Scope: High Level Requirements on Wallet Trust Evidence (Topic 9)
Summary: The ARF prescribes a single way to generate WSCD-bound keys in the context of PID and attestation issuance. In the context of batch issuance of one-time-use documents, other ways such as remotely derived HDKs could be desirable, for example delegated to the PID Provider or Attestation Provider. By design, these keys can meet the same security level. The approach may increase usability since the WSCA would need to authenticate the user only one, enabling issuance of multiple batches of documents. The requirements should be generalised to also enable such a method.
Context: https://github.com/eu-digital-identity-wallet/eudi-doc-architecture-and-reference-framework/discussions/282
Scope: High Level Requirements on Wallet Trust Evidence (Topic 9)
Summary: The ARF prescribes a single way to generate WSCD-bound keys in the context of PID and attestation issuance. In the context of batch issuance of one-time-use documents, other ways such as remotely derived HDKs could be desirable, for example delegated to the PID Provider or Attestation Provider. By design, these keys can meet the same security level. The approach may increase usability since the WSCA would need to authenticate the user only one, enabling issuance of multiple batches of documents. The requirements should be generalised to also enable such a method.
Detailed suggestions and rationale: HDK v0.1.0 feedback on Topic 9 regarding WTE_13, WTE_14, WTE_27.
ARF version: 1.4.0