Level of security per UC to replace configuration type

[GSMA-EIG]

Context: Configuration types are misleading and should be based on Level of Security required per use case

Issue: The configuration types as they are currently defined in the text are unclear and may cause issues from an interoperability and customer experience point of view. Configurations ought to be linked to use cases, not PIDs, especially since PIDs could be required for any wallet use case irrespective of whether or not they are high. Strict configuration set-ups as they are defined today imply in particular that multiple VCs/certificates related to the same goal/topic should be issued to the same wallet (at least one per configuration). We think it would be clearer to only specify the requirements for a flow to achieve Level High independently without resorting to configurations or types.

Proposal: We recommend removing the configuration types in the current text and replacing them by better specifying how to reach the different levels of security.

[digeorgi]

Thank you for your comment. Per your suggestion, configuration types have been removed in ARF v.1.4.0. Regarding a better specification of how to reach the different level of assurance, please refer to Chapter 7 of the ARF main document and the references therein, which outline the approach that will be taken for the security certification of Wallet Instances.