The objective of this SIG is to develop and maintain the Digital Wallets and Agents Overview. The overview should provide transparency of the characteristics of wallets and agents in order to allow for an objective comparison and effective decision making on which wallet or agent is applicable for your use case.
For some use cases it is important to know the security strength of the wallet/agent when applied to present credentials.
Common assessment criteria are available: (EU) 2015/1502 lists requirements for identification means characteristics and design for eIDAS LoA Low/Substantial/High, where LoA High will be required for the EUDI Wallet. Peer review feedback and related Guidance documents provide common interpretations. NIST SP 800-63B specifies Authenticator Assurance Levels (AALs) in more concrete detail.
For example, the EUDI Wallet will require eIDAS LoA High, while webshop coupon issuers may find AAL1 sufficient.
I suggest to add one field for eIDAS:
ID: eidasMeansLoa (eIDAS identification means level of assurance)
For some use cases it is important to know the security strength of the wallet/agent when applied to present credentials.
Common assessment criteria are available: (EU) 2015/1502 lists requirements for identification means characteristics and design for eIDAS LoA Low/Substantial/High, where LoA High will be required for the EUDI Wallet. Peer review feedback and related Guidance documents provide common interpretations. NIST SP 800-63B specifies Authenticator Assurance Levels (AALs) in more concrete detail.
For example, the EUDI Wallet will require eIDAS LoA High, while webshop coupon issuers may find AAL1 sufficient.
I suggest to add one field for eIDAS:
eidasMeansLoa
(eIDAS identification means level of assurance)low | substantial | high
as per 2015/1502And one field for NIST:
nistAal
(authenticator assurance level)1 | 2 | 3
as per SP 800-63B