diff --git a/docs/en/pid-eaa-data-model.rst b/docs/en/pid-eaa-data-model.rst index ae1f4f76e..83f3b3866 100644 --- a/docs/en/pid-eaa-data-model.rst +++ b/docs/en/pid-eaa-data-model.rst @@ -15,8 +15,6 @@ The User attributes provided within the Italian PID are the ones listed below: - Unique Identifier - Taxpayer identification number -The Italian digital Credentials, like the PID and the (Q)EAA, contains additional claims and according to the `OpenID Identity Assurance Profile [OIDC.IDA] `_, these carries the national trust framework and the identity proofing procedures underlying the issuance. In particular, these carries some relevant information about the Authentic Sources of the subject's attributes. - The (Q)EAAs are issued by (Q)EAA Issuers to a Wallet Instance and MUST be provided in SD-JWT-VC or MDOC-CBOR data format. The PID/(Q)EAA data format and the mechanism through which a digital credential is issued to the Wallet Instance and presented to a Relying Party are described in the following sections. @@ -24,7 +22,7 @@ The PID/(Q)EAA data format and the mechanism through which a digital credential SD-JWT ====== -The PID/(Q)EAA is issued in the form of a digital credential. The digital credential format is `Selective Disclosure JWT format `_ as specified in `[draft-terbu-sd-jwt-vc-latest] `__. +The PID/(Q)EAA is issued in the form of a Digital Credential. The Digital Credential format is `Selective Disclosure JWT format `_ as specified in `[SD-JWT-based Verifiable Credentials 02] `__. An SD-JWT is a JWT that MUST be signed using the Issuer's private key. The SD-JWT payload of the MUST contain the **_sd_alg** claim described in `[SD-JWT]. Section 5.1.2. `_ and other claims specified in this section, some of them may be selectively disclosable claims. @@ -44,10 +42,10 @@ The Disclosures are sent to the Holder together with the SD-JWT in the *Combined ~~~...~ -See `[draft-terbu-sd-jwt-vc-latest] `_ and `[SD-JWT] `__ for more details. +See `[SD-JWT VC] `_ and `[SD-JWT] `__ for more details. -PID/(Q)EAA SD-JWT parameters +PID/(Q)EAA SD-JWT parameters: ---------------------------- The JOSE header contains the following mandatory parameters: @@ -89,9 +87,6 @@ The following claims MUST be in the JWT payload. Some of these claims can be dis * - **sub** - [NSD].Thumbprint of the JWK in the ``cnf`` parameter. - `[RFC7519, Section 4.1.2] `_. - * - **jti** - - [NSD].Unique Token ID identifier of this JWT. It SHOULD be a String in *uuid4* format. - - `[RFC7519, Section 4.1.7] `_. * - **iat** - [SD].UNIX Timestamp with the time of JWT issuance, coded as NumericDate as indicated in :rfc:`7519`. - `[RFC7519, Section 4.1.6] `_. @@ -99,80 +94,22 @@ The following claims MUST be in the JWT payload. Some of these claims can be dis - [NSD].UNIX Timestamp with the expiry time of the JWT, coded as NumericDate as indicated in :rfc:`7519`. - `[RFC7519, Section 4.1.4] `_. * - **status** - - [NSD].HTTPS URL where the credential validity status is available. - - `[SD-JWT-VC. Section 4.2.2.2] `_. + - [NSD].it MUST be a valid JSON object containing the information on how to read the status of the Verifiable Credential. It MUST contain the JSON member *status_attestation* set to a JSON Object containing the *credential_hash_alg* claim indicating the Algorithm used for hashing the Digital Credential to which the Status Attestation is bound. It is RECOMMENDED to use *sha-256*. + - `[SD-JWT-VC. Section 3.2.2.2] `_ and `[OAuth Status Attestations Draft 01] `_. * - **cnf** - [NSD].JSON object containing the proof-of-possession key materials. By including a **cnf** (confirmation) claim in a JWT, the issuer of the JWT declares that the Holder is in control of the private key related to the public one defined in the **cnf** parameter. The recipient MUST cryptographically verify that the Holder is in control of that key. - - `[RFC7800, Section 3.1] `_. + - `[RFC7800, Section 3.1] `_ and `[SD-JWT-VC. Section 3.2.2.2] `_. * - **vct** - [NSD].Credential type as a string, MUST be set in accordance to the type obtained from the PID/(Q)EAA Issuer metadata. For example, in the case of the PID, it MUST be set to ``PersonIdentificationData``. - - `[draft-terbu-sd-jwt-vc-latest. Section Type Claim] `__. - * - **verified_claims** - - [NSD].JSON object containing the following sub-elements: - - - **verification**; - - **claims**. - - `[OIDC.IDA. Section 5] `_. - -.. _sec-pid-eaa-verification-field: - -PID/(Q)EAA Verification field ------------------------------ - -The ``verification`` claim contains the information regarding the trust framework used by the PID/(Q)EAA Issuer to provide the User attributes (claims). - -The ``verification`` claim is a JSON structure with all the following mandatory sub-claims. - -.. list-table:: - :widths: 20 60 20 - :header-rows: 1 - - * - **Claim** - - **Description** - - **Reference** - * - **trust_framework** - - [NSD]. It MUST be set to ``eidas``. - - `[OID.IDA. Section 5.1] `_ - * - **assurance_level** - - [NSD]. MUST be set according to the LoA required. For PID credential it MUST be set to ``high``. - - `[OID.IDA. Section 5.1] `_ - * - **evidence** - - [SD]. JSON Array. Each element is the electronic evidence of the User identification during