Identity and Verifiable Credential Risks

As part of an initial and ongoing governance process, Ecosystems must appropriately consider the risks affecting the set of transactions and credentials they are charged with governing.  The attached matrix identifies risks related to digital identity and verifiable credentials at all layers of the ToIP stack:

Risk Assessment List













RISKToIP LAYERTRUST AREAS AFFECTEDSEVERITYLIKELIHOODRISK IMPACTCONSIDERATIONS
Governance Authority Risks





Lack of competence to perform roleEcosystemGovernance


Need for experienced personnel, proper training and governance framework
Lack of sufficient policy and practicesEcosystemGovernance


Need for complete governance framework and feedback look
lack of consistency in operating practices of rolesEcosystemGovernance


Requires proper oversight and trust assurance mechanisms
Lack of accountability of roles in networkEcosystemGovernance


Requires proper oversight and trust assurance mechanisms
Lack of communication about governance practicesEcosystemGovernance


Requires appropriate communication channels
Lack of appropriate authorityEcosystemGovernance


Requires recognition and endorsement by relying parties
Ineffective bias in authorityEcosystemGovernance


Requires even representation, voting standards and non-discrimination practices
Lack of Relying Party recognitionEcosystemGovernance


Requires recognition and endorsement by relying parties
Ecosystem Lacks Jurisdictional AcceptanceEcosystemGovernance


Requires Mapping of Jurisdictional Regulation
Ecosystem Lacks Industry AcceptanceEcosystemGovernance


Requires Mapping of Industry Regulation
Ecosystem Issues Trust Marks Inappropriately or Without BasisEcosystemGovernance


Requires Adequate Trust Marks Policies
Ecosystem Allowing Inappropriate Actors to Participate in NetworkEcosystemGovernance


Requires Provider Evaluation and Acceptance Processes
Ecosystem Inappropriately Blacklisting or White Listing Other EcosystemsEcosystemGovernance


Requires Adequate Ecosystem Black and White Listing Processing
Issuer Risks





Credential Issued without sufficient basisData ExchangeData Integrity


Requires training, trust assurance practices and controlled practices
Credential Issued before appropriate proofing of basisData ExchangeData Integrity


Requires training, trust assurance practices, controlled practices and proper workflow
Credential Issued in the wrong format or structureData ExchangeData Integrity


Requires standard formats and formatting controls
Credential issued to impostorsData ExchangeSecurity


Requires Trusted Issuers, trust assurance practices
Credential Lacking UniquenessData ExchangeData Integrity


Requires Appropriate Credential Serialization
Credential Becoming ObsoleteData ExchangeData Integrity


Requires Appropriate Credential Validity Periods
Lack of Credential RevocationData ExchangeData Integrity


Requires Adequate Credential Status Checking Procedures
Identity Proofing Practices Inadequate for Level of AssuranceData ExchangeData Integrity


Requires Ecosystem Governance Conformance Procedures
Issuer Practices Not Accepted by Ecosystem EcosystemGovernance


Requires Issuer Practice Conformance Procedures
Issuer Operations UnavailableData ExchangeAvailability


Requires Network Redundancy Procedures
Verifier Risks





Lack of competence to perform roleData ExchangeGovernance


Requires training, trust assurance practices and controlled practices
Lack of consistent verification practicesData ExchangeData Integrity


Requires training, trust assurance practices and controlled practices
Missing verificationData ExchangeData Integrity


Requires training, trust assurance practices and controlled practices
Untimely verificationData ExchangeData Integrity


Requires time-based controls
Evidence of verification incomplete or in incorrect formatData ExchangeData Integrity


Requires standard formats and formatting controls
Verifier Practices Not Accepted by Ecosystem EcosystemGovernance


Requires Verifier Conformance Procedures
Suspended Credential Being AcceptedData ExchangeData Integrity


Requires Adequate Credential Suspension Processes
Revoked Credential Being AcceptedData ExchangeData Integrity


Requires Adequate Credential Status Checking Procedures
Man-In-The-Middle Attack During Legitimate VerificationData ExchangeSecurity


Requires Verifier Vulnerability Practices
Verifier Network UnavailableData ExchangeAvailability


