-
Notifications
You must be signed in to change notification settings - Fork 21
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
EU Trusted Lists Section #303
base: versione-corrente
Are you sure you want to change the base?
EU Trusted Lists Section #303
Conversation
how a WP can trust the WI and the other way round
details about superior trust lists and the national ones
the sentence about the WI verification from WP is a requirement and has beed moved in that section.
Co-authored-by: Giuseppe De Marco <[email protected]>
replace UUID with Cryptographic Hardware Key Tag
docs/en/trust.rst
Outdated
^^^^^^^^^^^^^^^ | ||
|
||
The Wallet Providers MUST be published in a Trust List managed by the designed Federation authority. | ||
|
||
To ensure coherent and efficient management of trust lists across Europe, a structured approach has been proposed. This involves creating and governing a Superior Trust List at the European level and National Trust Lists at the member state level. The following sections provide the implementation details for each type of trust list. | ||
|
||
The **Superior Trust List** should be managed by a central entity at the European level, such as the European Commission. It will include direct references to each National Registry and each centrally managed Thematic Registry, unique for all member states. The governance is centralized under a single EU authority, authorized to add, remove, or update entries in the registry. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
this sounds more like a proposal, while the scope of this technical specification is not to share proposal but to offer clear implementation configurations and examples. Not sure about this editorial cut
here I expect to get how the trust list must be implemented, the format used and the non normative examples about requests and responses
docs/en/trust.rst
Outdated
To ensure coherent and efficient management of trust lists across Europe, a structured approach has been proposed. This involves creating and governing a Superior Trust List at the European level and National Trust Lists at the member state level. The following sections provide the implementation details for each type of trust list. | ||
|
||
The **Superior Trust List** should be managed by a central entity at the European level, such as the European Commission. It will include direct references to each National Registry and each centrally managed Thematic Registry, unique for all member states. The governance is centralized under a single EU authority, authorized to add, remove, or update entries in the registry. | ||
|
||
The **National Trust List** should be managed by a national coordinating entity, ideally the National Supervisory Body or an entity delegated by it. This entity will receive requests from accredited and authoritative entities for the respective themes they manage. The Trust List will include direct references to each National List (Thematic, Wallet, TSP, and Devices Registries) and to the Superior Trust List for each centrally managed cross-border Thematic Trust List, unique to all member states. | ||
The **National Trust List** should be managed by a national coordinating entity, ideally the National Supervisory Body or an entity delegated by it. This entity will receive requests from accredited and authoritative entities for the respective themes they manage. The Trust List will include direct references to each National List (thematic, Wallet, TSP, Devices Registries etc...) and to the Superior Trust List for each centrally managed cross-border Thematic Trust List, unique to all member states. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
should -> must
national coordinating entity is too much generic and therefore not actionable ... We need to use a clear terminology using an established role within the ecosystem. Please find it in the european regulations.
I don't like using etc...
we need to enumerate all the entities required to be published within the trusted list. When this information is not clear and neither in our possession, we may think to explain one or more open points in the form of a note.
replace NAB with Supervisory Body
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I have a couple of comments on this:
- I would remove any real reference in terms of URL or Organizations etc. from the text.
- the trust list section is something that is not currently in the scope of this technical specification at this moment. I would postpone this to a future release.
This section requires to be moved to a file dedicated to the european trusted lists |
This PR adds clarifications about how the wallet provider should check the mobile application wallet instance using the OS API, it takes parts of #303
@SaraConsoliACN this PR doesn't answer to the point raised here: #258 (comment) |
Trust List | ||
^^^^^^^^^^^^^^^ | ||
|
||
The Wallet Providers MUST be published in a Trust List managed by the designed Federation authority. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The Wallet Providers MUST be published in a Trust List managed by the designed Federation authority. | |
The Trust Chain including Wallet Provider MUST be anchored in a Trust List/Registry managed by the appointed Supervisory Body, where its Public Keys are available for validation purposes. It’s responsibility of the Supervisory Body to ensure that any Trust Chain anchored, contains exclusively certified Wallet Providers. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@peppelinux Does this review allow the closure of issue #258?
this PR aims to close #258
this answer 2 questions:
-how a WI can trust the WP
-how a WP can trust the WI