Wallet Instance Attestations

The Architecture Reference Framework (ARF) describes the usage of a Wallet Instance Attestation (WIA) and Wallet Trust Evidence (WTE), provided by the Wallet Provider to a Wallet Instance. The WTE describes the capabilities and properties of the Wallet Instance, and the WSCD(s). The WIA contains information allowing a PID Provider, an Attestation Provider, or a Relying Party, to verify that the Wallet Provider did not revoke the Wallet Instance Attestation.

Specific schemas have not been defined yet for the WIA or WTE in the ARF. For this reason Company Passport only requires the usage of a Wallet Instance Attestation as defined in OAuth 2.0 Attestation-Based Client Authentication (opens in a new tab).

The Wallet Instance Attestation based on OAuth 2.0 Attestation-Based Client Authentication (opens in a new tab) MUST conform to the requirements as defined in Cryptographic Algorithms, Key Management, Identifiers.

Issuance and Retrieval of a Wallet Instance Attestation

Because the Wallet Provider issues the Wallet Instance Attestation to the Wallet Instance, no specific requirements are in place for issuing a Wallet Instance Attestation to a Wallet Instance. A Wallet implementation conforming to Company Passport needs to decide how a Wallet Instance Attestation is issued to the Wallet Instance.

Presentation and Verification of a Wallet Instance Attestation

Attestation Issuance and Attestation Verification describe how a Wallet Instance Attestation can be presented during Attestation Issuance or Attestation Verification.

Ephemeral Wallet Instance Attestations

It is recommended to use ephemeral Wallet Instance Attestations for Personal Wallets to prevent linkability across Attestation Providers and Relying Parties.