digeorgi
commented
1 month ago Thank you very much for your feedback, please see below for a summary of the updated that we will perform in the next ARF release:
- Regarding WTE_02: Accepted, we will add a note stating "Many actions of the Wallet Instance, such as processing a Relying Party request and presenting an attestation, require multiple cryptographic operations, for example ephemeral key generation, followed by key agreement and message encryption. This requirement does not imply that a separate authentication is necessary before each of these. Rather, a successful user authentication will be valid for all cryptographic operations necessary for a Wallet Instance action. It is up to the Wallet Provider to determine what constitutes a 'Wallet Instance action', finding a balance between security and user convenience. During certification of the Wallet Solution, it will be verified that the solution provides an adequate level of security."
- Regarding WTE_03: Indeed we mean any user interaction here. We will add a note stating "The goal of this requirement is to prevent any user interaction without prior user authentication, including, for example, detecting which attestations are present in the Wallet Instance or what are the values of specific attributes." We will also add a sentence to this requirement saying "A Wallet Instance SHALL implement an idle timeout of at most 5 minutes, after which User authentication SHALL again be required. The Wallet Instance SHOULD provide the user with the option to set the idle timeout to a duration shorter than 5 minutes"
- Regarding your last comment: We believe user authentication is indeed necessary before any user authentication, given the fact that a Wallet Instance stores personal data. In that sense, the Wallet cannot be compared to most mobile apps, but should rather be compared to high-value apps like banking or payments apps. Relying on a generic device unlock is not good enough, as such an unlock is not under the control of the Wallet Instance and may be omitted (i.e., not set) by the user.
A.2.3.9 currently provides unclear guidance about how, and how often, Wallets should authenticate users.
WTE_02 states
It is unclear what “before” means here. Consider a user that needs to perform multiple cryptographic operations within a few milliseconds (for example, because they want to transmit both a PID and a QEAA). Is the user allowed to perform several operations in series with a single authentication, or does each operation require its own authentication?
WTE_03 states
It is unclear what “any operation excluding cryptographic operations” means here, as nearly any user interaction could be considered an operation. It is also unclear what “before” means here: it could mean that there is an idle-timeout after authentication, or it could mean that authentication must occur before each and every operation.
One interpretation of WTE_03 is that the Wallet application should ask the user to unlock (with a PIN or biometric) when the application is first launched, and they should be prompted to unlock after being idle for some small amount of time (e.g. 5 minutes). If this is the correct interpretation, the ARF text should be updated to explain this more clearly.
We would also question whether authentication for non-cryptographic operations is necessary at all. Most mobile applications rely on the device to have its own lock to prevent unauthorized access and do not prompt the user for additional authentication when the application is launched.