mutual authentication #81
Comments
|
@paolo-de-rosa just to help with discussion, can you provide a deep link to that specific section of the regulation? |
|
I agree that the wallet needs to identify the verifier so that it can apply the correct policy around attribute disclosure or even returning a credential at all. I think the main line EU thinking is that Verifiers will need to get a certificate that they present, possibly via TLS that attests they are trusted to receive PID information. I think the assumption in this case is that the verifier and wallet have a direct connection. In my opinion that is the worst model for scalability. The better option would be to provide that certificate as a parameter and the API validate the origin and pass the verified origin to the wallet where it could compare them and if the origin matches the certificate use it for encrypting the response. The model I prefer is that the wallet only needs the verified origin. From that it can find the meta-data for the verifier and get appropriate encryption keys. It can also retrieve any x509 certificates or other trust marks the verifier has,. I prefer the latter approach as the verifier doesn't need to know the nationality of the individual or the wallet. It can make a simple request for a PID and the wallet can then retrieve metadata for the verifier and get the correct trust info to assure itself. Having the verifier try and identify itself on the request without knowing the wallet is madness in my opinion. It would require the API to get challenges from all wallets and then send them to the Verifier for signing with each trust certificate the verifier has and then sending the signed challenges and certificates in the credential request. We will have to deal with the matches not being able to get metadata unless it is cached somehow. That will leave the possibility that a matcher will say Yes I have a PID, invoke the Estonian wallet, and then the wallet rejects the request because the verifier in Argentina doesn't have a QWAC (https://www.europarl.europa.eu/RegData/etudes/ATAG/2023/739285/EPRS_ATA(2023)739285_EN.pdf) So in reverse order of preference: |
|
Related: #46 |
The agreed draft of the regulation has been published here and the relevant articles for the discussion should be the following:
|
This likewise seems like the appropriate level/amount of authentication information for a web API to be conveying. |
|
@paolo-de-rosa , you wrote:
Looking at the latest draft of the regulation, I see: Article 6a Are there more requirements beyond these? The above appear to say that a wallet must support the authentication of a relying party, which is different from saying that the wallet must authenticate the relying party. I am asking since a world where an mDL in an European wallet can only be shared with relying parties that are approved by an EU body bodes ill for the international use of your driving licence. I find it unlikely that all entities that consume European driving licences today (think road traffic enforcement officers world-wide) will register with an EU body. And if other issuers of driving licences were to institute similar requirements, it means that all relying parties in the world would have to register with all issuers (or groups of issuers) in the world - clearly not a very attractive proposition. |
|
The current thinking in the DCP working group is that this (if it continues to be needed) can potentially be solved at the OpenID4VP level without needing any changes to the Browser API; there's an issue discussing this here: |
|
The requirement for mutual authentication stems from mandates outlined in the amended EU Regulation No 910/2014 as regards establishing the European Digital Identity Framework.
Points 1 and 4 focus on identifying and authenticating relying parties registered within the EU Digital Identity Framework. Points 2 and 3 emphasize the need for interfaces and protocols that enable the relying parties to verify the authenticity and validity of the "European Digital Identity Wallet." It remains ambiguous whether this refers to the wallet as a solution or as an individual instance. Given the points 2,3,5 it might be necessary to have a Wallet Instance Attestation that once presented to the relying party could be used to verify authenticity and validity of the Wallet Instance and also to revoke the Wallet Instance. Obviously privacy considerations need to be made but for now, I am personally open to accepting a threat model that assumes issuers do not collude with relying parties (RPs), and that RPs do not collude with each other, given that there are sufficient checks and balances in place to make such abuses unlikely. I believe implementing these changes at the level of OID4VP should not impact the API. However, I'm eager to hear if there are any differing opinions on this matter. |
|
Raw notes from 2024-05-15 call: https://github.com/WICG/digital-credentials/wiki/2024-05-15-Meeting-Notes#mutual-authentication AI generated summary of the 2024-05-15 call notes on this topic:
|
|
Beyond legislation, to ensure that we are considering the proper security goals, we need to understand the security problem that the legislation is expecting to be mitigated. |
|
2024-07-29 call: agreed with conclusion, closing issue. |
Under the new eIDAS regulation (EU Digital Identity Wallet), there is a mandate for mutual authentication between the Relying Party instance and the Wallet Instance during each attestation (credential) presentation. In this context, what is your perspective on the impact of mutual authentication on the API? Should this process occur at the transport layer or at the application layer, involving an exchange of a specific attestation (credential)?
The text was updated successfully, but these errors were encountered: