Skip to content

Commit

Permalink
update v 1.3
Browse files Browse the repository at this point in the history
  • Loading branch information
@LeoneRiello74 @lalc
LeoneRiello74 authored and lalc committed Nov 21, 2024
1 parent 452deec commit 8c062fe
Showing 1 changed file with 7 additions and 248 deletions.
255 changes: 7 additions & 248 deletions ewc-rfc003-issue-person-identification-data.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -201,253 +201,10 @@ GET https://identity-provider.gov/.well-known/oauth-authorization-server

## 3.4 Discover response

Upon resolving the well-known endpoints, the **identity provider** responds with its configuration, tailored to support PID credential issuance. The response includes details about supported credentials, endpoints for issuing and managing credentials. It also specifies the cryptographic methods and trust frameworks applicable for PID credentials, as defined by [6]:
Upon resolving the well-known endpoints, the **identity provider** responds with its configuration, tailored to support PID credential issuance. The response includes details about supported credentials, endpoints for issuing and managing credentials. It also specifies the cryptographic methods and trust frameworks applicable for PID credentials, as defined by [1]:
[https://openid.net/specs/openid-4-verifiable-credential-issuance-1_0-ID1.html#name-credential-issuer-metadata-p](https://openid.net/specs/openid-4-verifiable-credential-issuance-1_0-ID1.html#name-credential-issuer-metadata-p)

```json
{
"credential_issuer": "https://identity-provider.gov",
"authorization_server": "https://identity-provider.gov",
"credential_endpoint": "https://identity-provider.gov/credential",
"deferred_credential_endpoint": "https://identity-provider.gov/credential_deferred",
"display": [
{
"name": "Government Identity Provider",
"location": "Country",
"locale": "en-GB",
"cover": {
"url": "https://identity-provider.gov/cover.jpeg",
"alt_text": "Government Identity Provider"
},
"logo": {
"url": "https://identity-provider.gov/logo.jpg",
"alt_text": "Government Identity Provider"
},
"description": "For inquiries about how we manage your personal identification data, please contact our Data Protection Officer."
}
],
"credentials_configuration_supported": {
"eu.europa.ec.eudi.pid_jwt_vc_json": {
"format": "vc+sd-jwt",
"scope": "eu.europa.ec.eudi.pid_jwt_vc_json",
"cryptographic_binding_methods_supported": [
"jwk"
],
"cryptographic_suites_supported": [
"ES256"
],
"display": [
{
"name": "Personal Identification Data",
"locale": "en-GB",
"background_color": "#000000",
"text_color": "#FFFFFF"
}
],
"vct": "eu.europa.ec.eudi.pid_jwt_vc_json",
"claims": {
"address": {
"display": [
{
"locale": "en",
"name": "Resident street_address, country, region, locality and postal_code"
}
],
"mandatory": false
},
"administrative_number": {
"display": [
{
"locale": "en",
"name": "Alpha-2 country code, representing the nationality of the PID User."
}
],
"mandatory": false
},
"age_in_years": {
"display": [
{
"locale": "en",
"name": "The subject’s current age in years."
}
],
"mandatory": false
},
"age_over_18": {
"display": [
{
"locale": "en",
"name": "Adult or minor"
}
],
"mandatory": true
},
"birth_date": {
"display": [
{
"locale": "en",
"name": "Date of Birth"
}
],
"mandatory": true,
"value_type": "full-date"
},
"birth_family_name": {
"display": [
{
"locale": "en",
"name": "Last name(s) or surname(s) of the PID User at the time of birth."
}
],
"mandatory": false
},
"birth_given_name": {
"display": [
{
"locale": "en",
"name": "First name(s), including middle name(s), of the PID User at the time of birth."
}
],
"mandatory": false
},
"birthdate_year": {
"display": [
{
"locale": "en",
"name": "test"
}
],
"mandatory": false
},
"document_number": {
"display": [
{
"locale": "en",
"name": "Alpha-2 country code, representing the nationality of the PID User."
}
],
"mandatory": false
},
"expiry_date": {
"display": [
{
"locale": "en",
"name": "Alpha-2 country code, representing the nationality of the PID User."
}
],
"mandatory": true
},
"family_name": {
"display": [
{
"locale": "en",
"name": "Current Family Name"
}
],
"mandatory": true,
"value_type": "string"
},
"gender": {
"display": [
{
"locale": "en",
"name": "PID User’s gender, using a value as defined in ISO/IEC 5218."
}
],
"mandatory": false
},
"given_name": {
"display": [
{
"locale": "en",
"name": "Current First Names"
}
],
"mandatory": true,
"value_type": "string"
},
"issuance_date": {
"display": [
{
"locale": "en",
"name": "Alpha-2 country code, representing the nationality of the PID User."
}
],
"mandatory": true
},
"issuing_authority": {
"display": [
{
"locale": "en",
"name": "Alpha-2 country code, representing the nationality of the PID User."
}
],
"mandatory": true
},
"issuing_country": {
"display": [
{
"locale": "en",
"name": "Alpha-2 country code, representing the nationality of the PID User."
}
],
"mandatory": true
},
"issuing_jurisdiction": {
"display": [
{
"locale": "en",
"name": "Alpha-2 country code, representing the nationality of the PID User."
}
],
"mandatory": false
},
"nationalities": {
"display": [
{
"locale": "en",
"name": "Array of nationalities"
}
],
"mandatory": false
},
"place_of_birth": {
"display": [
{
"locale": "en",
"name": "The country, region, and locality"
}
],
"mandatory": false
},
"portrait": {
"display": [
{
"locale": "en",
"name": "Alpha-2 country code, representing the nationality of the PID User."
}
],
"mandatory": false
},
"portrait_capture_date": {
"display": [
{
"locale": "en",
"name": "Alpha-2 country code, representing the nationality of the PID User."
}
],
"mandatory": false
}
},

}
}
}

```

Once the well-known endpoint for **authorization server** configuration is resolved, the response will follow the oauth standard or openid specification

> Currently, we retain the trust framework specified by EBSI. Subsequently, we will specify an additional RFC defining the EWC trusted issuer list.
Once the well-known endpoint for **authorization servers** configuration is resolved, the response will follow the oauth standard or openid specification

## 3.5 Authorization request

Expand Down Expand Up @@ -637,8 +394,10 @@ Location: https://Wallet.example.org/cb?code=SplxlOBeZQQYbYS6WxSbIA
## 3.7 Token request

In this step wallet trustwothiness in verified using wallet unit attestations received within token request. Wallet provider could be validated against trust framework and the wallet instance could be verified against a version trustlist exposed by the wallet provider, if available.
> Note: The validation of wallet is based on wallet unit attestation (rif RFC004 [https://github.com/EWC-consortium/eudi-wallet-rfcs/blob/main/ewc-rfc004-individual-wallet-attestation.md])
In this step wallet trustwothiness in verified.
The validation mechanism is delegated to RFC004, still a draft in this stage.
Wallet unit attestations received within token request will be verified; Wallet provider could be validated against trust framework and the wallet instance could be verified against a trustlist for valid and not revoked wallet versions published by the wallet provider, if available.
> Note: The validation of wallet is based on wallet unit attestation (rif RFC004 (WIP) [https://github.com/EWC-consortium/eudi-wallet-rfcs/blob/main/ewc-rfc004-individual-wallet-attestation.md])
### 3.7.1 Authorisation code flow

Expand Down

0 comments on commit 8c062fe

Please sign in to comment.