Requires Network Redundancy Procedures
Credential Registry Risks





Lack of competence to perform roleData ExchangeGovernance


Requires training, trust assurance practices and controlled practices
Unavailable registryData ExchangeAvailability


Requires availability controls
Lack of appropriate access to registryData ExchangeSecurity


Requires appropriate access controls
Inappropriate access writes to registryData ExchangeData Integrity


Requires appropriate access management controls
Breach of registryData ExchangeSecurity


Requires appropriate security perimeter, breach detection and notification controls
Exploited Use of Stolen CredentialsData ExchangeData Integrity


Requires Adequate Breach Notification Processes
Credential Registry Not Accepted by Ecosystem EcosystemGovernance


Requires Credential Verifier Conformance Procedures
Audit Accreditor Risks





Insufficient vetting of auditor populationEcosystemGovernance


Requires training, and generally accepted auditor accreditor practices
Lack of competence to perform roleEcosystemGovernance


Requires training, and generally accepted auditor accreditor practices
Auditor Risks





Lack of competence to perform roleEcosystemGovernance


Requires training, sufficient experience and generally accepted auditor practices
Credential Holder Risks





Holder Threat of Litigation over IssuerData ExchangeConfidentiality


Proper Agreement in pace between Issuer and Holder detailing rights.
Counterfeit Credentials Being CreatedData ExchangeData Integrity


Requires Adequate Credential Non-Repudiation Practices
Lack of Binding Between Holder and CredentialData ExchangeData Integrity


Requires Adequate Wallet Protection Measures
Credential Holder Given Inappropriate Access RightsData ExchangeSecurity


Requires Adequate User Enrollment Processes
Imposter Using Valid CredentialData ExchangeSecurity


Requires Adequate Wallet Protection Measures
Credential Wallet Private Key is CompromisedData ExchangeSecurity


Requires Adequate User Wallet Protection Measures
Credential Holder's Private Data is CompromisedData ExchangePrivacy


Requires Adequate User Wallet Protection Measures
Lack of Portability of CredentialData ExchangeData Integrity


Requires Adequate Credential Interoperability Practices
Lack of Credential Federation Across EcosystemsEcosystemGovernance


Requires Adequate Credential Interoperability Practices
Exploited Private PIN Code CaptureData ExchangeConfidentiality


Requires Adequate Wallet Protection Measures
Social Engineering Attacks Successfully Gather Credentials by PerpetratorsData ExchangeSecurity


Requires Adequate Wallet Protection Measures
Provider Risk





Provider Software Does not Operate as IntendedProviderData Integrity


Requires Adequate Provider SDLC Processes
Provider Software Does Not Operate on User DevicesProviderData Integrity


Requires Adequate Provider SDLC Processes
Provider Code Updates Cause Operational IssuesProviderData Integrity


Requires Adequate Provider SDLC Processes
Provider System UnavailableProviderAvailability


Requires Adequate Provider Hardware Integration Practices 
Utility Risks





Inconsistent Steward Acceptance PracticesUtilityGovernance


Requires Adequate Utliity Steward Acceptance Practices
Stewards Not Abiding by Governance PracticesUtilityGovernance


Requires Adequate Steward Conformance Practices
Stewardship Not Available to Qualified ApplicantsUtilityGovernance


Requires Adequate Utliity Steward Acceptance Practices
Utility Not a Viable Going ConcernUtilityGovernance


Requires Adequate Utility Monitoring Practices
Utility Using an Ineffective Consensus ModelUtilityGovernance


Requires Adequate Utility Monitoring Practices
Utility Consensus Model Not Operating as Designed.UtilityGovernance


Requires Adequate Utility Monitoring Practices
Utility Charging Inaccurate Fees For ServiceUtilityGovernance


Requires Adequate Utility Monitoring Practices
Inadequate Number of Stewards for Consensus ProtocolUtilityGovernance


Requires Adequate Utility Monitoring Practices
Inadequate Infrastructure Supporting Steward OperationsUtilityAvailability


Requires Adequate Steward Conformance Practices
Inadequate Network Throughput Supporting Steward OperationsUtilityAvailability


Requires Adequate Steward Conformance Practices
Inadequate Network Availability Supporting Steward OperationsUtilityAvailability


Requires Adequate Steward Conformance Practices