the PID issuance or, in the case of (Q)EAA, with this evidence the Authentic Source assures the authenticity of the data conveyed in the (Q)EAA. It MUST contain at least the following claims: - - - **type**: MUST be set to ``electronic_record`` - - **record**: JSON object (see the table below) - - `[OID.IDA. Section 5.1] `_ - - -The ``record`` MUST have at least the following sub parameters: + - `[SD-JWT-VC. Section 3.2.2.2] `_. -.. list-table:: - :widths: 20 60 20 - :header-rows: 1 - - * - **Claim** - - **Description** - - **Reference** - * - **type** - - It uniquely identifies the trust framework used for the provisioning of the credential. For example, in case of PID, the value ``https://eudi.wallet.cie.gov.it`` means that the CIE id identification scheme is used. - - `[OID.IDA. Section 5.1.1.2] `_ - * - **source** - - JSON Object cointaining the following mandatory claims: - - - **organization_name**: Name of the Organization acting as Authentic Source. - - **organization_id**: Identification code for the Organization. For public Organization, it MUST be set to the *IPA Code*, following the URN namespace ``urn:eudi:it:organization_id:ipa_code:``. - - **country_code**: String representing country in `[ISO3166-1] Alpha-2 (e.g., IT) or [ISO3166-3] syntax `_. - - `[OID.IDA. Section 5.1.1.2] `_ - -.. warning:: - Note that the sub-claims of the **evidence** parameter are not selectively disclosable separately, thus, for example, the User cannot give only the *record type* without the disclosure of the *record source* value (organization name, identifier and country). -.. _sec-pid-user-claims: +.. _sec-pid-user-claims: -PID Claims field ----------------- +PID Claims +---------- -The ``claims`` parameter contains the User attributes with the following mandatory fields: +Depending on the Digital Credential type **vct**, additional claims data MAY be added. The PID MUST support the following data: .. list-table:: :widths: 20 60 20 @@ -198,8 +135,7 @@ The ``claims`` parameter contains the User attributes with the following mandato - - -PID Non-normative Examples +PID Non-Normative Examples -------------------------- In the following, the non-normative example of a PID in JSON format. @@ -209,38 +145,18 @@ In the following, the non-normative example of a PID in JSON format. { "iss": "https://issuer.example.org", "sub": "NzbLsXh8uDCcd7noWXFZAfHkxZsRGC9Xs", - "jti": "urn:uuid:6c5c0a49-b589-431d-bae7-219122a9ec2c", "iat": 1683000000, "exp": 1883000000, - "status": "https://pidprovider.example.org/status", - "vct": "PersonIdentificationData", - "verified_claims": { - "verification": { - "trust_framework": "eidas", - "assurance_level": "high", - "evidence": [ - { - "type": "electronic_record", - "record": { - "type": "https://eudi.wallet.cie.gov.it", - "source": { - "organization_name": "Ministero dell'Interno", - "organization_id": - "urn:eudi:it:organization_id:ipa_code:m_it", - "country_code": "IT" - } - } - } - ] + "status": { + "status_attestation": { + "credential_hash_alg": "sha-256" }, - "claims": { - "unique_id": "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx", - "given_name": "Mario", - "family_name": "Rossi", - "birth_date": "1980-01-10", - "tax_id_code": "TINIT-XXXXXXXXXXXXXXXX" - } - } + "vct": "PersonIdentificationData", + "unique_id": "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx", + "given_name": "Mario", + "family_name": "Rossi", + "birth_date": "1980-01-10", + "tax_id_code": "TINIT-XXXXXXXXXXXXXXXX" } The corresponding SD-JWT verson for PID is given by @@ -249,7 +165,7 @@ The corresponding SD-JWT verson for PID is given by { "typ":"vc+sd-jwt", - "alg":"RS512", + "alg":"ES256", "kid":"dB67gL7ck3TFiIAf7N6_7SHvqk0MDYMEQcoGGlkUAAw", "trust_chain" : [ "NEhRdERpYnlHY3M5WldWTWZ2aUhm ...", @@ -262,32 +178,22 @@ The corresponding SD-JWT verson for PID is given by { "_sd": [ - "7WG4nT6K26_R3975zcwnVwgoHA7b988_3-vJzbZf6Yc" + "7WG4nT6K26_R3975zcwnVwgoHA7b988_3-vJzbZf6Yc", + "NOxVzjUJg667iBdeDwmr6tZ46X-jchKwIVxMAfv43yc", + "TK2RguPYoXzCx0vv5hbN9u5M2mHlWBt41qGWlLXCNu8", + "UHChpGtNF2bj1FvAfBby1rnf7WXkxelFJ5a4vSj2FO4", + "q6Tqnxau97tu-MqUDg0fSAmLGZdSuMUMk6a2s3bcsC0", + "wyfxVqq9BosPT7tN4SHOI4E48P19aVA1ktW5Zf0E-fc" ], - "iss": "https://issuer.example.org", "exp": 1883000000, + "iss": "https://pidprovider.example.org", "sub": "NzbLsXh8uDCcd7noWXFZAfHkxZsRGC9Xs", - "jti": "urn:uuid:6c5c0a49-b589-431d-bae7-219122a9ec2c", - "status": "https://pidprovider.example.org/status", - "vct": "PersonIdentificationData", - "verified_claims": { - "verification": { - "_sd": [ - "gd8gRxKT1hg8ptnvR5fPGhae0VXllDblsiJT9adxiS8" - ], - "trust_framework": "eidas", - "assurance_level": "high" - }, - "claims": { - "_sd": [ - "4g9lBt38U1EeTA1zlvvGfFgPPcoe3zmbQ_zSRDgHQaE", - "EYgzJ1hTYWJjhBK2V3b8HV3e_fEf-Udffc5ymY77WtQ", - "IcYHQydT_C3U1IqaJlFicxLlaHTHvElyFZ6Jxia27qQ", - "KxIG8rWXmtR884xTV7eXuHICfPYPw6gFvfr07v-d5oc", - "lXgxEDAuPeUvmkcNGr9FZuqodwFqUT01gJj7xd4yEPA" - ] + "status": { + "status_attestation": { + "credential_hash_alg": "sha-256" } }, + "vct": "PersonIdentificationData", "_sd_alg": "sha-256", "cnf": { "jwk": { @@ -308,74 +214,46 @@ In the following the disclosure list is given ``WyI1N212eWNUaDV5WkNyS0xaNXhuZlV3IiwgImlhdCIsIDE2ODMwMDAwMDBd`` - Contents: ``["57mvycTh5yZCrKLZ5xnfUw", "iat", 1683000000]`` -**Claim** ``source``: - -- SHA-256 Hash: ``ZMHbFH9SeT9CZQaOMVrXDMGWIouzXRKspKp9fDhvJ3I`` -- Disclosure: - ``WyJrdWNyQm1sb19oTWFJRkY1ODVSemFRIiwgInNvdXJjZSIsIHsib3JnYW5p`` - ``emF0aW9uX25hbWUiOiAiTWluaXN0ZXJvIGRlbGwnSW50ZXJubyIsICJvcmdh`` - ``bml6YXRpb25faWQiOiAidXJuOmV1ZGk6aXQ6b3JnYW5pemF0aW9uX2lkOmlw`` - ``YV9jb2RlOm1faXQiLCAiY291bnRyeV9jb2RlIjogIklUIn1d`` -- Contents: - ``["kucrBmlo_hMaIFF585RzaQ", "source", {"organization_name":`` - ``"Ministero dell'Interno", "organization_id":`` - ``"urn:eudi:it:organization_id:ipa_code:m_it", "country_code":`` - ``"IT"}]`` - -**Claim** ``evidence``: - -- SHA-256 Hash: ``gd8gRxKT1hg8ptnvR5fPGhae0VXllDblsiJT9adxiS8`` -- Disclosure: - ``WyJOVE5Sb09pdVZWUnRGNkNFenRkOVp3IiwgImV2aWRlbmNlIiwgW3sidHlw`` - ``ZSI6ICJlbGVjdHJvbmljX3JlY29yZCIsICJyZWNvcmQiOiB7Il9zZCI6IFsi`` - ``Wk1IYkZIOVNlVDlDWlFhT01WclhETUdXSW91elhSS3NwS3A5ZkRodkozSSJd`` - ``LCAidHlwZSI6ICJodHRwczovL2V1ZGkud2FsbGV0LmNpZS5nb3YuaXQifX1d`` - ``XQ`` -- Contents: ``["NTNRoOiuVVRtF6CEztd9Zw", "evidence", [{"type":`` - ``"electronic_record", "record": {"_sd":`` - ``["ZMHbFH9SeT9CZQaOMVrXDMGWIouzXRKspKp9fDhvJ3I"], "type":`` - ``"https://eudi.wallet.cie.gov.it"}}]]`` - **Claim** ``unique_id``: -- SHA-256 Hash: ``4g9lBt38U1EeTA1zlvvGfFgPPcoe3zmbQ_zSRDgHQaE`` +- SHA-256 Hash: ``NOxVzjUJg667iBdeDwmr6tZ46X-jchKwIVxMAfv43yc`` - Disclosure: - ``WyJGRFNTUGdnekdCVXdRTEhEU0U2d1FRIiwgInVuaXF1ZV9pZCIsICJ4eHh4`` + ``WyJrdWNyQm1sb19oTWFJRkY1ODVSemFRIiwgInVuaXF1ZV9pZCIsICJ4eHh4`` ``eHh4eC14eHh4LXh4eHgteHh4eC14eHh4eHh4eHh4eHgiXQ`` -- Contents: ``["FDSSPggzGBUwQLHDSE6wQQ", "unique_id",`` +- Contents: ``["kucrBmlo_hMaIFF585RzaQ", "unique_id",`` ``"xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx"]`` **Claim** ``given_name``: -- SHA-256 Hash: ``lXgxEDAuPeUvmkcNGr9FZuqodwFqUT01gJj7xd4yEPA`` +- SHA-256 Hash: ``wyfxVqq9BosPT7tN4SHOI4E48P19aVA1ktW5Zf0E-fc`` - Disclosure: - ``WyJLWjhlNXdWRXREdmIxemlTUEE0RHpBIiwgImdpdmVuX25hbWUiLCAiTWFy`` + ``WyJOVE5Sb09pdVZWUnRGNkNFenRkOVp3IiwgImdpdmVuX25hbWUiLCAiTWFy`` ``aW8iXQ`` -- Contents: ``["KZ8e5wVEtDvb1ziSPA4DzA", "given_name", "Mario"]`` +- Contents: ``["NTNRoOiuVVRtF6CEztd9Zw", "given_name", "Mario"]`` **Claim** ``family_name``: -- SHA-256 Hash: ``IcYHQydT_C3U1IqaJlFicxLlaHTHvElyFZ6Jxia27qQ`` +- SHA-256 Hash: ``UHChpGtNF2bj1FvAfBby1rnf7WXkxelFJ5a4vSj2FO4`` - Disclosure: - ``WyJwWjVNUnlPeHBWV1p1SExvSi15alJnIiwgImZhbWlseV9uYW1lIiwgIlJv`` + ``WyJGRFNTUGdnekdCVXdRTEhEU0U2d1FRIiwgImZhbWlseV9uYW1lIiwgIlJv`` ``c3NpIl0`` -- Contents: ``["pZ5MRyOxpVWZuHLoJ-yjRg", "family_name", "Rossi"]`` +- Contents: ``["FDSSPggzGBUwQLHDSE6wQQ", "family_name", "Rossi"]`` **Claim** ``birth_date``: -- SHA-256 Hash: ``EYgzJ1hTYWJjhBK2V3b8HV3e_fEf-Udffc5ymY77WtQ`` +- SHA-256 Hash: ``TK2RguPYoXzCx0vv5hbN9u5M2mHlWBt41qGWlLXCNu8`` - Disclosure: - ``WyJqdFZ1S0NwbjdiVGNIckFnX3NlVWJRIiwgImJpcnRoX2RhdGUiLCAiMTk4`` + ``WyJLWjhlNXdWRXREdmIxemlTUEE0RHpBIiwgImJpcnRoX2RhdGUiLCAiMTk4`` ``MC0wMS0xMCJd`` -- Contents: ``["jtVuKCpn7bTcHrAg_seUbQ", "birth_date", "1980-01-10"]`` +- Contents: ``["KZ8e5wVEtDvb1ziSPA4DzA", "birth_date", "1980-01-10"]`` **Claim** ``tax_id_code``: -- SHA-256 Hash: ``KxIG8rWXmtR884xTV7eXuHICfPYPw6gFvfr07v-d5oc`` +- SHA-256 Hash: ``q6Tqnxau97tu-MqUDg0fSAmLGZdSuMUMk6a2s3bcsC0`` - Disclosure: - ``WyI0a3NBejZiTVVLeTZadk4xaDhIRHVRIiwgInRheF9pZF9jb2RlIiwgIlRJ`` + ``WyJwWjVNUnlPeHBWV1p1SExvSi15alJnIiwgInRheF9pZF9jb2RlIiwgIlRJ`` ``TklULVhYWFhYWFhYWFhYWFhYWFgiXQ`` -- Contents: ``["4ksAz6bMUKy6ZvN1h8HDuQ", "tax_id_code",`` +- Contents: ``["pZ5MRyOxpVWZuHLoJ-yjRg", "tax_id_code",`` ``"TINIT-XXXXXXXXXXXXXXXX"]`` @@ -385,41 +263,30 @@ The combined format for the PID issuance is given by .. code-block:: eyJhbGciOiAiRVMyNTYiLCAidHlwIjogImV4YW1wbGUrc2Qtand0In0.eyJfc2QiOiBb - IjdXRzRuVDZLMjZfUjM5NzV6Y3duVndnb0hBN2I5ODhfMy12SnpiWmY2WWMiXSwgImlz - cyI6ICJodHRwczovL3BpZHByb3ZpZGVyLmV4YW1wbGUub3JnIiwgImV4cCI6IDE4ODMw - MDAwMDAsICJzdWIiOiAiTnpiTHNYaDh1RENjZDdub1dYRlpBZkhreFpzUkdDOVhzIiwg - Imp0aSI6ICJ1cm46dXVpZDo2YzVjMGE0OS1iNTg5LTQzMWQtYmFlNy0yMTkxMjJhOWVj - MmMiLCAic3RhdHVzIjogImh0dHBzOi8vcGlkcHJvdmlkZXIuZXhhbXBsZS5vcmcvc3Rh - dHVzIiwgInZjdCI6ICJQaWRJZGVudGlmaWNhdGlvbkRhdGEiLCAidmVyaWZpZWRfY2xh - aW1zIjogeyJ2ZXJpZmljYXRpb24iOiB7Il9zZCI6IFsiZ2Q4Z1J4S1QxaGc4cHRudlI1 - ZlBHaGFlMFZYbGxEYmxzaUpUOWFkeGlTOCJdLCAidHJ1c3RfZnJhbWV3b3JrIjogImVp - ZGFzIiwgImFzc3VyYW5jZV9sZXZlbCI6ICJoaWdoIn0sICJjbGFpbXMiOiB7Il9zZCI6 - IFsiNGc5bEJ0MzhVMUVlVEExemx2dkdmRmdQUGNvZTN6bWJRX3pTUkRnSFFhRSIsICJF - WWd6SjFoVFlXSmpoQksyVjNiOEhWM2VfZkVmLVVkZmZjNXltWTc3V3RRIiwgIkljWUhR - eWRUX0MzVTFJcWFKbEZpY3hMbGFIVEh2RWx5Rlo2SnhpYTI3cVEiLCAiS3hJRzhyV1ht - dFI4ODR4VFY3ZVh1SElDZlBZUHc2Z0Z2ZnIwN3YtZDVvYyIsICJsWGd4RURBdVBlVXZt - a2NOR3I5Rlp1cW9kd0ZxVVQwMWdKajd4ZDR5RVBBIl19fSwgIl9zZF9hbGciOiAic2hh - LTI1NiIsICJjbmYiOiB7Imp3ayI6IHsia3R5IjogIkVDIiwgImNydiI6ICJQLTI1NiIs - ICJ4IjogIlRDQUVSMTladnUzT0hGNGo0VzR2ZlNWb0hJUDFJTGlsRGxzN3ZDZUdlbWMi - LCAieSI6ICJaeGppV1diWk1RR0hWV0tWUTRoYlNJaXJzVmZ1ZWNDRTZ0NGpUOUYySFpR - In19fQ.1xdAqLpgMM0bBDQrYv0thRwtgRikZq75JJVhGyfWAsu8SopmhumzsTA4ohJKC - le1MV3UB6DYMFkEnoal8R1Yrw~WyI1N212eWNUaDV5WkNyS0xaNXhuZlV3IiwgImlhdC - IsIDE2ODMwMDAwMDBd~WyJrdWNyQm1sb19oTWFJRkY1ODVSemFRIiwgInNvdXJjZSIsI - Hsib3JnYW5pemF0aW9uX25hbWUiOiAiTWluaXN0ZXJvIGRlbGwnSW50ZXJubyIsICJvc - mdhbml6YXRpb25faWQiOiAidXJuOmV1ZGk6aXQ6b3JnYW5pemF0aW9uX2lkOmlwYV9jb - 2RlOm1faXQiLCAiY291bnRyeV9jb2RlIjogIklUIn1d~WyJOVE5Sb09pdVZWUnRGNkNF - enRkOVp3IiwgImV2aWRlbmNlIiwgW3sidHlwZSI6ICJlbGVjdHJvbmljX3JlY29yZCIs - ICJyZWNvcmQiOiB7Il9zZCI6IFsiWk1IYkZIOVNlVDlDWlFhT01WclhETUdXSW91elhS - S3NwS3A5ZkRodkozSSJdLCAidHlwZSI6ICJodHRwczovL2V1ZGkud2FsbGV0LmNpZS5n - b3YuaXQifX1dXQ~WyJGRFNTUGdnekdCVXdRTEhEU0U2d1FRIiwgInVuaXF1ZV9pZCIsI - CJ4eHh4eHh4eC14eHh4LXh4eHgteHh4eC14eHh4eHh4eHh4eHgiXQ~WyJLWjhlNXdWRX - REdmIxemlTUEE0RHpBIiwgImdpdmVuX25hbWUiLCAiTWFyaW8iXQ~WyJwWjVNUnlPeHB - WV1p1SExvSi15alJnIiwgImZhbWlseV9uYW1lIiwgIlJvc3NpIl0~WyJqdFZ1S0Nwbjd - iVGNIckFnX3NlVWJRIiwgImJpcnRoX2RhdGUiLCAiMTk4MC0wMS0xMCJd~WyJXRGtkNk - pzTmhERnZMUDRzMWhRZHlBIiwgInRheF9pZF9jb2RlIiwgIlRJTklULVhYWFhYWFhYWF - hYWFhYWFgiXQ~ - -(Q)EAA Non-normative examples + IjdXRzRuVDZLMjZfUjM5NzV6Y3duVndnb0hBN2I5ODhfMy12SnpiWmY2WWMiLCAiTk94 + VnpqVUpnNjY3aUJkZUR3bXI2dFo0NlgtamNoS3dJVnhNQWZ2NDN5YyIsICJUSzJSZ3VQ + WW9YekN4MHZ2NWhiTjl1NU0ybUhsV0J0NDFxR1dsTFhDTnU4IiwgIlVIQ2hwR3RORjJi + ajFGdkFmQmJ5MXJuZjdXWGt4ZWxGSjVhNHZTajJGTzQiLCAicTZUcW54YXU5N3R1LU1x + VURnMGZTQW1MR1pkU3VNVU1rNmEyczNiY3NDMCIsICJ3eWZ4VnFxOUJvc1BUN3RONFNI + T0k0RTQ4UDE5YVZBMWt0VzVaZjBFLWZjIl0sICJleHAiOiAxODgzMDAwMDAwLCAiaXNz + IjogImh0dHBzOi8vcGlkcHJvdmlkZXIuZXhhbXBsZS5vcmciLCAic3ViIjogIk56Ykxz + WGg4dURDY2Q3bm9XWEZaQWZIa3hac1JHQzlYcyIsICJzdGF0dXMiOiB7InN0YXR1c19h + dHRlc3RhdGlvbiI6IHsiY3JlZGVudGlhbF9oYXNoX2FsZyI6ICJzaGEtMjU2In19LCAi + dmN0IjogIlBlcnNvbklkZW50aWZpY2F0aW9uRGF0YSIsICJfc2RfYWxnIjogInNoYS0y + NTYiLCAiY25mIjogeyJqd2siOiB7Imt0eSI6ICJFQyIsICJjcnYiOiAiUC0yNTYiLCAi + eCI6ICJUQ0FFUjE5WnZ1M09IRjRqNFc0dmZTVm9ISVAxSUxpbERsczd2Q2VHZW1jIiwg + InkiOiAiWnhqaVdXYlpNUUdIVldLVlE0aGJTSWlyc1ZmdWVjQ0U2dDRqVDlGMkhaUSJ9 + fX0.A36ovweqpCpPkYHX75dg-HIib7zQKlfmMCaixlpOCmEl1CxlX-NtZbFn_kdN0nlJ + YMLay4xSeetmic_ScLTxdg~WyI1N212eWNUaDV5WkNyS0xaNXhuZlV3IiwgImlhdCIsI + DE2ODMwMDAwMDBd~WyJrdWNyQm1sb19oTWFJRkY1ODVSemFRIiwgInVuaXF1ZV9pZCIs + ICJ4eHh4eHh4eC14eHh4LXh4eHgteHh4eC14eHh4eHh4eHh4eHgiXQ~WyJOVE5Sb09pd + VZWUnRGNkNFenRkOVp3IiwgImdpdmVuX25hbWUiLCAiTWFyaW8iXQ~WyJGRFNTUGdnek + dCVXdRTEhEU0U2d1FRIiwgImZhbWlseV9uYW1lIiwgIlJvc3NpIl0~WyJLWjhlNXdWRX + REdmIxemlTUEE0RHpBIiwgImJpcnRoX2RhdGUiLCAiMTk4MC0wMS0xMCJd~WyJwWjVNU + nlPeHBWV1p1SExvSi15alJnIiwgInRheF9pZF9jb2RlIiwgIlRJTklULVhYWFhYWFhYW + FhYWFhYWFgiXQ~ + +(Q)EAA non-normative examples ----------------------------- In the following, we provide a non-normative example of (Q)EAA in JSON. @@ -429,40 +296,20 @@ In the following, we provide a non-normative example of (Q)EAA in JSON. { "iss": "https://issuer.example.org", "sub": "NzbLsXh8uDCcd7noWXFZAfHkxZsRGC9Xs", - "jti": "urn:uuid:6c5c0a49-b589-431d-bae7-219122a9ec2c", "iat": 1683000000, "exp": 1883000000, - "status": "https://issuer.example.org/status", + "status": { + "status_attestation": { + "credential_hash_alg": "sha-256" + }, "vct": "DisabilityCard", - "verified_claims": { - "verification": { - "trust_framework": "eidas", - "assurance_level": "high", - "evidence": [ - { - "type": "electronic_record", - "record": { - "type": "https://eudi.wallet.pdnd.gov.it", - "source": { - "organization_name": "Istituto Nazionale della Previdenza Sociale", - "organization_id": - "urn:eudi:it:organization_id:ipa_code:inps", - "country_code": "IT" - } - } - } - ] - }, - "claims": { - "document_number": "XXXXXXXXXX", - "given_name": "Mario", - "family_name": "Rossi", - "birth_date": "1980-01-10", - "expiry_date": "2024-01-01", - "tax_id_code": "TINIT-XXXXXXXXXXXXXXXX", - "constant_attendance_allowance": true - } - } + "document_number": "XXXXXXXXXX", + "given_name": "Mario", + "family_name": "Rossi", + "birth_date": "1980-01-10", + "expiry_date": "2024-01-01", + "tax_id_code": "TINIT-XXXXXXXXXXXXXXXX", + "constant_attendance_allowance": true } The corresponding SD-JWT for the previous data is represented as follow, as decoded JSON for both header and payload. @@ -484,34 +331,24 @@ The corresponding SD-JWT for the previous data is represented as follow, as deco { "_sd": [ - "7WG4nT6K26_R3975zcwnVwgoHA7b988_3-vJzbZf6Yc" + "-LLA7MCh-YWWYNzFfwZsJBGGiE096fN8d60a-ml3sgo", + "7WG4nT6K26_R3975zcwnVwgoHA7b988_3-vJzbZf6Yc", + "AFRJaRPZTMaNxYu5IIWPifOAXJCnK-_h1eJt7MymcgM", + "TK2RguPYoXzCx0vv5hbN9u5M2mHlWBt41qGWlLXCNu8", + "UHChpGtNF2bj1FvAfBby1rnf7WXkxelFJ5a4vSj2FO4", + "i9XHLePHyV8OM35l3nf1MKqfpWuD7OFpRamSAsX0-5g", + "rhPkItz7BGGpjnWX2SGVH_OV9VhRjz9Hx_INXwBbz6o", + "wyfxVqq9BosPT7tN4SHOI4E48P19aVA1ktW5Zf0E-fc" ], - "iss": "https://issuer.example.org", "exp": 1883000000, + "iss": "https://issuer.example.org", "sub": "NzbLsXh8uDCcd7noWXFZAfHkxZsRGC9Xs", - "jti": "urn:uuid:6c5c0a49-b589-431d-bae7-219122a9ec2c", - "status": "https://issuer.example.org/status", - "vct": "DisabilityCard", - "verified_claims": { - "verification": { - "_sd": [ - "sTskq0yFy31ZH3YP2nN_nFnd7H9q18dU3oEa1DC5LRc" - ], - "trust_framework": "eidas", - "assurance_level": "high" - }, - "claims": { - "_sd": [ - "3humFjiCYHdHzjL-OEd1vKnQa10ivaYEd1dCCkfRuaA", - "EYgzJ1hTYWJjhBK2V3b8HV3e_fEf-Udffc5ymY77WtQ", - "F90SKK9nIQcHIElkHY_ult_9FGqYe-RydvY3E0qR96s", - "IcYHQydT_C3U1IqaJlFicxLlaHTHvElyFZ6Jxia27qQ", - "dfrmUvonZDgealZCGwk3ufmc_4ept3y9N7xhWZlCyxo", - "ji86HS1v3D41tU5JqW4oWCwTJDuTUwp1ewqoCUzzEXk", - "lXgxEDAuPeUvmkcNGr9FZuqodwFqUT01gJj7xd4yEPA" - ] + "status": { + "status_attestation": { + "credential_hash_alg": "sha-256" } }, + "vct": "DisabilityCard", "_sd_alg": "sha-256", "cnf": { "jwk": { @@ -532,140 +369,97 @@ In the following the disclosure list is given: ``WyI1N212eWNUaDV5WkNyS0xaNXhuZlV3IiwgImlhdCIsIDE2ODMwMDAwMDBd`` - Contents: ``["57mvycTh5yZCrKLZ5xnfUw", "iat", 1683000000]`` -**Claim** ``source``: - -- SHA-256 Hash: ``qfuzrQuGcbBBKaE4Q9eqVCSznzJ2rNndLG8q606RLsM`` -- Disclosure: - ``WyJrdWNyQm1sb19oTWFJRkY1ODVSemFRIiwgInNvdXJjZSIsIHsib3JnYW5p`` - ``emF0aW9uX25hbWUiOiAiSXN0aXR1dG8gTmF6aW9uYWxlIGRlbGxhIFByZXZp`` - ``ZGVuemEgU29jaWFsZSIsICJvcmdhbml6YXRpb25faWQiOiAidXJuOmV1ZGk6`` - ``aXQ6b3JnYW5pemF0aW9uX2lkOmlwYV9jb2RlOmlucHMiLCAiY291bnRyeV9j`` - ``b2RlIjogIklUIn1d`` -- Contents: - ``["kucrBmlo_hMaIFF585RzaQ", "source", {"organization_name":`` - ``"Istituto Nazionale della Previdenza Sociale",`` - ``"organization_id":`` - ``"urn:eudi:it:organization_id:ipa_code:inps", "country_code":`` - ``"IT"}]`` - -**Claim** ``evidence``: - -- SHA-256 Hash: ``sTskq0yFy31ZH3YP2nN_nFnd7H9q18dU3oEa1DC5LRc`` -- Disclosure: - ``WyJOVE5Sb09pdVZWUnRGNkNFenRkOVp3IiwgImV2aWRlbmNlIiwgW3sidHlw`` - ``ZSI6ICJlbGVjdHJvbmljX3JlY29yZCIsICJyZWNvcmQiOiB7Il9zZCI6IFsi`` - ``cWZ1enJRdUdjYkJCS2FFNFE5ZXFWQ1N6bnpKMnJObmRMRzhxNjA2UkxzTSJd`` - ``LCAidHlwZSI6ICJodHRwczovL2V1ZGkud2FsbGV0LnBkbmQuZ292Lml0In19`` - ``XV0`` -- Contents: ``["NTNRoOiuVVRtF6CEztd9Zw", "evidence", [{"type":`` - ``"electronic_record", "record": {"_sd":`` - ``["qfuzrQuGcbBBKaE4Q9eqVCSznzJ2rNndLG8q606RLsM"], "type":`` - ``"https://eudi.wallet.pdnd.gov.it"}}]]`` - **Claim** ``document_number``: -- SHA-256 Hash: ``3humFjiCYHdHzjL-OEd1vKnQa10ivaYEd1dCCkfRuaA`` +- SHA-256 Hash: ``AFRJaRPZTMaNxYu5IIWPifOAXJCnK-_h1eJt7MymcgM`` - Disclosure: - ``WyJGRFNTUGdnekdCVXdRTEhEU0U2d1FRIiwgImRvY3VtZW50X251bWJlciIs`` + ``WyJrdWNyQm1sb19oTWFJRkY1ODVSemFRIiwgImRvY3VtZW50X251bWJlciIs`` ``ICJYWFhYWFhYWFhYIl0`` - Contents: - ``["FDSSPggzGBUwQLHDSE6wQQ", "document_number", "XXXXXXXXXX"]`` + ``["kucrBmlo_hMaIFF585RzaQ", "document_number", "XXXXXXXXXX"]`` **Claim** ``given_name``: -- SHA-256 Hash: ``lXgxEDAuPeUvmkcNGr9FZuqodwFqUT01gJj7xd4yEPA`` +- SHA-256 Hash: ``wyfxVqq9BosPT7tN4SHOI4E48P19aVA1ktW5Zf0E-fc`` - Disclosure: - ``WyJLWjhlNXdWRXREdmIxemlTUEE0RHpBIiwgImdpdmVuX25hbWUiLCAiTWFy`` + ``WyJOVE5Sb09pdVZWUnRGNkNFenRkOVp3IiwgImdpdmVuX25hbWUiLCAiTWFy`` ``aW8iXQ`` -- Contents: ``["KZ8e5wVEtDvb1ziSPA4DzA", "given_name", "Mario"]`` +- Contents: ``["NTNRoOiuVVRtF6CEztd9Zw", "given_name", "Mario"]`` **Claim** ``family_name``: -- SHA-256 Hash: ``IcYHQydT_C3U1IqaJlFicxLlaHTHvElyFZ6Jxia27qQ`` +- SHA-256 Hash: ``UHChpGtNF2bj1FvAfBby1rnf7WXkxelFJ5a4vSj2FO4`` - Disclosure: - ``WyJwWjVNUnlPeHBWV1p1SExvSi15alJnIiwgImZhbWlseV9uYW1lIiwgIlJv`` + ``WyJGRFNTUGdnekdCVXdRTEhEU0U2d1FRIiwgImZhbWlseV9uYW1lIiwgIlJv`` ``c3NpIl0`` -- Contents: ``["pZ5MRyOxpVWZuHLoJ-yjRg", "family_name", "Rossi"]`` +- Contents: ``["FDSSPggzGBUwQLHDSE6wQQ", "family_name", "Rossi"]`` **Claim** ``birth_date``: -- SHA-256 Hash: ``EYgzJ1hTYWJjhBK2V3b8HV3e_fEf-Udffc5ymY77WtQ`` +- SHA-256 Hash: ``TK2RguPYoXzCx0vv5hbN9u5M2mHlWBt41qGWlLXCNu8`` - Disclosure: - ``WyJqdFZ1S0NwbjdiVGNIckFnX3NlVWJRIiwgImJpcnRoX2RhdGUiLCAiMTk4`` + ``WyJLWjhlNXdWRXREdmIxemlTUEE0RHpBIiwgImJpcnRoX2RhdGUiLCAiMTk4`` ``MC0wMS0xMCJd`` -- Contents: ``["jtVuKCpn7bTcHrAg_seUbQ", "birth_date", "1980-01-10"]`` +- Contents: ``["KZ8e5wVEtDvb1ziSPA4DzA", "birth_date", "1980-01-10"]`` **Claim** ``expiry_date``: -- SHA-256 Hash: ``dfrmUvonZDgealZCGwk3ufmc_4ept3y9N7xhWZlCyxo`` +- SHA-256 Hash: ``i9XHLePHyV8OM35l3nf1MKqfpWuD7OFpRamSAsX0-5g`` - Disclosure: - ``WyJXRGtkNkpzTmhERnZMUDRzMWhRZHlBIiwgImV4cGlyeV9kYXRlIiwgIjIw`` + ``WyJwWjVNUnlPeHBWV1p1SExvSi15alJnIiwgImV4cGlyeV9kYXRlIiwgIjIw`` ``MjQtMDEtMDEiXQ`` -- Contents: ``["WDkd6JsNhDFvLP4s1hQdyA", "expiry_date", "2024-01-01"]`` +- Contents: ``["pZ5MRyOxpVWZuHLoJ-yjRg", "expiry_date", "2024-01-01"]`` **Claim** ``tax_id_code``: -- SHA-256 Hash: ``F90SKK9nIQcHIElkHY_ult_9FGqYe-RydvY3E0qR96s`` +- SHA-256 Hash: ``-LLA7MCh-YWWYNzFfwZsJBGGiE096fN8d60a-ml3sgo`` - Disclosure: - ``WyI0a3NBejZiTVVLeTZadk4xaDhIRHVRIiwgInRheF9pZF9jb2RlIiwgIlRJ`` + ``WyJqdFZ1S0NwbjdiVGNIckFnX3NlVWJRIiwgInRheF9pZF9jb2RlIiwgIlRJ`` ``TklULVhYWFhYWFhYWFhYWFhYWFgiXQ`` -- Contents: ``["4ksAz6bMUKy6ZvN1h8HDuQ", "tax_id_code",`` +- Contents: ``["jtVuKCpn7bTcHrAg_seUbQ", "tax_id_code",`` ``"TINIT-XXXXXXXXXXXXXXXX"]`` **Claim** ``constant_attendance_allowance``: -- SHA-256 Hash: ``ji86HS1v3D41tU5JqW4oWCwTJDuTUwp1ewqoCUzzEXk`` +- SHA-256 Hash: ``rhPkItz7BGGpjnWX2SGVH_OV9VhRjz9Hx_INXwBbz6o`` - Disclosure: - ``WyJEZFdxS2g3d2RJNVZBeEtTdnhzWFZRIiwgImNvbnN0YW50X2F0dGVuZGFu`` + ``WyJXRGtkNkpzTmhERnZMUDRzMWhRZHlBIiwgImNvbnN0YW50X2F0dGVuZGFu`` ``Y2VfYWxsb3dhbmNlIiwgdHJ1ZV0`` - Contents: - ``["DdWqKh7wdI5VAxKSvxsXVQ", "constant_attendance_allowance",`` + ``["WDkd6JsNhDFvLP4s1hQdyA", "constant_attendance_allowance",`` ``true]`` - The combined format for the PID issuance is represented below: .. code-block:: eyJhbGciOiAiRVMyNTYiLCAidHlwIjogImV4YW1wbGUrc2Qtand0In0.eyJfc2QiOiBb - IjdXRzRuVDZLMjZfUjM5NzV6Y3duVndnb0hBN2I5ODhfMy12SnpiWmY2WWMiXSwgImlz - cyI6ICJodHRwczovL2lzc3Vlci5leGFtcGxlLm9yZyIsICJleHAiOiAxODgzMDAwMDAw - LCAic3ViIjogIk56YkxzWGg4dURDY2Q3bm9XWEZaQWZIa3hac1JHQzlYcyIsICJqdGki - OiAidXJuOnV1aWQ6NmM1YzBhNDktYjU4OS00MzFkLWJhZTctMjE5MTIyYTllYzJjIiwg - InN0YXR1cyI6ICJodHRwczovL2lzc3Vlci5leGFtcGxlLm9yZy9zdGF0dXMiLCAidmN0 - IjogIkRpc2FiaWxpdHlDYXJkIiwgInZlcmlmaWVkX2NsYWltcyI6IHsidmVyaWZpY2F0 - aW9uIjogeyJfc2QiOiBbInNUc2txMHlGeTMxWkgzWVAybk5fbkZuZDdIOXExOGRVM29F - YTFEQzVMUmMiXSwgInRydXN0X2ZyYW1ld29yayI6ICJlaWRhcyIsICJhc3N1cmFuY2Vf - bGV2ZWwiOiAiaGlnaCJ9LCAiY2xhaW1zIjogeyJfc2QiOiBbIjNodW1GamlDWUhkSHpq - TC1PRWQxdktuUWExMGl2YVlFZDFkQ0NrZlJ1YUEiLCAiRVlnekoxaFRZV0pqaEJLMlYz - YjhIVjNlX2ZFZi1VZGZmYzV5bVk3N1d0USIsICJGOTBTS0s5bklRY0hJRWxrSFlfdWx0 - XzlGR3FZZS1SeWR2WTNFMHFSOTZzIiwgIkljWUhReWRUX0MzVTFJcWFKbEZpY3hMbGFI - VEh2RWx5Rlo2SnhpYTI3cVEiLCAiZGZybVV2b25aRGdlYWxaQ0d3azN1Zm1jXzRlcHQz - eTlON3hoV1psQ3l4byIsICJqaTg2SFMxdjNENDF0VTVKcVc0b1dDd1RKRHVUVXdwMWV3 - cW9DVXp6RVhrIiwgImxYZ3hFREF1UGVVdm1rY05HcjlGWnVxb2R3RnFVVDAxZ0pqN3hk - NHlFUEEiXX19LCAiX3NkX2FsZyI6ICJzaGEtMjU2IiwgImNuZiI6IHsiandrIjogeyJr + Ii1MTEE3TUNoLVlXV1lOekZmd1pzSkJHR2lFMDk2Zk44ZDYwYS1tbDNzZ28iLCAiN1dH + NG5UNksyNl9SMzk3NXpjd25Wd2dvSEE3Yjk4OF8zLXZKemJaZjZZYyIsICJBRlJKYVJQ + WlRNYU54WXU1SUlXUGlmT0FYSkNuSy1faDFlSnQ3TXltY2dNIiwgIlRLMlJndVBZb1h6 + Q3gwdnY1aGJOOXU1TTJtSGxXQnQ0MXFHV2xMWENOdTgiLCAiVUhDaHBHdE5GMmJqMUZ2 + QWZCYnkxcm5mN1dYa3hlbEZKNWE0dlNqMkZPNCIsICJpOVhITGVQSHlWOE9NMzVsM25m + MU1LcWZwV3VEN09GcFJhbVNBc1gwLTVnIiwgInJoUGtJdHo3QkdHcGpuV1gyU0dWSF9P + VjlWaFJqejlIeF9JTlh3QmJ6Nm8iLCAid3lmeFZxcTlCb3NQVDd0TjRTSE9JNEU0OFAx + OWFWQTFrdFc1WmYwRS1mYyJdLCAiZXhwIjogMTg4MzAwMDAwMCwgImlzcyI6ICJodHRw + czovL2lzc3Vlci5leGFtcGxlLm9yZyIsICJzdWIiOiAiTnpiTHNYaDh1RENjZDdub1dY + RlpBZkhreFpzUkdDOVhzIiwgInN0YXR1cyI6IHsic3RhdHVzX2F0dGVzdGF0aW9uIjog + eyJjcmVkZW50aWFsX2hhc2hfYWxnIjogInNoYS0yNTYifX0sICJ2Y3QiOiAiRGlzYWJp + bGl0eUNhcmQiLCAiX3NkX2FsZyI6ICJzaGEtMjU2IiwgImNuZiI6IHsiandrIjogeyJr dHkiOiAiRUMiLCAiY3J2IjogIlAtMjU2IiwgIngiOiAiVENBRVIxOVp2dTNPSEY0ajRX NHZmU1ZvSElQMUlMaWxEbHM3dkNlR2VtYyIsICJ5IjogIlp4amlXV2JaTVFHSFZXS1ZR - NGhiU0lpcnNWZnVlY0NFNnQ0alQ5RjJIWlEifX19.hbgWxBoQtLVpTfygYVDhrgnoCkw - aw_hqY9GpxG4oXixejLEMvTOAwYFtqiNnYSuNaaGD6aemJW7jLSHDm9NOGA~WyI1N212 + NGhiU0lpcnNWZnVlY0NFNnQ0alQ5RjJIWlEifX19.1kOe6IgFxgbb_jtaLUhM_bgjmby + j6B63rm_WjaOwpOBsiPSKJY7hBHd2a83euSI8JqbSkVHJS3wcr0kd9ppZRw~WyI1N212 eWNUaDV5WkNyS0xaNXhuZlV3IiwgImlhdCIsIDE2ODMwMDAwMDBd~WyJrdWNyQm1sb19 - oTWFJRkY1ODVSemFRIiwgInNvdXJjZSIsIHsib3JnYW5pemF0aW9uX25hbWUiOiAiSXN - 0aXR1dG8gTmF6aW9uYWxlIGRlbGxhIFByZXZpZGVuemEgU29jaWFsZSIsICJvcmdhbml - 6YXRpb25faWQiOiAidXJuOmV1ZGk6aXQ6b3JnYW5pemF0aW9uX2lkOmlwYV9jb2RlOml - ucHMiLCAiY291bnRyeV9jb2RlIjogIklUIn1d~WyJOVE5Sb09pdVZWUnRGNkNFenRkOV - p3IiwgImV2aWRlbmNlIiwgW3sidHlwZSI6ICJlbGVjdHJvbmljX3JlY29yZCIsICJyZW - NvcmQiOiB7Il9zZCI6IFsicWZ1enJRdUdjYkJCS2FFNFE5ZXFWQ1N6bnpKMnJObmRMRz - hxNjA2UkxzTSJdLCAidHlwZSI6ICJodHRwczovL2V1ZGkud2FsbGV0LnBkbmQuZ292Lm - l0In19XV0~WyJGRFNTUGdnekdCVXdRTEhEU0U2d1FRIiwgImRvY3VtZW50X251bWJlci - IsICJYWFhYWFhYWFhYIl0~WyJLWjhlNXdWRXREdmIxemlTUEE0RHpBIiwgImdpdmVuX2 - 5hbWUiLCAiTWFyaW8iXQ~WyJwWjVNUnlPeHBWV1p1SExvSi15alJnIiwgImZhbWlseV9 - uYW1lIiwgIlJvc3NpIl0~WyJqdFZ1S0NwbjdiVGNIckFnX3NlVWJRIiwgImJpcnRoX2R - hdGUiLCAiMTk4MC0wMS0xMCJd~WyJXRGtkNkpzTmhERnZMUDRzMWhRZHlBIiwgImV4cG - lyeV9kYXRlIiwgIjIwMjQtMDEtMDEiXQ~WyI0a3NBejZiTVVLeTZadk4xaDhIRHVRIiw - gInRheF9pZF9jb2RlIiwgIlRJTklULVhYWFhYWFhYWFhYWFhYWFgiXQ~WyJEZFdxS2g3 - d2RJNVZBeEtTdnhzWFZRIiwgImNvbnN0YW50X2F0dGVuZGFuY2VfYWxsb3dhbmNlIiwg - dHJ1ZV0~ + oTWFJRkY1ODVSemFRIiwgImRvY3VtZW50X251bWJlciIsICJYWFhYWFhYWFhYIl0~WyJ + OVE5Sb09pdVZWUnRGNkNFenRkOVp3IiwgImdpdmVuX25hbWUiLCAiTWFyaW8iXQ~WyJG + RFNTUGdnekdCVXdRTEhEU0U2d1FRIiwgImZhbWlseV9uYW1lIiwgIlJvc3NpIl0~WyJL + WjhlNXdWRXREdmIxemlTUEE0RHpBIiwgImJpcnRoX2RhdGUiLCAiMTk4MC0wMS0xMCJd + ~WyJwWjVNUnlPeHBWV1p1SExvSi15alJnIiwgImV4cGlyeV9kYXRlIiwgIjIwMjQtMDE + tMDEiXQ~WyJqdFZ1S0NwbjdiVGNIckFnX3NlVWJRIiwgInRheF9pZF9jb2RlIiwgIlRJ + TklULVhYWFhYWFhYWFhYWFhYWFgiXQ~WyJXRGtkNkpzTmhERnZMUDRzMWhRZHlBIiwgI + mNvbnN0YW50X2F0dGVuZGFuY2VfYWxsb3dhbmNlIiwgdHJ1ZV0~ MDOC-CBOR ========= @@ -824,18 +618,6 @@ The **elementIdentifier** data that MUST be included in a PID/(Q)EAA are: * - **eu.europa.ec.eudiw.pid.1** - **issuing_country** - *tstr (text string)*. Alpha-2 country code as defined in [ISO 3166]. - * - **eu.europa.ec.eudiw.pid.it.1** - - **verification.evidence** - - *bstr (byte string)*. As defined in the :ref:`PID/(Q)EAA Verification field Section `. - * - **eu.europa.ec.eudiw.pid.it.1** - - **verification.trust_framework** - - *tstr (text string)*. As defined in the :ref:`PID/(Q)EAA Verification field Section `. - * - **eu.europa.ec.eudiw.pid.it.1** - - **verification.assurance_level** - - *tstr (text string)*. As defined in the :ref:`PID/(Q)EAA Verification field Section `. - * - **eu.europa.ec.eudiw.pid.it.1** - - **status** - - *tstr (text string)*. HTTPS URL where the credential validity status is available. Depending on the Digital Credential type, additional **elementIdentifier** data MAY be added. The PID MUST support the following data: @@ -957,7 +739,7 @@ A non-normative example of a PID in MDOC-CBOR format is represented below using .. code-block:: text - a366737461747573006776657273696f6e63312e3069646f63756d656e747381a267646f6354797065781865752e6575726f70612e65632e65756469772e7069642e316c6973737565725369676e6564a26a697373756572417574688443a10126a1182159021930820215308201bca003020102021404ad06a30c1a6dc6e93be0e2e8f78dcafa7907c2300a06082a8648ce3d040302305b310b3009060355040613025a45312e302c060355040a0c25465053204d6f62696c69747920616e64205472616e73706f7274206f66205a65746f706961311c301a06035504030c1349414341205a65746573436f6e666964656e73301e170d3231303932393033333034355a170d3232313130333033333034345a3050311a301806035504030c114453205a65746573436f6e666964656e7331253023060355040a0c1c5a65746f70696120436974792044657074206f662054726166666963310b3009060355040613025a453059301306072a8648ce3d020106082a8648ce3d030107034200047c5545e9a0b15f4ff3ce5015121e8ad3257c28d541c1cd0d604fc9d1e352ccc38adef5f7902d44b7a6fc1f99f06eedf7b0018fd9da716aec2f1ffac173356c7da3693067301f0603551d23041830168014bba2a53201700d3c97542ef42889556d15b7ac4630150603551d250101ff040b3009060728818c5d050102301d0603551d0e04160414ce5fd758a8e88563e625cf056bfe9f692f4296fd300e0603551d0f0101ff040403020780300a06082a8648ce3d0403020347003044022012b06a3813ffec5679f3b8cddb51eaa4b95b0cbb1786b09405e2000e9c46618c02202c1f778ad252285ed05d9b55469f1cb78d773671f30fe7ab815371942328317c59032ad818590325a667646f6354797065781865752e6575726f70612e65632e65756469772e7069642e316776657273696f6e63312e306c76616c6964697479496e666fa3667369676e6564c074323032332d30322d32325430363a32333a35365a6976616c696446726f6dc074323032332d30322d32325430363a32333a35365a6a76616c6964556e74696cc074323032342d30322d32325430303a30303a30305a6c76616c756544696765737473a2781865752e6575726f70612e65632e65756469772e7069642e31ac015820a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a025820cd372fb85148700fa88095e3492d3f9f5beb43e555e5ff26d95f5a6adc36f8e6035820e67e72111b363d80c8124d28193926000980e1211c7986cacbd26aacc5528d48045820f7d062d662826ed95869851db06bb539b402047baee53a00e0aa35bfbe98265d0658202a132dbfe4784627b86aa3807cd19cfeff487aab3dd7a60d0ab119a72e736936075820bdca9e8dbca354e824e67bfe1533fa4a238b9ea832f23fb4271ebeb3a5a8f7200858202c0eaec2f05b6c7fe7982683e3773b5d8d7a01e33d04dfcb162add8bd99bee9a095820bfe220d85657ccec3c67e7db1df747e9148a152334bb6d4b65b273279bcc36ec0a582018e38144f5044301d6a0b4ec9d5f98d4cd950e6ea2c29b849cbd457da29b6ad30b58203c71d2f0efa09d9e3fbbdffd29204f6b292c9f79570aef72dd86c91f7a3aa5c50c582065743d58d89d45e52044758f546034fd13a4f994bc270cdfa7844f74eb3f4b6e0d5820b4a8eb5d523bffa17b41bda12ddc7da32ae1e5f7ff3dcc394a35401f16919bbf781b65752e6575726f70612e65632e65756469772e7069642e69742e31a10e58209d6c11644651126c94acdaf0803e86d4c71d15d3b2712a14295416734efd514d6d6465766963654b6579496e666fa1696465766963654b6579a401022001215820ba01aea44eee1e338eb2f04e279dbd51b34655783ee185150838c9a7a7c4db7122582025ba0044439a3871a7b975a0994a85e79b705a9ac263b3fe899b0a93412ee8c96f646967657374416c676f726974686d675348412d32353658400813c28fd62f2602cbc14724e5865733c44a0fca589b55c085ec9d5c725d6cce25ba0044439a3871a7b975a0994a85e79b705a9ac263b3fe899b0a93412ee8c96a6e616d65537061636573a2781865752e6575726f70612e65632e65756469772e7069642e318cd818586da4686469676573744944016672616e646f6d5820156df9227ad341eaa61aabd301106fd21bdc18820e01dfc16bcf5fecc447111b71656c656d656e744964656e7469666965726b6578706972795f646174656c656c656d656e7456616c7565d903ec6a323032342d30322d3232d818586fa4686469676573744944026672616e646f6d5820a3a1f13f05544d03a5b50b5fdb78465808393bcf3b7953a345fe28f820c7be0d71656c656d656e744964656e7469666965726d69737375616e63655f646174656c656c656d656e7456616c7565d903ec6a323032332d30322d3232d8185866a4686469676573744944036672616e646f6d5820852591f90f2c9ded57a03632e2c1322ab52a082a431e71a4149a6830c8f1ad0c71656c656d656e744964656e7469666965726f69737375696e675f636f756e7472796c656c656d656e7456616c7565624954d818587ca4686469676573744944046672616e646f6d5820d1d587b3512acce15c4f6b20944ceb002a464e4a158389788563408873c3fce571656c656d656e744964656e7469666965727169737375696e675f617574686f726974796c656c656d656e7456616c7565764d696e69737465726f2064656c6c27496e7465726e6fd8185864a4686469676573744944056672616e646f6d582094fdd7609c0e73dc8589b5cab11e1d9058cf8bff8a336da5f81fcba055396a0f71656c656d656e744964656e7469666965726a676976656e5f6e616d656c656c656d656e7456616c7565654d6172696fd8185865a4686469676573744944066672616e646f6d5820660c0a7bf79e0e0261ca1547a4294fb808aa70738f424b13ab1b9440b566ae1371656c656d656e744964656e7469666965726b66616d696c795f6e616d656c656c656d656e7456616c756565526f737369d818586ba4686469676573744944076672616e646f6d5820315c53491286488fa07f5c2ce67135ef5c9959c3469c99a14e9b6dc924f9eba571656c656d656e744964656e746966696572696269727468646174656c656c656d656e7456616c7565d903ec6a313935362d30312d3132d818587da4686469676573744944086672616e646f6d5820764ef39c9d01f3aa6a87f441603cfe853fba3cee3bc2c168bcc9e96271d6e06371656c656d656e744964656e74696669657269756e697175655f69646c656c656d656e7456616c7565781e78787878787878782d7878782d787878782d787878787878787878787878d81858e8a4686469676573744944096672616e646f6d5820ad20b3b9c67aed8089ff33ecdc108781c3b49b81cd7a3f059d2fe236977037b271656c656d656e744964656e74696669657275766572696669636174696f6e2e65766964656e63656c656c656d656e7456616c756581a2647479706571656c656374726f6e69635f7265636f7264667265636f7264a264747970656c65696461732e69742e63696566736f75726365a3716f7267616e697a6174696f6e5f6e616d656c65696