Use when working with EUDI high-level requirements for 'Wallet Unit Attestation and Wallet Instance Attestation'. Contains normative SHALL/SHOULD/MAY requirements from ARF Annex 2.
| Index | Requirement specification |
|---|---|
| WUA_01 | A WUA SHALL contain information about the storage type and certification of the WSCA/WSCD or a keystore available to the Wallet Unit, and SHALL comply with the relevant requirements in Technical Specification 3. Note: A PID Provider or Attestation Provider can use this information to take a well-grounded decision on whether to issue a PID or attestation to the Wallet Unit. |
| WUA_02 | The WUA SHALL enable PID Providers and Attestation Providers to verify the authenticity and revocation status of the Wallet Unit. |
| WUA_03 | A Wallet Provider SHALL ensure that a non-revoked Wallet Unit at all times presents a temporally valid and non-revoked WUA to a PID Provider or Attestation Provider during the issuance process of a PID or device-bound attestation. |
| WUA_04 | When issuing, presenting, or verifying a WUA, Wallet Providers, Wallet Units, PID Providers, and Attestation Providers SHALL only use cryptographic algorithms included in the ECCG Agreed Cryptographic Mechanisms v2.0. |
| WUA_05 | During issuance of a PID, the Wallet Unit SHALL provide the PID Provider with a valid WUA describing the WSCA/WSCD that generated the new PID private key. Note: A PID private key is always generated and managed by the WSCA/WSCD, which by definition complies with requirements for Level of Assurance High. |
| WUA_05a | During issuance of a device-bound attestation, a Wallet Unit SHALL retrieve the requirements of the Attestation Provider regarding key storage from the Credential Issuer metadata (see ISSU_27). The Wallet Unit SHALL determine which of its WSCA/WSCD or keystore(s), if any, comply with these requirements. If a compliant WSCA/WSCD or keystore is available to the Wallet Unit, the Wallet Unit SHALL provide the Attestation Provider with a valid WUA describing the selected WSCA/WSCD or keystore. Note: A WUA describes the properties of the WSCA/WSCD or a keystore (see WUA_01) and contains one or more public key(s) corresponding to private key(s) generated by and stored in that WSCA/WSCD or keystore (WUA_09). |
| WUA_06 | If a Wallet Unit contains a WSCA/WSCD and one or more keystores, it SHALL, internally and securely, keep track of which PID(s) and attestation(s) are bound to which WSCA/WSCD or keystore. |
| WUA_07 | A Wallet Unit SHALL present a WUA only to a PID Provider or Attestation Provider, as part of the issuance process of a PID or a key-bound attestation, and not to a Relying Party or any other entity. |
| WUA_08 | A WUA SHALL enable PID Providers to request a Wallet Provider to revoke a Wallet Unit, in accordance with requirement WURevocation_11, by including an identifier for the Wallet Unit in the WUA. The Wallet Provider SHALL ensure that this Wallet Unit identifier does not enable tracking of the User. Note: a) This is a legal requirement from [CIR 2024/2977]. See also Section 6.5.3.4 of the ARF main document. b) The Wallet Unit identifier meant here can be the same as the one used for revoking the WUA, for instance a URI and index to an Attestation Status List (see Topic 7). |
| Index | Requirement specification |
|---|---|
| WUA_09 | A WUA SHALL contain one or more public keys, and the corresponding private keys SHALL be generated by and stored in the WSCA/WSCD or the keystore described in the WUA. Note: a) By signing the WUA, the Wallet Provider attests to the fact that the private key(s) corresponding to the public key(s) in the WUA are generated by and stored in this WSCA/WSCD or keystore. This implies that the Wallet Provider has verified that this is actually the case. However, neither the ARF nor TS3 specify at which moment the WSCA/WSCD or keystore generated the private keys, or how the Wallet Provider verified that it did so. b) After receiving a WUA during the issuance process for a (batch of) PID(s) or device-bound attestation(s), a PID Provider or Attestation Provider will include each of these public keys in a PID or attestation, thereby ensuring that this PID or attestation is bound to the WSCA/WSCD or keystore described in the WUA. |
