HDK Feedback: Enable asynchronous remote generation of WSCD-bound keys

[sander]

Context: #282

Scope: High Level Requirements on Wallet Trust Evidence (Topic 9)

Summary: The ARF prescribes a single way to generate WSCD-bound keys in the context of PID and attestation issuance. In the context of batch issuance of one-time-use documents, other ways such as remotely derived HDKs could be desirable, for example delegated to the PID Provider or Attestation Provider. By design, these keys can meet the same security level. The approach may increase usability since the WSCA would need to authenticate the user only one, enabling issuance of multiple batches of documents. The requirements should be generalised to also enable such a method.

Detailed suggestions and rationale: HDK v0.1.0 feedback on Topic 9 regarding WTE_13, WTE_14, WTE_27.

ARF version: 1.4.0

[digeorgi]

Thank you very much for the valuable feedback.
We recognize the issues you raise and have been in contact with you in the meantime. We are looking forward to work with you and other experts to get these issues solved in the near future. Potential changes in the ARF to enable the use of HDK will however not be part yet of ARF 1.5.0.