alt Hacker NewsLast time my government tried that, they failed. [0]
You need to 100% trust those verification services. And considering their success rate [1], you shouldn't.
[0] https://thinkingcybersecurity.com/DigitalID/
[1] https://discord.com/press-releases/update-on-security-incide...
> You need to 100% trust those verification services.
First link - mitigation: use a well supported standard like OIDC, not a home-cooked scheme. Duh.
Second link - this is part of the problem such schemes as verifiable credentials are designed to address, random third parties collecting ID they don't need.
Yes, any system needs to be executed well. Neither of these really display that.