Wallet-provided nonce

[tlodderstedt]

Based on our work on an OpenID 4 VP profile for the Digital Credentials API, I believe the API would benefit from allowing Wallets to provide Verifiers with a nonce.

The challenge we see is that at least the eIDAS regulation requires the Wallet to authenticate the Verifier/RP based on a trust management, that is not the Web trust management. Articles 5a and 5b of the eIDAS regulation require the EU member states to run their own trust management infrastructure with dedicated certificates/attestations to be used for that purpose (see the OpenID 4 VP proposal for details).

That's why the OpenID 4 VP profile allows Verifiers to send signed requests through the Digital Credentials API. The fundamental challenge with this approach is that the signed request can be captured and replayed by anyone able to run a legit website in his browser. If an attacker would replay such a request through the Digital Credentials API, the wallet would provide the credential data to the attacker.

The wallet could use the calling origin as asserted by the platform. However, I see the following issues:

• the web origin is not necessarily the identifier of the RP/Verifier with the external trust management, so the Wallet might not be able to match both identifiers. Or, the Digital Credentials API would impose restrictions on the identifiers used by implementations.
• the web origin is authenticated using a different trust model - that's not the same as unauthenticated but the trust put into this mechanisms might vary, especially if talking about high assurance, government issued identify credentials.

I think we need additional countermeasures.

That challenge exists independent of the Digital Credentials API. OpenID 4 VP implementations today cope with that challenge by sending the data to an endpoint asserted in the signed request object. Additionally, we are in the process of allowing the wallet to issue a nonce that the Verifier must include in the signed request object.

I suggest to add support for a wallet provided nonce to the Digital Credentials API. This would allow the selected wallet (instance) to create a nonce and force the Verifier to add it to the signed request. Given the device/instance bound nature of that nonce, the request could not be replayed on a different device.

The alternative, I'm considering currently, is to allow for direct communication between Wallet and Verifier, so the Wallet could provide a nonce directly to the Verifier through a HTTP POST request and the Wallet could send the credential data directly to the Verifier through another HTTP POST request. This alternative would use existing OpenID 4 VP messages.

see the OpenID 4 VP profile proposal for details.