-
Notifications
You must be signed in to change notification settings - Fork 19
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Wallet Instance authentication to the Wallet Provider before the WIA issuance #109
Comments
Yes is the nonce. We have a pending discussion on this: #40 |
Partially resolved by #121 |
Authentication is guaranteed by the integrity check |
the question is: how does the wallet provider make sure that it is one of its wallet instances and not a generic compatible device for Apple/Android? actually the PR to does not make this explicit Could you give a few more words for this in your opinion, make it explicit with a box or just mention that this is a requirement (MUST) without going into detail on how this can happen? each gap could give rise to privacy problems, if possible I would say which data are intended as necessary for the authentication of the wallet instance with its provider |
Conceptually, the integrity token is a way to establish the identity of the app (on an untampered device) through an attestation obtained from the vendor side (Apple/Goole). The wallet provider verifies the token, decodes it and inside it there is, among other information, the appId. The token is signed by Google which certifies that the identity is associated with an appId. |
We'll cover it here anyway |
Duplicated |
@rohe 's
I can't find any mentioning of how the wallet identifies itself to the wallet provider. No client authentication? I guess it has something with the nonce to do.
The text was updated successfully, but these errors were encountered: