Open davidz25 opened 11 months ago
As discussed in today's meeting
// For each Credential Format, an instance of an implementation of this interface exist:
// MdocDeviceRetrievalAdapter
// MdocServerRetrievalAdapter
// MdocDirectAccessAdapter
//
// The application will instantiate these at startup.
//.
interface CredentialAdapter {
// At provisioning time
fun provisionData(credential: Credential, pii: NameSpacedData)
// At periodic intervals, this is called to e.g. refresh MSO
fun periodicRefresh()
// At presentation time, application can query whether a [CredentialStorageAdapter]
// supports the given [Credential]
fun isSupportedByCredential(credential: Credential): Boolean
}
// Each [CredentialAdapter] implementation contains specific methods to
// perform the presentation and show format-specific information
// on credential info screen
//
class XXXAdapter : CredentialAdapter {
}
There are multiple ways how credential PII and key material is stored and also multiple ways to use this for presentment of the credential. Right now we only support a single method which is storing all the PII in the application's data directory and using a
SecureArea
implementation (typically Android Keystore) for bothCredentialKey
and a bunch of single-useDeviceKey
(one for each MSO) and then using 18013-5 Device Retrieval for presentation.Other credential storage methods include
SecureArea
-based approach.SecureArea
for the key-binding aspect and use those keys at presentment time to prove the binding.The "Add self-signed document" screen is the first place to start. Today it says "Document type" with options "mDL", "mVR", "micov", "euPID" which are all mdoc specific. Instead it should use words like "Driving License" and for each selected document type we'd also have a list of checkboxes
Notes:
ISO mdoc Direct Access
option is contingent on the right SE applet being installed so might not be available (grayed out)ISO mdoc using Identity Credential API
requires the Android device to implement the Identity Credential HAL so it might also not be available.DocumentType
in Issue #401 to also include the W3C VC vocabularies from e.g. https://w3c-ccg.github.io/vdl-vocab/.The current design (
CredentialStore
with oneCredential
instance per document) is indeed designed with this in mind and the code for each credential storage method can likely be put behind some kind ofCredentialStorageAdapter
interface. Will follow up with some more thoughts on this.