Realign WSCD architecture

[sander]

ARF 1.2.0 had the concept of separation between Wallet Driving Application (WDA), Wallet Creation Application (WCA), Wallet Secure Cryptographic Application (WSCA), Wallet Secure Cryptographic Device (WSCD). We took over these concepts in context.md. In 1.3.0 and 1.4.0, WDA and WCA have been removed.

I also notice in discussing feedback.md that different people have different interpretations of where HDK should happen. I have interpreted it as happening within the WCA and outside of the WSCD. But in ARF 1.4.0, it seems that all key management needs to happen within the WSCD, which can be a hybrid, for example combining an HSM with a mobile phone running application code in its rich execution environment. This is also how in the “proof of association” work, a “distributed WSCD” is described.

I’m not convinced this makes Common Criteria certification of WSCDs easier. But let’s try.

This would be the generic HDK-based architecture with the “distributed WSCD” perspective:

This would be a hybrid example architecture with the “distributed WSCD” perspective:

What do you think?

[sander]

Iteration based on today’s feedback:

• Move SCAL3 from WSCD to WI
• Consequentially, remove “Local native” WSCD component
• Have single interaction from WI to WSCD web server (was: application server)
• Explore option to delegate to wallet provider instead of relying party

[sander]

Discussed further today at Identity Week. We seem to agree that in this case, the WSCD+WSCA certification should have just the HSM+software as TOE, and set environmental objectives for the rest, such as provision of the WSCD interaction component. This should simplify the architecture, and make it a “Remote HSM” architecture instead of a “Hybrid” one.

[sander]

Simplified architecture visualisation:

[sander]

Discussed 2024-06-24: we'd like to include a diagram like this to illustrate what kind of architectures HDK enables.