From Specification to Deployment: Empirical Evidence from a W3C VC + DID Trust Infrastructure for Autonomous Agents

Autonomous AI agents now transact at production scale -- 69,000 bots executing 165 million transactions across 50 million USDC in cumulative volume on a single marketplace -- without any shared trust layer between participants. Regulatory frameworks Singapore IMDA, NIST CAISI, EU AI Act and major...

AIAuditTrack: A Framework for AI Security System

The rapid expansion of AI-driven applications powered by large language models has led to a surge in AI interaction data, raising urgent challenges in security, accountability, and risk traceability. This paper presents AiAuditTrack AAT, a blockchain-based framework for AI usage traffic recording...

EUVD-2024-0310

Malicious code in bioql PyPI...

Fortifying the Agentic Web: a Unified Zero-Trust Architecture against Logic-Layer Threats

This paper presents a Unified Security Architecture that fortifies the Agentic Web through a Zero-Trust IAM framework. This architecture is built on a foundation of rich, verifiable agent identities using Decentralized Identifiers DIDs and Verifiable Credentials VCs, with discovery managed by a...

Identity and Access Management for the Computing Continuum

The computing continuum introduces new challenges for access control due to its dynamic, distributed, and heterogeneous nature. In this paper, we propose a Zero-Trust ZT access control solution that leverages decentralized identification and authentication mechanisms based on Decentralized...

Compact and Selective Disclosure for Verifiable Credentials

Self-Sovereign Identity SSI is a novel identity model that empowers individuals with full control over their data, enabling them to choose what information to disclose, with whom, and when. This paradigm is rapidly gaining traction worldwide, supported by numerous initiatives such as the European...

A Novel Zero-Trust Identity Framework for Agentic AI: Decentralized Authentication and Fine-Grained Access Control

Traditional Identity and Access Management IAM systems, primarily designed for human users or static machine identities via protocols such as OAuth, OpenID Connect OIDC, and SAML, prove fundamentally inadequate for the dynamic, interdependent, and often ephemeral nature of AI agents operating at...

Proof-Of-Social-Capital: Privacy-Preserving Consensus Protocol Replacing Stake for Social Capital

Consensus protocols used today in blockchains often rely on computational power or financial stakes - scarce resources. We propose a novel protocol using social capital - trust and influence from social interactions - as a non-transferable staking mechanism to ensure fairness and decentralization...

Capability-Based Multi-Tenant Access Management in Crowdsourced Drone Services

We propose a capability-based access control method that leverages OAuth 2.0 and Verifiable Credentials VCs to share resources in crowdsourced drone services. VCs securely encode claims about entities, offering flexibility. However, standardized protocols for VCs are lacking, limiting their...

Access Control for Data Spaces

Data spaces represent an emerging paradigm that facilitates secure and trusted data exchange through foundational elements of data interoperability, sovereignty, and trust. Within a data space, data items, potentially owned by different entities, can be interconnected. Concurrently, data consumer...

CVE-2024-21669

Hyperledger Aries Cloud Agent Python ACA-Py is a foundation for building decentralized identity applications and services running in non-mobile environments. When verifying W3C Format Verifiable Credentials using JSON-LD with Linked Data Proofs LDP-VCs, the result of verifying the presentation...

Design/Logic Flaw

Ursa is a cryptographic library for use with blockchains. The revocation schema that is part of the Ursa CL-Signatures implementations has a flaw that could impact the privacy guarantees defined by the AnonCreds verifiable credential model, allowing a malicious holder of a revoked credential to...

GHSA-R78F-4Q2Q-HVV4 CL-Signatures Revocation Scheme in Ursa has flaws that allow a holder to demonstrate non-revocation of a revoked credential

Summary The revocation schema that is part of the Ursa CL-Signatures implementations has a flaw that could impact the privacy guarantees defined by the AnonCreds verifiable credential model, allowing a malicious holder of a revoked credential to generate a valid Non-Revocation Proof for that...

CVE-2024-21669

Hyperledger Aries Cloud Agent Python ACA-Py is a foundation for building decentralized identity applications and services running in non-mobile environments. When verifying W3C Format Verifiable Credentials using JSON-LD with Linked Data Proofs LDP-VCs, the result of verifying the presentation...

Format string

Hyperledger Aries Cloud Agent Python ACA-Py is a foundation for building decentralized identity applications and services running in non-mobile environments. When verifying W3C Format Verifiable Credentials using JSON-LD with Linked Data Proofs LDP-VCs, the result of verifying the presentation...

CVE-2024-21669

Hyperledger Aries Cloud Agent Python (ACA-Py) contains CVE-2024-21669: when verifying W3C JSON-LD Verifiable Credentials with Linked Data Proofs (LDP-VCs), the result of validating document.proof is not factored into the final presentation verification. This allows holders to present incorrectly ...

CVE-2024-21669 Hyperledger Aries Cloud Agent Python result of presentation verification not checked for LDP-VC

Hyperledger Aries Cloud Agent Python ACA-Py is a foundation for building decentralized identity applications and services running in non-mobile environments. When verifying W3C Format Verifiable Credentials using JSON-LD with Linked Data Proofs LDP-VCs, the result of verifying the presentation...

Hyperledger Aries Cloud Agent Python result of presentation verification not checked for LDP-VC

Impact When verifying W3C Format Verifiable Credentials using JSON-LD with Linked Data Proofs LDP-VCs, the result of verifying the presentation document.proof was not factored into the final verified value true/false on the presentation record. Below is an example result from verifying a JSON-LD...

GHSA-97X9-59RV-Q5PM Hyperledger Aries Cloud Agent Python result of presentation verification not checked for LDP-VC

Impact When verifying W3C Format Verifiable Credentials using JSON-LD with Linked Data Proofs LDP-VCs, the result of verifying the presentation document.proof was not factored into the final verified value true/false on the presentation record. Below is an example result from verifying a JSON-LD...

PT-2024-19011

Name of the Vulnerable Software and Affected Versions Hyperledger Aries Cloud Agent Python ACA-Py versions 0.7.0 through 0.10.4 Description The issue arises when verifying W3C Format Verifiable Credentials using JSON-LD with Linked Data Proofs LDP-VCs. The result of verifying the presentation...