Question: Enterprise Wallet

[jdsika]

Can I enforce through a configuration on the iphone that the installed altme wallet from the app store is only usable/configurable with a dedicated enterprise wallet configuration?

[ThierryThevenet]

@hawkbee1

[hawkbee1]

I'm not certain I understand @jdsika . You speak about a configuration before the user install the app ?
Why on iphone only ?

Once the user get his enterprise configuration he can't remove it without a reset of the wallet.

A configuration beforehand could be done through the installation link. We thought about such configuration some years ago but it was implying to much data given to apple and google, more than we wanted.

[jdsika]

We only use iPhones at BMW - I just wanted to narrow down the scope to reduce complexity.

What you say is that I should block the installation via the official Apple store and use the BMW internal app store using the individual installation link that is provided?

[jdsika]

tagging @HugoNDO as well.

Assume the following sceanario:
Altme provides a wide variety of features and supported networks. Only a few of the features and networks are allowed to be used at a specific company. E.g. only Ethereum, no Defi, specific jwt vc protocol version

The IT is responsible to check the security of the application itself and its safe usage by the employees. The IT department will ask for:

• terms of service
• licenses
• documentation
• audit reports
• origin of company, etc
• process definitions of how the app is installed and used

The IT department now asks:
How can you ensure that this application is ONLY used in the above specified limited scope?

The answer could be:
I document the limited scope and the user is responsible to do it right. (weak)
I document the scope and the application is always installed with those restrictions in place (strong)

I am trying to figure out how you intended to solve this issue/question in order.

Best regards
Carlo

[hawkbee1]

We only use iPhones at BMW - I just wanted to narrow down the scope to reduce complexity.

What you say is that I should block the installation via the official Apple store and use the BMW internal app store using the individual installation link that is provided?

I was speaking of deferred deep linking. (https://www.optimove.com/resources/learning-center/deferred-deep-linking)

BMW has an internal app store? You mean they have the enterprise program? (https://developer.apple.com/programs/enterprise/)
In this case the best would be, probably, to add a custom Altme in the internal appstore. Doing such you gain:

• Best ease of installation
• A better control of the scope of the app
• BMW can decide when the app is updated

[ThierryThevenet]

There is another topic to consider.

When the wallet is configured, the wallet receives a wallet instance attestation (VC as jwt) signed by the wallet provider. This wallet attestation is used in many ecosystems liked EUDI/ARF and Gaia-X is also thinking to use it.
This wallet instance attestation is a mean to prove to your issuers and verifiers that the wallet is not fraudulent.
So if your own issuers and verifiers request this wallet instance attestation they can check that the user wallet has been configured correctly for your own company. And so you can limit your own services to the wallets which have been configured for your company.
Here is an example of the use of the wallet attestation in the openid for VCI protocol (issuer side) https://openid.net/specs/openid4vc-high-assurance-interoperability-profile-sd-jwt-vc-1_0.html#name-wallet-attestation-schema
Verifier side the wallet attestation can be requested to the wallet as any standard VC.

[jdsika]

I see the process documentation now on https://talao.io ! That seems well described inclsuing the features.

I realiazed that there is something broken with the layout on the login page:

Could you start the customization process for asc(s with @jtdemer so I can get an example for the customization like for the asc(s members?