add key attestations #389
add key attestations #389
Conversation
There was a problem hiding this comment.
I like it as a first draft and added some general comments.
General question: The plan would be to describe the overall mechanism in an Appendix and reference in Credential Endpoint (additional parameter for a Credential Request) and in Credential Issuer Metadata (to signal this is required for specific credential configurations)?
There was a problem hiding this comment.
good one @paulbastian , I support and follow this work, thank you
Co-authored-by: Giuseppe De Marco <[email protected]>
|
Is it possible to add description to the PR what this PR does and which issues it touches upon? thank you |
| @@ -2166,6 +2166,88 @@ The following is a non-normative example of a Credential Response containing a C | |||
|
|
|||
| <{{examples/credential_response_sd_jwt_vc.txt}} | |||
|
|
|||
| # Key Attestations {#keyattestation} | |||
|
|
|||
| A key attestation is an interoperable, verifiable statement that provides evidence of the authenticity and security properties of a key and its storage component. Keys can be stored in various key storage components, which differ in their ability to protect the private key against extraction and duplication, as well as in the methods used for End-User authentication to unlock key operations. These key storage components may be software-based or hardware-based, and can be located on the same device as the Wallet, on external security tokens, or on remote services that enable cryptographic key operations. | |||
There was a problem hiding this comment.
we already have a definition of a key attestation here. could we simply point there? https://openid.github.io/OpenID4VCI/openid-4-verifiable-credential-issuance-wg-draft.html#section-12.1-4
|
I had the same question as @Sakurann as to where to put the key attestation. Moreover, if one attestation contains a list of keys, how can we provide one PoP for each key, and how to figure out which PoP corresponds to which key in the keys array. |
Co-authored-by: Christian Bormann <[email protected]>
Co-authored-by: Christian Bormann <[email protected]>
Co-authored-by: Christian Bormann <[email protected]>
|
@c2bo and I feel somewhat confident with the current state of the PR and are looking for more feedback!
|
paulbastian
requested review from
Sakurann,
andprian,
UBaggeler,
tplooker,
sorotokin,
peppelinux,
ve7jtb,
danielfett,
jogu,
tlodderstedt,
awoie,
martijnharing and
bc-pi
and removed request for
sorotokin,
UBaggeler and
andprian
|
Some eyes especially on the possible values for |
Closes #355
Closes #368