Closed chrisbn closed 2 years ago
"associated eID attributes it accepts"
With that text I was referring to the possibilities of QEAA and EAA in the future beyond the core identity aspects of eID.
Regarding the "suitable" comment, I had wanted to leave the window open for additional eID schemes beyond the EU to be added to the standard, should they evolve. This section will likely benefit from additional specification when the EUDI Wallet toolkit is finalised later this year.
3.2.4.2 Validation of individual identity item 3: Validation of eID states "If authentication using an eID is used as evidence, the CA or RA SHALL confirm that the eID scheme is suitable (for example that the eID is accessible via a notified eIDAS-Node), and that the individual eID is valid (i.e., not expired, suspended, or revoked).
3.2.4.1 Attribute collection of individual identity item 3: Using electronic identification schemes (eID) "If an eID is used as evidence, the CA or RA SHALL only accept “notified” eID schemes according to Article 9 of the eIDAS Regulation and the eID shall conform to eIDAS LoA “Substantial” or “High”. The CA SHALL document and publish information describing the eID and associated eID attributes it accepts."
As the condition is that the eID is notified, mentioned in 3.2.4.1, can the term "suitable" be omitted or replaced with a notification requirement in 3.2.4.2?
Since 3.2.4 Authentication of individual identity defines which attributes need to be collected, I'm not convinced about the added value of disclosing the associated eID attributes.