EU Trusted Lists Section #303
Draft
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
how a WP can trust the WI and the other way round
peppelinux
reviewed
Jun 4, 2024
peppelinux
requested changes
Jun 4, 2024
peppelinux
requested changes
Jun 12, 2024
details about superior trust lists and the national ones
peppelinux
requested changes
Jun 17, 2024
peppelinux
reviewed
Jun 17, 2024
peppelinux
changed the title
peppelinux
changed the title
the sentence about the WI verification from WP is a requirement and has beed moved in that section.
Co-authored-by: Giuseppe De Marco <[email protected]>
replace UUID with Cryptographic Hardware Key Tag
peppelinux
reviewed
Jun 18, 2024
peppelinux
requested changes
Jun 21, 2024
docs/en/trust.rst
Outdated
| ^^^^^^^^^^^^^^^ | ||
|
|
||
| The Wallet Providers MUST be published in a Trust List managed by the designed Federation authority. | ||
|
|
||
| To ensure coherent and efficient management of trust lists across Europe, a structured approach has been proposed. This involves creating and governing a Superior Trust List at the European level and National Trust Lists at the member state level. The following sections provide the implementation details for each type of trust list. | ||
|
|
||
| The **Superior Trust List** should be managed by a central entity at the European level, such as the European Commission. It will include direct references to each National Registry and each centrally managed Thematic Registry, unique for all member states. The governance is centralized under a single EU authority, authorized to add, remove, or update entries in the registry. |
There was a problem hiding this comment.
this sounds more like a proposal, while the scope of this technical specification is not to share proposal but to offer clear implementation configurations and examples. Not sure about this editorial cut
here I expect to get how the trust list must be implemented, the format used and the non normative examples about requests and responses
docs/en/trust.rst
Outdated
| To ensure coherent and efficient management of trust lists across Europe, a structured approach has been proposed. This involves creating and governing a Superior Trust List at the European level and National Trust Lists at the member state level. The following sections provide the implementation details for each type of trust list. | ||
|
|
||
| The **Superior Trust List** should be managed by a central entity at the European level, such as the European Commission. It will include direct references to each National Registry and each centrally managed Thematic Registry, unique for all member states. The governance is centralized under a single EU authority, authorized to add, remove, or update entries in the registry. | ||
|
|
||
| The **National Trust List** should be managed by a national coordinating entity, ideally the National Supervisory Body or an entity delegated by it. This entity will receive requests from accredited and authoritative entities for the respective themes they manage. The Trust List will include direct references to each National List (Thematic, Wallet, TSP, and Devices Registries) and to the Superior Trust List for each centrally managed cross-border Thematic Trust List, unique to all member states. | ||
| The **National Trust List** should be managed by a national coordinating entity, ideally the National Supervisory Body or an entity delegated by it. This entity will receive requests from accredited and authoritative entities for the respective themes they manage. The Trust List will include direct references to each National List (thematic, Wallet, TSP, Devices Registries etc...) and to the Superior Trust List for each centrally managed cross-border Thematic Trust List, unique to all member states. |
There was a problem hiding this comment.
should -> must
national coordinating entity is too much generic and therefore not actionable ... We need to use a clear terminology using an established role within the ecosystem. Please find it in the european regulations.
I don't like using etc... we need to enumerate all the entities required to be published within the trusted list. When this information is not clear and neither in our possession, we may think to explain one or more open points in the form of a note.
replace NAB with Supervisory Body
peppelinux
changed the title
There was a problem hiding this comment.
I have a couple of comments on this:
- I would remove any real reference in terms of URL or Organizations etc. from the text.
- the trust list section is something that is not currently in the scope of this technical specification at this moment. I would postpone this to a future release.
peppelinux
changed the title
|
This section requires to be moved to a file dedicated to the european trusted lists |
peppelinux
added a commit
that referenced
this pull request
Jul 16, 2024
This PR adds clarifications about how the wallet provider should check the mobile application wallet instance using the OS API, it takes parts of #303
|
@SaraConsoliACN this PR doesn't answer to the point raised here: #258 (comment) |
| Trust List | ||
| ^^^^^^^^^^^^^^^ | ||
|
|
||
| The Wallet Providers MUST be published in a Trust List managed by the designed Federation authority. |
There was a problem hiding this comment.
Suggested change
| The Wallet Providers MUST be published in a Trust List managed by the designed Federation authority. | |
| The Trust Chain including Wallet Provider MUST be anchored in a Trust List/Registry managed by the appointed Supervisory Body, where its Public Keys are available for validation purposes. It’s responsibility of the Supervisory Body to ensure that any Trust Chain anchored, contains exclusively certified Wallet Providers. |
There was a problem hiding this comment.
@peppelinux Does this review allow the closure of issue #258?
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
this PR aims to close #258
this answer 2 questions:
-how a WI can trust the WP
-how a WP can trust the WI