Architecture Harmonization according to National Cybersecurity Agency's Decomposition Scheme #894
Description
This issue addresses the requirement to improve and harmonize the current general architecture overview sections, wallet solution architecture, and PID provider architecture with the decomposition scheme provided by ACN (National Cybersecurity Agency). The harmonization should consider comprehensive properties including certification scope, standards references, risk assessment, and security controls.
Background
The current architecture documentation includes:
- General Architecture Overview (
docs/en/architecture-overview.rst,docs/it/architecture-overview.rst) - Wallet Solution Architecture (
docs/en/wallet-solution.rst,docs/it/wallet-solution.rst) - PID Provider Architecture (referenced in various sections)
These sections need to be aligned with the ACN decomposition approach to facilitate certification patterns and ensure comprehensive coverage of all architectural components and their properties.
This can be achieved usign specialized sections within the current sections or by separate annexes, to be referenced to the current sections.
Decomposition Properties
The harmonization must consider the following properties for each component in the decomposition:
| Property | Description |
|---|---|
| Ambito | Category/Scope classification |
| Category | Component category classification |
| Component | Main architectural component |
| Sub-component | Sub-component within the main component |
| Low level sub-components (no ARF) | Detailed sub-components not covered by ARF |
| Certification Scope (yes/no) | Whether the component is within certification scope |
| Reference | Reference to relevant documentation |
| Detailed Description | Comprehensive description of the component |
| Category (Process/Product) | Classification as Process or Product |
| Standard and Certification Reference | Applicable standards and certification references |
| PID-related | Whether the component is PID-related |
| Critical asset | Whether the component is a critical asset |
| Mandatory Certification | Whether certification is mandatory |
| Mandatory Certification Rationale | Justification for mandatory certification |
| Justification | Overall justification (PID-related, Critical asset, mandatory certification) |
| LoA | Level of Assurance |
| Risks (ID & Name) | Identified risks |
| Risk Rationale | Explanation of risks |
| System-related Risks (ID & Name) | System-level risks |
| System Risk Rationale | Explanation of system risks |
| Threats to the wallets (ID & Name) | Threats specific to wallets |
| Threats to the wallets Rationale | Explanation of wallet threats |
| Controls | Security and operational controls |
Ambito/Category Classification
The decomposition must cover the following Ambito/Category sets and their sub-components:
- Wallet Instance
- Wallet Provider
- PID Provider
- Wallet Secure Cryptographic Device (WSCD)
- Qualified Signature or Seal Provider
- eID scheme
- Trust List Provider
Each category must include:
- Main components
- Sub-components
- Low-level sub-components (where applicable)
Specifications and Standards
The resolution must include:
- All specifications used in the decomposition approach
- Standards and certification references applicable to each component (eg: CEN, ISO ...)
- References to ARF (Architecture Reference Framework) where applicable
5. Certification Pattern Facilitation
The harmonized architecture must:
- Enable easy application of certification patterns
- Provide clear mapping between components and certification requirements
- Support certification scope determination
- Facilitate risk assessment and control mapping
Files to be considered
architecture-overview.rstwallet-solution.rstwallet-solution-components.rst- PID provider architecture sections (to be identified)
New Files
- ACN decomposition tables/documentation Annex
- PID Provider Architecture decomposition Annex
- Wallet Solution Architecture decomposition Annex