From 8c062fe8f751305d6861f3b31433ed705b99cfc9 Mon Sep 17 00:00:00 2001 From: LeoneRiello74 Date: Wed, 20 Nov 2024 15:54:01 +0100 Subject: [PATCH] update v 1.3 --- ...rfc003-issue-person-identification-data.md | 255 +----------------- 1 file changed, 7 insertions(+), 248 deletions(-) diff --git a/ewc-rfc003-issue-person-identification-data.md b/ewc-rfc003-issue-person-identification-data.md index b53d56b..2c748ab 100644 --- a/ewc-rfc003-issue-person-identification-data.md +++ b/ewc-rfc003-issue-person-identification-data.md @@ -201,253 +201,10 @@ GET https://identity-provider.gov/.well-known/oauth-authorization-server ## 3.4 Discover response -Upon resolving the well-known endpoints, the **identity provider** responds with its configuration, tailored to support PID credential issuance. The response includes details about supported credentials, endpoints for issuing and managing credentials. It also specifies the cryptographic methods and trust frameworks applicable for PID credentials, as defined by [6]: +Upon resolving the well-known endpoints, the **identity provider** responds with its configuration, tailored to support PID credential issuance. The response includes details about supported credentials, endpoints for issuing and managing credentials. It also specifies the cryptographic methods and trust frameworks applicable for PID credentials, as defined by [1]: +[https://openid.net/specs/openid-4-verifiable-credential-issuance-1_0-ID1.html#name-credential-issuer-metadata-p](https://openid.net/specs/openid-4-verifiable-credential-issuance-1_0-ID1.html#name-credential-issuer-metadata-p) -```json -{ - "credential_issuer": "https://identity-provider.gov", - "authorization_server": "https://identity-provider.gov", - "credential_endpoint": "https://identity-provider.gov/credential", - "deferred_credential_endpoint": "https://identity-provider.gov/credential_deferred", - "display": [ - { - "name": "Government Identity Provider", - "location": "Country", - "locale": "en-GB", - "cover": { - "url": "https://identity-provider.gov/cover.jpeg", - "alt_text": "Government Identity Provider" - }, - "logo": { - "url": "https://identity-provider.gov/logo.jpg", - "alt_text": "Government Identity Provider" - }, - "description": "For inquiries about how we manage your personal identification data, please contact our Data Protection Officer." - } - ], - "credentials_configuration_supported": { - "eu.europa.ec.eudi.pid_jwt_vc_json": { - "format": "vc+sd-jwt", - "scope": "eu.europa.ec.eudi.pid_jwt_vc_json", - "cryptographic_binding_methods_supported": [ - "jwk" - ], - "cryptographic_suites_supported": [ - "ES256" - ], - "display": [ - { - "name": "Personal Identification Data", - "locale": "en-GB", - "background_color": "#000000", - "text_color": "#FFFFFF" - } - ], - "vct": "eu.europa.ec.eudi.pid_jwt_vc_json", - "claims": { - "address": { - "display": [ - { - "locale": "en", - "name": "Resident street_address, country, region, locality and postal_code" - } - ], - "mandatory": false - }, - "administrative_number": { - "display": [ - { - "locale": "en", - "name": "Alpha-2 country code, representing the nationality of the PID User." - } - ], - "mandatory": false - }, - "age_in_years": { - "display": [ - { - "locale": "en", - "name": "The subject’s current age in years." - } - ], - "mandatory": false - }, - "age_over_18": { - "display": [ - { - "locale": "en", - "name": "Adult or minor" - } - ], - "mandatory": true - }, - "birth_date": { - "display": [ - { - "locale": "en", - "name": "Date of Birth" - } - ], - "mandatory": true, - "value_type": "full-date" - }, - "birth_family_name": { - "display": [ - { - "locale": "en", - "name": "Last name(s) or surname(s) of the PID User at the time of birth." - } - ], - "mandatory": false - }, - "birth_given_name": { - "display": [ - { - "locale": "en", - "name": "First name(s), including middle name(s), of the PID User at the time of birth." - } - ], - "mandatory": false - }, - "birthdate_year": { - "display": [ - { - "locale": "en", - "name": "test" - } - ], - "mandatory": false - }, - "document_number": { - "display": [ - { - "locale": "en", - "name": "Alpha-2 country code, representing the nationality of the PID User." - } - ], - "mandatory": false - }, - "expiry_date": { - "display": [ - { - "locale": "en", - "name": "Alpha-2 country code, representing the nationality of the PID User." - } - ], - "mandatory": true - }, - "family_name": { - "display": [ - { - "locale": "en", - "name": "Current Family Name" - } - ], - "mandatory": true, - "value_type": "string" - }, - "gender": { - "display": [ - { - "locale": "en", - "name": "PID User’s gender, using a value as defined in ISO/IEC 5218." - } - ], - "mandatory": false - }, - "given_name": { - "display": [ - { - "locale": "en", - "name": "Current First Names" - } - ], - "mandatory": true, - "value_type": "string" - }, - "issuance_date": { - "display": [ - { - "locale": "en", - "name": "Alpha-2 country code, representing the nationality of the PID User." - } - ], - "mandatory": true - }, - "issuing_authority": { - "display": [ - { - "locale": "en", - "name": "Alpha-2 country code, representing the nationality of the PID User." - } - ], - "mandatory": true - }, - "issuing_country": { - "display": [ - { - "locale": "en", - "name": "Alpha-2 country code, representing the nationality of the PID User." - } - ], - "mandatory": true - }, - "issuing_jurisdiction": { - "display": [ - { - "locale": "en", - "name": "Alpha-2 country code, representing the nationality of the PID User." - } - ], - "mandatory": false - }, - "nationalities": { - "display": [ - { - "locale": "en", - "name": "Array of nationalities" - } - ], - "mandatory": false - }, - "place_of_birth": { - "display": [ - { - "locale": "en", - "name": "The country, region, and locality" - } - ], - "mandatory": false - }, - "portrait": { - "display": [ - { - "locale": "en", - "name": "Alpha-2 country code, representing the nationality of the PID User." - } - ], - "mandatory": false - }, - "portrait_capture_date": { - "display": [ - { - "locale": "en", - "name": "Alpha-2 country code, representing the nationality of the PID User." - } - ], - "mandatory": false - } - }, - - } - } -} - -``` - -Once the well-known endpoint for **authorization server** configuration is resolved, the response will follow the oauth standard or openid specification - -> Currently, we retain the trust framework specified by EBSI. Subsequently, we will specify an additional RFC defining the EWC trusted issuer list. +Once the well-known endpoint for **authorization servers** configuration is resolved, the response will follow the oauth standard or openid specification ## 3.5 Authorization request @@ -637,8 +394,10 @@ Location: https://Wallet.example.org/cb?code=SplxlOBeZQQYbYS6WxSbIA ## 3.7 Token request -In this step wallet trustwothiness in verified using wallet unit attestations received within token request. Wallet provider could be validated against trust framework and the wallet instance could be verified against a version trustlist exposed by the wallet provider, if available. -> Note: The validation of wallet is based on wallet unit attestation (rif RFC004 [https://github.com/EWC-consortium/eudi-wallet-rfcs/blob/main/ewc-rfc004-individual-wallet-attestation.md]) +In this step wallet trustwothiness in verified. +The validation mechanism is delegated to RFC004, still a draft in this stage. +Wallet unit attestations received within token request will be verified; Wallet provider could be validated against trust framework and the wallet instance could be verified against a trustlist for valid and not revoked wallet versions published by the wallet provider, if available. +> Note: The validation of wallet is based on wallet unit attestation (rif RFC004 (WIP) [https://github.com/EWC-consortium/eudi-wallet-rfcs/blob/main/ewc-rfc004-individual-wallet-attestation.md]) ### 3.7.1 Authorisation code flow