Feature request: Wallet Attestation Based Authentication

[ydanneg]

Support Wallet Attestation Based Authentication

https://datatracker.ietf.org/doc/draft-ietf-oauth-attestation-based-client-auth/ https://openid.net/specs/openid4vc-high-assurance-interoperability-profile-sd-jwt-vc-1_0-00.html https://www.rfc-editor.org/rfc/rfc9126

PS. I'm not really confident on it, just leaving this ticket here to collect information about it.

Some server-side implementation I found that requires Wallet Attestation: https://github.com/open-eid/eudi-qeaa-as-mock/blob/master/src/main/java/ee/ria/eudi/qeaa/as/controller/ParController.java#L43 https://github.com/open-eid/eudi-qeaa-as-mock/blob/master/src/main/java/ee/ria/eudi/qeaa/as/controller/TokenController.java#L65

PPS. Latest ARF uses different term: "Wallet Trust Evidence (WTE)" together with "Wallet Instance Attestation (WIA)"

[babisRoutis]

Hi @ydanneg

As you correctly pointed, this feature should be considered/addressed in case of HAIP/SD-JWT-VC adoption. The same goes, I guess, for the similar feature of OpenId4VP draft 20 about client_id_scheme equal to verifier_attestation, for which I have raised a relevant issue (https://github.com/eu-digital-identity-wallet/eudi-lib-jvm-siop-openid4vp-kt/issues/126)

[babisRoutis]

Hi @ydanneg

As you correctly pointed, this feature should be considered/addressed in case of HAIP/SD-JWT-VC adoption. The same goes, I guess, for the similar feature of OpenId4VP draft 20 about client_id_scheme equal to verifier_attestation, for which I have raised a relevant issue (eu-digital-identity-wallet/eudi-lib-jvm-siop-openid4vp-kt#126)

With regards to OpenId4VP, support for the verifier_attestation scheme has been added to the latest release of the library via https://github.com/eu-digital-identity-wallet/eudi-lib-jvm-siop-openid4vp-kt/pull/245

[babisRoutis]

Dear @ydanneg I am closing this issue.

Opened #304 instead, since I don't want to create confusion between WIA and Attestation Based Client Authentication