Scope: High Level Requirements on Wallet Trust Evidence (Topic 9)
Summary: The ARF requires Attestation Providers to obtain trust evidence (Wallet Trust Evidence, or possibly related Issuer Trust Evidence). Instead, alternative approaches such as remotely derived HDK could provide Attestation Providers with assurance about the security level of a newly generated key (https://github.com/eu-digital-identity-wallet/eudi-doc-architecture-and-reference-framework/issues/284). At least in such cases, the additional trust evidence would create unnecessary overhead and potentially provide more user metadata than minimally needed. The requirements should be adjusted to not require this functionality in all cases.
Context: https://github.com/eu-digital-identity-wallet/eudi-doc-architecture-and-reference-framework/discussions/282
Scope: High Level Requirements on Wallet Trust Evidence (Topic 9)
Summary: The ARF requires Attestation Providers to obtain trust evidence (Wallet Trust Evidence, or possibly related Issuer Trust Evidence). Instead, alternative approaches such as remotely derived HDK could provide Attestation Providers with assurance about the security level of a newly generated key (https://github.com/eu-digital-identity-wallet/eudi-doc-architecture-and-reference-framework/issues/284). At least in such cases, the additional trust evidence would create unnecessary overhead and potentially provide more user metadata than minimally needed. The requirements should be adjusted to not require this functionality in all cases.
Detailed suggestions and rationale: HDK v0.1.0 feedback on Topic 9 regarding WTE_*, WTE_17, WTE_20, WTE_23, WTE_24.
ARF version: 1.4.0