RFC003 - Key binding requirements

[jtalir]

There are legal requirements (CIR 2024/2977 Article 3.5) for PID issuers to implement key binding - PID issued must be bound to the key from the wallet:

Providers of person identification data shall ensure that person identification data that they issue is cryptographically bound to the wallet unit to which it is issued.

In OpenID4VCI protocol this is realized via proofs - https://openid.net/specs/openid-4-verifiable-credential-issuance-1_0.html#name-proof-types. There are several types of proofs and to ensure interoperability we should probably agree on one type that we will implement. This proof is strongly tied with nonce generated by issuer.

For PID issuers there are several requirements based on this:

• implement nonce endpoint
• implement proof verification - check signature over nonce (which proof type?)
• implement cryptographic binding - add public key into PID as cnf attribute (with jwk?) - https://www.ietf.org/archive/id/draft-ietf-oauth-selective-disclosure-jwt-15.html#name-key-binding

It is of course question if this requirements will go to RFC003 or it will be generalized and go into RFC001 to suite other use cases or they will have separate RFC