SecAppDev 2025 lecture details
Verifiable Credentials: Concepts to Practice
A technical introduction to Verifiable Credentials, highlighting use cases, implementation lessons, interoperability profiles, and recent updates to the related specifications.
Monday June 2rd, 14:00 - 15:30
Room Lemaire
Abstract
This session introduces the core concepts of Verifiable Credentials (VCs) with a focus on OpenID for Verifiable Credentials (OpenID4VC) protocols, main credential formats (ISO mdoc and IETF SD-JWT VC). We’ll explore real-world use cases, key implementation lessons, and the role of interoperability profiles in enabling secure and scalable deployments. The talk also includes highlights challenges and design decisions across the identity tech stack and updates to different specifications driven by implementation feedback.
Key takeaway
Interoperability in the wallet model requires aligned choices across the stack that meet use case requirements in terms of UX, security, privacy, etc.
Content level
Introductory
Target audience
Developers, researchers, and architects exploring wallets, or verifiable credentials
Prerequisites
Familiarity with identity protocols (e.g., OAuth2, OpenID Connect) and public key cryptography
Join us for SecAppDev. You will not regret it!
Grab your seat now
Kristina Yasuda
Product Owner, SPRIND - German Federal Agency for Disruptive Innovation
Expertise: Decentralized Identity, Verifiable Credentials, Technical Standards
Join us for SecAppDev. You will not regret it!
Grab your seat nowRelated lectures
Germany’s EUDI Wallet Ecosystem Development
Deep-dive lecture by Kristina Yasuda in room West Wing
Tuesday June 3th, 16:00 - 17:30
Explore the architecture, governance, and real-world implementation of Germany’s EUDI Wallet ecosystem within the EU Digital Identity Framework.
Key takeaway: National-scale digital identity is built on both compliance and collaboration - Germany’s EUDI Wallet shows how strategy meets technical execution.
My Name Is Not Cassandra: AppSec and "I Told You So"
Advanced lecture by Izar Tarandach in room Lemaire
Wednesday June 4th, 16:00 - 17:15
Lack of authority, an outsider's view of the development process and a faulty language of risk. Are security practitioners fated to point at risk and not be heard?
Key takeaway: "Raw" security can be fun, but does not lead to change. We must adapt our ways in order to impact the environment we want to protect.
OpenAPI as a security tool, not just documentation
Deep-dive lecture by Philippe De Ryck in room Lemaire
Monday June 2rd, 16:00 - 17:30
OpenAPI specs are more than docs—they can drive API security. Learn how to use them in spec/code-first workflows to find vulnerabilities, guide audits, and power security tools for testing, attacks, and runtime protection.
Key takeaway: A well-crafted OpenAPI spec can uncover security issues, guide audits, and power tools for testing, making it a key asset in your API security strategy.