Cassandra: AppSec and "I Told You So"
Advanced lecture by Izar Tarandach in room Lemaire
Wednesday June 4th, 16:00 - 17:15
Lack of authority, an outsider's view of the development process and a faulty language of risk. Are security practitioners fated to point at risk and not be heard?
Key takeaway: "Raw" security can be fun, but does not lead to change. We must adapt our ways in order to impact the environment we want to protect.