Comparison of Wallet Security Architectures
- by Paul Bastian, Bundsedruckerei GmbH, Germany
- Categorizing and analyzing potential Wallet Security Architectures
- #ssi #Wallet #Credentials #Key-Management #Holder-Authentication #revocation #recovery #privacy
This is a proposed collaborative paper to be worked on at RWOT 2022, Den Haag, Netherlands, 26-30 September.
While the architecture of issuer and verifier services in the W3C Verifiable Credentials Data Model is almost cvertainly an institutional backend service running on a server and the Verifiable Data Registry being more diverse but broadly discussed and "standardized" in the DID methods and the corresponding rubrics and lists, the different architectures for the wallet are not as much talked about. Many SSI Wallets with different technologies and archtiecture exist, however clearly defined categories and definitions are mostly missing. Espacially for the discussion on regulated use cases and the upcoming Open Wallet Foundation this might become helpful.
We categorize wallets in certain categories:
- native, mobile Wallet-Apps running only on a smartphone
- full cloud-native Wallets running from the Browser
- a multitude of hybrid solutions inbetween
We will describe these categories, for example by these properties:
- credential storage mechanism/location
- key storage mechanism/location
- holder authentication mechanisms
- means to authenticate the wallet
- and more...
We will investigate and analyse the direct implications and/or possiblities of these design choices:
- backup and recovery strategy
- revocation mechanisms
- offline support and transport protocols
- achievable Level of Assurance
- authentiation of the verifier
- privacy, tracking possiblities and meta information
- multi-device capabilities
- and more...
RWOT in September 2022 will be used to drive the work forward and work on both summarizing definitions, categorizes and analyzing the implications of them.
[Summary and conclusions here. Structure to be discussed.]
[1] x