Draft for wallet attestation #408
Open
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sakurann
requested review from
danielfett,
jogu,
pmhsfelix,
samuelgoto,
peppelinux,
selfissued,
c2bo,
tplooker,
awoie,
Sakurann,
bc-pi and
babisRoutis
peppelinux
reviewed
Oct 28, 2024
peppelinux
reviewed
Oct 28, 2024
Co-authored-by: Giuseppe De Marco <[email protected]>
peppelinux
requested changes
Nov 7, 2024
Co-authored-by: Giuseppe De Marco <[email protected]>
Sakurann
reviewed
Nov 12, 2024
Sakurann
reviewed
Nov 12, 2024
There was a problem hiding this comment.
I do not see anywhere in this draft that says that the wallet attestation should be displayable to the user, as a means of engendering the user's trust in the wallet app. The current text is concerned with transferring the wallet attestation between system components, which is important. But so is display to the user.
Co-authored-by: Kristina <[email protected]>
peppelinux
reviewed
Nov 14, 2024
peppelinux
reviewed
Nov 14, 2024
peppelinux
reviewed
Nov 14, 2024
peppelinux
reviewed
Nov 14, 2024
paulbastian
commented
Dec 5, 2024
Co-authored-by: Torsten Lodderstedt <[email protected]>
paulbastian
commented
Dec 5, 2024
|
|
||
| Some Wallet architectures require a backend service from the Wallet Provider that verifies the Client's authenticity before providing Wallet Attestations. Mobile application attestations provided by operating systems, like iOS's DeviceCheck or Android's Play Integrity, enable the Wallet Provider's backend to confirm communication with a legitimate instance. These mechanisms help validate the Wallet's internal integrity. | ||
|
|
||
| A Wallet MAY provide Wallet Attestations to inform the Authorization Server about the authenticity of the Client and its `client_id`. Authorization Server may want to evaluate these Wallet Attestations to determine whether they communicate to a Wallet that meets its security, compliance or governance requirements, based on the trust framework in use, regulatory requirements, laws, or internal design decisions. A Credential Issuer SHOULD communicate this requirement to evaluate Wallet Attestations through its metadata using `token_endpoint_auth_method` or using some sort of out-of-band mechanism. |
There was a problem hiding this comment.
Suggested change
| A Wallet MAY provide Wallet Attestations to inform the Authorization Server about the authenticity of the Client and its `client_id`. Authorization Server may want to evaluate these Wallet Attestations to determine whether they communicate to a Wallet that meets its security, compliance or governance requirements, based on the trust framework in use, regulatory requirements, laws, or internal design decisions. A Credential Issuer SHOULD communicate this requirement to evaluate Wallet Attestations through its metadata using `token_endpoint_auth_method` or using some sort of out-of-band mechanism. | |
| A Wallet MAY provide Wallet Attestations to inform the Authorization Server about the authenticity of the Client and its `client_id`. Authorization Server may want to evaluate these Wallet Attestations to determine whether they communicate to a Wallet that meets its security, compliance or governance requirements, based on the trust framework in use, regulatory requirements, laws, or internal design decisions. A Credential Issuer SHOULD communicate this requirement to evaluate Wallet Attestations through its metadata using `token_endpoint_auth_method` or using some sort of out-of-band mechanism. The Wallet Attestation MUST be signed by an wallet provider that the Authorization Server trusts for this purpose. |
|
Still not clear to me what are the concrete things being specified here:
By using |
|
why is there an authorization server in a three-party interaction? Or is this another name for the wallet provider. I recommend removing the concept of the Authz server altogether. |
Co-authored-by: Torsten Lodderstedt <[email protected]>
paulbastian
commented
Dec 6, 2024
paulbastian
commented
Dec 6, 2024
paulbastian
commented
Dec 6, 2024
paulbastian
commented
Dec 6, 2024
paulbastian
commented
Dec 6, 2024
paulbastian
commented
Dec 6, 2024
paulbastian
commented
Dec 6, 2024
tlodderstedt
approved these changes
Dec 6, 2024
|
@pmhsfelix Torsten and I simplified the text a lot, please have a look |
c2bo
approved these changes
Dec 6, 2024
Co-authored-by: Christian Bormann <[email protected]>
paulbastian
commented
Dec 6, 2024
Co-authored-by: Christian Bormann <[email protected]>
peppelinux
reviewed
Dec 8, 2024
peppelinux
reviewed
Dec 8, 2024
peppelinux
reviewed
Dec 8, 2024
| @@ -2257,6 +2251,52 @@ The following is a non-normative example of a Credential Response containing a C | |||
|
|
|||
| <{{examples/credential_response_sd_jwt_vc.txt}} | |||
|
|
|||
| # Wallet Attestations in JWT format {#walletattestation} | |||
|
|
|||
| The Wallet Attestation defined in this section is a client authentication method especially designed for native App Wallets. Instead of using platform-specific key, app, and/or device attestations directly, it uses a key-bound, platform agnostic common format based on JWTs. This allows Authorization Servers to authenticate Wallets across different platforms in a unified fashion and exposes only a minimum dataset. Also, it allows the Wallet app to directly interact with the Credential Issuer without involving the Wallet Provider's backend. The Wallet Attestation MUST be signed by an issuer that the Authorization Server of the Credential Issuer trusts for this purpose. | |||
There was a problem hiding this comment.
technically the wallet attestation is a signed attestation that can be used in the client authentication mechanisms, as outlined in my previous comment.
if agreed, I can therefore purpose a rewording also here
Co-authored-by: Giuseppe De Marco <[email protected]>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Closes #355
Closes #406