-
Notifications
You must be signed in to change notification settings - Fork 35
Open
Labels
TBDwe can not solve this right now, but maybe in the futurewe can not solve this right now, but maybe in the future
Description
For some use cases it is important to know to what extent the wallet or agent operates on holder keys under sole control of an authorized end-user. This knowledge can be provided with more or less assurance. Two assurance levels are standardised under Common Criteria in the CEN EN 419241-2:2019 standard on trustworthy systems supporting server signing. The SCAL3 project provides an overview and an extension applicable to wallets.
For example, wallets for eIDAS LoA High authentication or other high-risk transactions will need to provide a high assurance level, while wallets for webshop coupons or intranet authentication may do with lower levels.
I suggest to add a field:
- ID:
scal
(sole control assurance level) - Type:
1 | 2 | 3
where:1
indicates that the wallet/agent authenticates the user before operating on a key (e.g. signing a credential presentation)2
indicates that the wallet/agent requires multi-factor authentication, and a cryptographic link between the authenticators and the instruction for the key operation3
indicates that the wallet/agent enables authorised users to verify tamper-evident logs of this cryptographic evidence
Metadata
Metadata
Assignees
Labels
TBDwe can not solve this right now, but maybe in the futurewe can not solve this right now, but maybe in the future