GSMA Europe
GSMA Europe
Annex 2 §A.2.3.7(VCR_14) & A.2.3.38 (WIRevocation_18): the verification of the revocation status of a PID or an attestation shall be mandatory (SHOULD is used in the requirements) at least in...
§ 5.2: “Proof mechanisms define the methods used to secure the attestations for integrity and authenticity, including for selective disclosure”. Why is selective disclosure mentioned here? The sentence meaning is...
§ 6.6.3.7 & 6.6.3.8 : We believe that device binding is not an adequate tool as it is not realistic to get a high level of certification for devices such...
§ 6.1.3: “Relying Parties may try to request attributes from a Wallet Instance for which they have lawful grounds”. We think that there is a typo. The sentence shall be...
Annex §A.2.3.34: The requirements for migration are missing. Is there a plan to detail them in a future version of the ARF?
§ 6.5.2.1: “The User verifies that the Wallet Instance (i.e., the application the User is installing) is genuine and authentic and does not contain any malware or other threats.” This...
§ 6.3.3: “For PID Providers, QEAA Providers and PuB-EAA Providers, suspension or withdrawal also implies that their trust anchors are taken off the Trusted List. As a result, Relying Parties...
Figure 2 does not allow the possibility to have peer to peer exchanges between two Wallets. It should be improved to integrate such possibility.