VC-E-1 — SPOCP policy bypass on pid_auth credential type
Component: vc Platform. Mitigations:
pid_authrequires presenting valid PID credential; SPOCP S-expression policy enforces paths/methods. Action: None required.
| Property | Value |
|---|---|
| Section | Elevation of Privilege |
| Owner | platform |
Mapped Controls
| Control | Title |
|---|---|
| SID-ACCESS-04 | SPOCP Policy-Based Query Authorization |
Source: STRIDE analysis (April 2026), architecture/stride-threat-model.md