Wallet Architecture #197
Comments
|
We can add security smartphone development requirements for the Wallet Instance such as the OWASP Mobile application security (required for eIDAS) and the ENISA Smartphone Guidelines. |
|
This section should describe (in short) how the Wallet Solution attests the reliability of the cryptographic keys. as @grausof mentioned: For Android you can find the references here: https://developer.android.com/privacy-and-security/security-key-attestation While for iOS: https://developer.apple.com/documentation/devicecheck/establishing-your-app-s-integrity Furthermore, the keys are always linked to an instance of the app (verifiable via integrity check) therefore the key-WSCD association is guaranteed by the same certificate. This means that you only need to certify WSCD to also have the attestation of the keys on the Wallet Provider side for free |
|
for the resolution of this issue we should include also this aspect |
|
We need to define the nonce request and response related to the provisioning of the wallet attestation @grausof ^ |
|
Resolved by #233 |
|
Partially resolved in #233 |
|
To be closed since we don't want to re-define what the ARF has well represented about the internal wallet architecture. another issue will be open requiring how the ref to the ARF should be made |
At this current stage, the National technical public specifications don’t cover the aspects of internal Wallet Architecture and Security. However, we’re planning to include these aspects in the section of the technical specifications at the following URL:
https://github.com/italia/eudi-wallet-it-docs/blob/versione-corrente/docs/en/wallet-solution.rst
in this section we plan to describe the use of the local WCSD and the local external WSCD
The text was updated successfully, but these errors were encountered: