Skip to content

Security considerations on untrusted input #748

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
c2bo wants to merge 4 commits into
base: main
Choose a base branch
from
Open

Security considerations on untrusted input #748

Changes from all commits
Commits
Show all changes
4 commits
Select commit Hold shift + click to select a range
be56990
add security considerations on untrusted inputs
c2bo Jun 22, 2026
be6548f
add document history entry
c2bo Jun 22, 2026
59f456a
improve language
c2bo Jun 22, 2026
6d86655
Apply suggestion from @c2bo
c2bo Jun 23, 2026
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
13 changes: 12 additions & 1 deletion 1.1/openid-4-verifiable-presentations-1_1.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -1832,7 +1832,7 @@ While breaking changes to the specifications referenced in this specification ar

The security properties of the OpenID for Verifiable Credentials family of specifications have been formally analyzed, see [@secanalysis.openid4vc].

## Preventing Replay of Verifiable Presentations {#preventing-replay}
## Preventing Replay of Verifiable Presentations {#preventing-replay}

An attacker could try to inject Presentations obtained from (for example) a previous Authorization Response into another Authorization Response, thus impersonating the End-User that originally presented the respective Verifiable Presentation. Holder Binding aims to prevent such attacks.

Expand Down Expand Up @@ -1983,6 +1983,16 @@ these constraints. The Wallet is not controlled by the Verifier and the Verifier
MUST perform its own security checks on the returned Credentials and
Presentations.

## Parsing of untrusted inputs

Wallets MUST treat all incoming requests as untrusted input. To mitigate injection and resource exhaustion attacks, Wallets MUST implement input validation on the Authorization Request and its enclosed DCQL query.

@martijnharing martijnharing Jun 25, 2026

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Is there a schema definition available for the authorization request and DCQL query?


Wallets SHOULD implement the following steps:

* Enforce Schema Validation: Verify that the Authorization Request and DCQL query contain no malformed properties. Unknown parameters MUST be ignored.

* Apply Resource Limits: Enforce maximum length restrictions on strings, maximum depths for nested objects, and maximum item counts for arrays within the query.

# Privacy Considerations {#privacy-considerations}

Many privacy considerations are specific to the Credential format and associated proof type used in a particular Presentation.
Expand Down Expand Up @@ -3665,3 +3675,4 @@ The technology described in this specification was made available from contribut
* Clarified that Multi-RP-sig section means Verifier Info instead of attestations
* Updated origin examples to remove trailing slash
* Clarified that request_uri_method is a case-sensitive string
* add seecurity considerations on untrusted input
Loading