Skip to content

Add sole control assurance level #33

@sander

Description

@sander

For some use cases it is important to know to what extent the wallet or agent operates on holder keys under sole control of an authorized end-user. This knowledge can be provided with more or less assurance. Two assurance levels are standardised under Common Criteria in the CEN EN 419241-2:2019 standard on trustworthy systems supporting server signing. The SCAL3 project provides an overview and an extension applicable to wallets.

For example, wallets for eIDAS LoA High authentication or other high-risk transactions will need to provide a high assurance level, while wallets for webshop coupons or intranet authentication may do with lower levels.

I suggest to add a field:

  • ID: scal (sole control assurance level)
  • Type: 1 | 2 | 3 where:
    • 1 indicates that the wallet/agent authenticates the user before operating on a key (e.g. signing a credential presentation)
    • 2 indicates that the wallet/agent requires multi-factor authentication, and a cryptographic link between the authenticators and the instruction for the key operation
    • 3 indicates that the wallet/agent enables authorised users to verify tamper-evident logs of this cryptographic evidence

Metadata

Metadata

Assignees

No one assigned

    Labels

    TBDwe can not solve this right now, but maybe in the future

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions