Key Attestations
02-27, 09:30–10:00 (UTC), Ríma

In this talk, we look back on the recent developments around key attestations in eIDAS and OpenID4VCI and the motivation behind them. Afterwards we will discuss whether key attestations deserve their own, separate drafts for broader interoperability.


In this talk, we look back on the recent developments around key attestations in eIDAS and OpenID4VCI and the motivation behind them. Furthermore, we will investigate the lessons learned from from OpenID4VCI designs and the Attestation-Based Client Authentication draft. Afterwards we will discuss whether key attestations deserve their own, separate drafts for broader interoperability and if it's worth it to extract them from the OpenID4VCI specification. Which other use cases, existing or upcoming specifications could benefit from such interoperable key attestations? We will also present our thinking about what properties and features such an interoperable key attestation could require and hopefully spark a debate.