You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
and then convey (email, logged-in website, whatever) erika-loyalty-card.portable-mdoc to a wallet application under the control of the intended holder. The format of the file could be something like
PortableMdoc = [
"PortableMdoc1",
StaticAuthData,
DeviceKeyPrivate
]
; Contains the private part of DeviceKey referenced in the MSO (inside StaticAuthData)
DeviceKeyPrivate = COSE_Key
where StaticAuthData is defined in our project already (link) and used by existing provisioning protocols.
The idea here is that the issuer generates DeviceKey and the device would store it in software (or import it into Secure Hardware, if such support is available). This is why it's only suitable for low-value credentials - for high-value credentials the issuer would make the holder's device generate the key in secure hardware and then send a proof to the issuer this was done (Keystore Attetation, if using Android), worry about revocation and updates, and so on. In contrast, for low-value credentials the issuer might not care about any of those things and might be fine with the user having to redownload (or re-request) a new replacement portable mdoc if data on the credential has changed.
Concretely, this effort would involve:
Proper definition of the PortableMdoc file format
like above, to mitigate tracking, probably want multiple MSOs instead of just 1
Creation of library code to generate and parse portable mdocs
Creation of a portable-mdoc-tool tool
would also want other verbs than just create
Support in the wallet app for importing portable mdocs
MIME type / file extension and registration in wallet app
for downloading from logged-in websites and email apps
It might even be nice to have this in ISO 23220-3 as a building block but from a practical point of view it's probably easier to start here.
The text was updated successfully, but these errors were encountered:
For low-assurance credentials it would be nice if an issuer could do something like
and then convey (email, logged-in website, whatever)
erika-loyalty-card.portable-mdocto a wallet application under the control of the intended holder. The format of the file could be something likewhere
StaticAuthDatais defined in our project already (link) and used by existing provisioning protocols.The idea here is that the issuer generates
DeviceKeyand the device would store it in software (or import it into Secure Hardware, if such support is available). This is why it's only suitable for low-value credentials - for high-value credentials the issuer would make the holder's device generate the key in secure hardware and then send a proof to the issuer this was done (Keystore Attetation, if using Android), worry about revocation and updates, and so on. In contrast, for low-value credentials the issuer might not care about any of those things and might be fine with the user having to redownload (or re-request) a new replacement portable mdoc if data on the credential has changed.Concretely, this effort would involve:
PortableMdocfile formatportable-mdoc-tooltoolIt might even be nice to have this in ISO 23220-3 as a building block but from a practical point of view it's probably easier to start here.
The text was updated successfully, but these errors were encountered: