Latest ARF V1.10 : discrepancies about WUA with adopted CIR requirements and/or topic C

[Nathall7]

Topic C refers to the following [CIR 2024/2979] requirement: « T_he WUA must contain a public key, where the corresponding private key is protected by a WSCD"_

BUT the chapter 6.5.3.4 of the ARF 1.10 only specifies an option
“The PID Provider or Attestation Provider can optionally verify that the private key belonging to this public key is protected by the same WSCD as the private key belonging to the WUA public key, if this is supported by the WSCD.”

Topic C refers to the following [CIR 2024/2979] requirement: « Wallet Units must provide WUA to wallet-relying parties or Wallet Units upon request”. Topic C is even defining two types of WUA: WUA for use case RP and WUA for PID or attestation providers to comply with privacy issue to control the content of WUA legitimate for each case.

BUT the chapter 6.5.3.4 of the ARF 1.10 intends that option might not be feasible in terms of business reasons (and so GDPR compliancy)
“T_o ensure User privacy, the Wallet Unit presents its capabilities and properties only to PID Providers and Attestation Providers, but not to Relying Parties. This is because PID Providers and Attestation Providers have a valid business reason to know these properties, whereas Relying Parties do not. “_

[david-bakker]

Thanks for your comments!

Regarding your first comment: The requirement in ARF 2.2 corresponding to the requirement you cite from the Topic C discussion paper is WUA_09: " A WUA SHALL contain a public key, and the corresponding private key SHALL be generated by the WSCA described in the WUA."

This requirement does not contradict the text you quote from chapter 6.5.3.4, because that text describes an additional, and optional, feature of a WSCA/WSCD. This feature is that the WSCA/WSCD can cryptographically prove to a third party that the private keys belonging to two or more public keys (where the public key values are provided by the third party), are all stored by that WSCA. In previous versions of the ARF, such a proof was called a 'proof of association', and it is distinct from a proof of possession of a private key. In ARF 2.3, this is called a proof of cryptographic binding between attestations; see especially Topic 18.

However, to minimize the risk of confusion, in ARF 2.3 we have taken out the text you quote from the second bullet in 6.5.3.4 and positioned it as an optional, fourth purpose of the WUA. This ARF version will be published by the end of this week (July 4th).

Regarding your second comment: You are right that this is contradictory. However, the requirement you quote from Topic C is not included in ARF 2.2. In fact, all references to the use of a WUA on the presentation interface towards Relying Parties have been removed from the ARF since v2.1.