Using the iOS app as eID client to login into web app ("device switch")

Problem

Login using eID via Web browser on devices without an NFC reader is pain.

Goal

When logging in into the web app, we want to use the iOS app as an eID client.

ACs

• What are the concrete, measurable conditions to fulfill?

Notes/ resources

• ZaPuK
  • Device Switch for eID and future privacy requirements for the Wallet were considered in ADR-0014: Authentizität: Identität von Privatpersonen
• FIDO
  • https://www.goodsignin.com/blog/what-does-cable-have-to-do-with-passkeys (this is a good primer on what DigitalService has done, specifically with respects to phishing resistance / proximity)
• DigitalService Webauthn experiments
  • Video
  • Problem Statement for Multi-Device / Device Switch with eID (best to read this before the research document, the FIDO caBLE Blog post is also a good primer): https://github.com/digitalservicebund/useid-architecture/blob/main/research/device-switch/problem-statement.md
  • https://github.com/digitalservicebund/useid-architecture/blob/main/research%2Fdevice-switch%2Fevaluation-of-approaches.md#webauthn
• W3C
  • Currently quite oriented around Wallet concepts. The main difference to eID is that the actual presenting of the credential is meant to be non interactive in the wallet use case.
  • https://www.w3.org/TR/digital-credentials/
  • W3C-Explainer: Threat Model - Presenting Credentials on the Web
• Google
  • https://blog.google/technology/safety-security/opening-up-zero-knowledge-proof-technology-to-promote-privacy-in-age-assurance/
• Requirements uIDs: OZG_1; OZG_2; OZG_18; ZaPuK_57; ZaPuK_142

Who needs to be involved / informed

• reviewers:
• involved:
• informed: