SID-TRUST-05 — Relying Party Registration and Over-Request Detection
| Property | Value |
|---|---|
| Owner | platform |
| Category | technical |
| CSF Function | protect |
| Group | Trust Evaluation Controls |
Description
Detailed relying party validation beyond basic trust gating:
(1) Reject presentation requests without a relying party access certificate — user warned in understandable language. (2) Validate RP access certificate and full trust chain; terminate on validation failure with user notification. (3) Display RP identity (derived from access certificate) clearly. (4) Validate RP registration certificate if present; query the RP register if absent. Terminate on failure. (5) Compare registered vs requested attributes — if the RP requests more information than registered, display a clear warning to the user (over-request detection). (6) For intermediary/broker scenarios, verify both the intermediary access certificate and the underlying RP registration certificate.
Partially covered by SID-TRUST-03 (trust gating) for basic RP cert validation. RP registration certificate validation and over-request detection are not yet implemented. Requires integration with Member State RP registers.
Components
Source References
Framework Requirements
EUDI Security Requirements: WUP-8.2.3-Fun-02
FitCEM Wallet Instance: FIT-AU-13