SecAppDev 2025 lecture details

Verifiable Credentials: Concepts to Practice

A technical introduction to Verifiable Credentials, highlighting use cases, implementation lessons, interoperability profiles, and recent updates to the related specifications.

Download handouts
Monday June 2nd, 14:00 - 15:30
Room Lemaire
Add to calendar (ICS) Add to Google calendar
Recording session on Tuesday June 3rd, 11:00 - 12:30
Room Heilige-Geesttafel
Add to calendar (ICS) Add to Google calendar
Identity
Cryptography
Governance
Abstract

This session introduces the core concepts of Verifiable Credentials (VCs) with a focus on OpenID for Verifiable Credentials (OpenID4VC) protocols, main credential formats (ISO mdoc and IETF SD-JWT VC). We’ll explore real-world use cases, key implementation lessons, and the role of interoperability profiles in enabling secure and scalable deployments. The talk also includes highlights challenges and design decisions across the identity tech stack and updates to different specifications driven by implementation feedback.

Key takeaway

Interoperability in the wallet model requires aligned choices across the stack that meet use case requirements in terms of UX, security, privacy, etc.

Content level

Introductory

Target audience

Developers, researchers, and architects exploring wallets, or verifiable credentials

Prerequisites

Familiarity with identity protocols (e.g., OAuth2, OpenID Connect) and public key cryptography

Join us for SecAppDev. You will not regret it!

Kristina Yasuda
Kristina Yasuda

Product Owner, SPRIND - German Federal Agency for Disruptive Innovation

Expertise: Decentralized Identity, Verifiable Credentials, Technical Standards

More details

Join us for SecAppDev. You will not regret it!

Related lectures

Germany’s EUDI Wallet Ecosystem Development

Deep-dive lecture by Kristina Yasuda in room West Wing

Tuesday June 3rd, 16:00 - 17:30

Explore the architecture, governance, and real-world implementation of Germany’s EUDI Wallet ecosystem within the EU Digital Identity Framework.

Key takeaway: National-scale digital identity is built on both compliance and collaboration - Germany’s EUDI Wallet shows how strategy meets technical execution.

Identity
Cryptography
Governance

PKI and eIDAS

Introductory lecture by Bart Preneel in room Lemaire

Wednesday June 4th, 09:00 - 10:30

This talk covers PKI technologies, their role in web security, key failures and fixes (e.g., EV, pinning, transparency), and the impact of eIDAS 2.0 on EU PKI services and upcoming European Digital Identity Wallets.

Key takeaway: PKI is a core technology that are essential to secure large open systems; surprisingly, it is technically complex and presents governance challenges.

Cryptography
Governance

My Name Is Not Cassandra: AppSec and "I Told You So"

Advanced lecture by Izar Tarandach in room Lemaire

Wednesday June 4th, 16:00 - 17:15

Lack of authority, an outsider's view of the development process and a faulty language of risk. Are security practitioners fated to point at risk and not be heard?

Key takeaway: "Raw" security can be fun, but does not lead to change. We must adapt our ways in order to impact the environment we want to protect.

Application Security
Governance
all workshops all lectures

SecAppDev offers the most in-depth content you will find in a conference setting