| WUA_10 | Wallet Providers SHALL ensure that the certificates they use for signing WUAs and WIAs comply with all applicable requirements in ETSI TS 119 412-6, in particular Clause 5 |
| WUA_10a | An Attestation Provider issuing non-device-bound attestations SHALL indicate in its in Credential Issuer metadata that it does not need a WUA, as specified in TS3. A Wallet Unit SHALL NOT send a WUA to an Attestation Provider when requesting a non-device-bound attestation. Note: A Wallet Unit sends a WIA to the Attestation Provider regardless of whether the attestations it issues are device-bound or not. |
| WUA_10b | A Wallet Provider SHALL ensure that the presentation of a WUA is cryptographically bound to the specific context it is intended to be used in. Note: As specified in TS3, this is achieved by letting the signed WUA itself contain a nonce provided by the PID Provider or Attestation Provider during the issuance process. Alternatively, the Wallet Unit presents the WUA along with a Proof-of-Possession consisting of a signature over that nonce, created by the private key corresponding to one of the public keys attested in the WUA. |
| WUA_11 | Empty |
| WUA_11a | During issuance of a PID or a device-bound attestation, the PID Provider or Attestation Provider SHALL verify the WUA in accordance with the requirements in OpenID4VCI Appendix F.4. Note: As explained in the note to WUA_09, if the verification of the WUA is successful, the PID Provider or Attestation Provider can trust that all public keys in the WUA are bound to the WSCD or keystore described in the WUA. |
| WUA_11b | Empty |
| WUA_12 | During issuance of a PID or a device-bound attestation, the PID Provider or Attestation Provider SHALL receive a proof that the Wallet Unit possesses the private keys corresponding to all public keys in the WUA. Note: As specified in TS3, this proof consist of the signature of the Wallet Provider over the WUA in combination with the proof mentioned in WUA_10b. |
| WUA_13 | Empty |
| WUA_14 | Empty |
| WUA_15 | Empty |
| WUA_16 | If the WSCA/WSCD is able to export a private key, the Wallet Provider SHALL specify this capability as an attribute in the WUA. |
| Index | Requirement specification |
|---|---|
| WUA_17 | A Wallet Provider SHALL consider all relevant factors, including offline usage, interoperability, and the risk of a WUA becoming a vector to track the User, when deciding on the validity period of a WUA. Note: Regarding interoperability, see ISSU_12c, which limits the validity period of PIDs issued based on the validity period of the WUA |
| WUA_18 | Empty |
| Index | Requirement specification |
|---|---|
| WUA_19 | Empty |
| WUA_20 | A Wallet Provider SHALL ensure that its Wallet Units comply with all relevant requirements specified in Technical Specification 3. |
| WUA_20a | A PID Provider or Attestation Provider SHALL comply with all relevant requirements specified in Technical Specification 3. |
| WUA_21 | Empty |
| Index | Requirement specification |
|---|---|
| WUA_22 | A Wallet Provider SHALL ensure that a non-revoked Wallet Unit at all times presents a temporally valid and non-revoked WIA to a PID Provider or Attestation Provider during the issuance process of a PID or attestation. Note: This requirement applies to both device-bound and non-device-bound attestations. |
| WUA_23 | When issuing, presenting, or verifying a WIA, Wallet Providers, Wallet Units, PID Providers, and Attestation Providers SHALL only use cryptographic algorithms included in the ECCG Agreed Cryptographic Mechanisms v2.0. |
| WUA_24 | A Wallet Unit SHALL present a WIA only to a PID Provider or Attestation Provider, as part of the issuance process of a PID or an attestation, and not to a Relying Party or any other entity. |
| WUA_25 | During issuance of a PID or attestation, the PID Provider or Attestation Provider SHALL verify the WIA in accordance with the requirements in OpenID4VCI Appendix E. Note: This requirement applies to both device-bound and non-device-bound attestations. |