461732e69742e6369656f6f7267616e697a6174696f6e5f6964646d5f69746c636f756e7472795f636f6465626974d8185879a46864696765737449440a6672616e646f6d5820c12314b3695d1401505187e2113115e2f7b4a14b135dee320f5e6df81275f17671656c656d656e744964656e746966696572667374617475736c656c656d656e7456616c7565781d68747470733a2f2f70696470726f76696465722e69742f737461747573d8185877a46864696765737449440b6672616e646f6d5820a7b6a9027ed97f25df96dd0eab8093b264a3bd6a1d5b24228f3fc5b18ef835fb71656c656d656e744964656e746966696572781c766572696669636174696f6e2e74727573745f6672616d65776f726b6c656c656d656e7456616c7565656569646173d8185876a46864696765737449440c6672616e646f6d5820c76ce2ae4e9be1db07a5cb397b54ace3eccc786d3f85e4348b923dee059783db71656c656d656e744964656e746966696572781c766572696669636174696f6e2e6173737572616e63655f6c6576656c6c656c656d656e7456616c75656468696768781b65752e6575726f70612e65632e65756469772e7069642e69742e3181d8185877a46864696765737449440d6672616e646f6d5820717df3f583b1484366c33a1f869f2b5d201d466a8b589c79ab1a2d85e595432571656c656d656e744964656e7469666965726d7461785f69645f6e756d6265726c656c656d656e7456616c75657554494e49542d585858585858585858585858585858 + a366737461747573006776657273696f6e63312e3069646f63756d656e747381a267646f6354797065781865752e6575726f70612e65632e65756469772e7069642e316c6973737565725369676e6564a26a697373756572417574688443a10126a1182159021930820215308201bca003020102021404ad06a30c1a6dc6e93be0e2e8f78dcafa7907c2300a06082a8648ce3d040302305b310b3009060355040613025a45312e302c060355040a0c25465053204d6f62696c69747920616e64205472616e73706f7274206f66205a65746f706961311c301a06035504030c1349414341205a65746573436f6e666964656e73301e170d3231303932393033333034355a170d3232313130333033333034345a3050311a301806035504030c114453205a65746573436f6e666964656e7331253023060355040a0c1c5a65746f70696120436974792044657074206f662054726166666963310b3009060355040613025a453059301306072a8648ce3d020106082a8648ce3d030107034200047c5545e9a0b15f4ff3ce5015121e8ad3257c28d541c1cd0d604fc9d1e352ccc38adef5f7902d44b7a6fc1f99f06eedf7b0018fd9da716aec2f1ffac173356c7da3693067301f0603551d23041830168014bba2a53201700d3c97542ef42889556d15b7ac4630150603551d250101ff040b3009060728818c5d050102301d0603551d0e04160414ce5fd758a8e88563e625cf056bfe9f692f4296fd300e0603551d0f0101ff040403020780300a06082a8648ce3d0403020347003044022012b06a3813ffec5679f3b8cddb51eaa4b95b0cbb1786b09405e2000e9c46618c02202c1f778ad252285ed05d9b55469f1cb78d773671f30fe7ab815371942328317c59032ad818590325a667646f6354797065781865752e6575726f70612e65632e65756469772e7069642e316776657273696f6e63312e306c76616c6964697479496e666fa3667369676e6564c074323032332d30322d32325430363a32333a35365a6976616c696446726f6dc074323032332d30322d32325430363a32333a35365a6a76616c6964556e74696cc074323032342d30322d32325430303a30303a30305a6c76616c756544696765737473a2781865752e6575726f70612e65632e65756469772e7069642e31ac015820a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a025820cd372fb85148700fa88095e3492d3f9f5beb43e555e5ff26d95f5a6adc36f8e6035820e67e72111b363d80c8124d28193926000980e1211c7986cacbd26aacc5528d48045820f7d062d662826ed95869851db06bb539b402047baee53a00e0aa35bfbe98265d0658202a132dbfe4784627b86aa3807cd19cfeff487aab3dd7a60d0ab119a72e736936075820bdca9e8dbca354e824e67bfe1533fa4a238b9ea832f23fb4271ebeb3a5a8f7200858202c0eaec2f05b6c7fe7982683e3773b5d8d7a01e33d04dfcb162add8bd99bee9a095820bfe220d85657ccec3c67e7db1df747e9148a152334bb6d4b65b273279bcc36ec0a582018e38144f5044301d6a0b4ec9d5f98d4cd950e6ea2c29b849cbd457da29b6ad30b58203c71d2f0efa09d9e3fbbdffd29204f6b292c9f79570aef72dd86c91f7a3aa5c50c582065743d58d89d45e52044758f546034fd13a4f994bc270cdfa7844f74eb3f4b6e0d5820b4a8eb5d523bffa17b41bda12ddc7da32ae1e5f7ff3dcc394a35401f16919bbf781b65752e6575726f70612e65632e65756469772e7069642e69742e31a10e58209d6c11644651126c94acdaf0803e86d4c71d15d3b2712a14295416734efd514d6d6465766963654b6579496e666fa1696465766963654b6579a401022001215820ba01aea44eee1e338eb2f04e279dbd51b34655783ee185150838c9a7a7c4db7122582025ba0044439a3871a7b975a0994a85e79b705a9ac263b3fe899b0a93412ee8c96f646967657374416c676f726974686d675348412d32353658400813c28fd62f2602cbc14724e5865733c44a0fca589b55c085ec9d5c725d6cce25ba0044439a3871a7b975a0994a85e79b705a9ac263b3fe899b0a93412ee8c96a6e616d65537061636573a2781865752e6575726f70612e65632e65756469772e7069642e3188d818586da4686469676573744944016672616e646f6d5820156df9227ad341eaa61aabd301106fd21bdc18820e01dfc16bcf5fecc447111b71656c656d656e744964656e7469666965726b6578706972795f646174656c656c656d656e7456616c7565d903ec6a323032342d30322d3232d818586fa4686469676573744944026672616e646f6d5820a3a1f13f05544d03a5b50b5fdb78465808393bcf3b7953a345fe28f820c7be0d71656c656d656e744964656e7469666965726d69737375616e63655f646174656c656c656d656e7456616c7565d903ec6a323032332d30322d3232d8185866a4686469676573744944036672616e646f6d5820852591f90f2c9ded57a03632e2c1322ab52a082a431e71a4149a6830c8f1ad0c71656c656d656e744964656e7469666965726f69737375696e675f636f756e7472796c656c656d656e7456616c7565624954d818587ca4686469676573744944046672616e646f6d5820d1d587b3512acce15c4f6b20944ceb002a464e4a158389788563408873c3fce571656c656d656e744964656e7469666965727169737375696e675f617574686f726974796c656c656d656e7456616c7565764d696e69737465726f2064656c6c27496e7465726e6fd8185864a4686469676573744944056672616e646f6d582094fdd7609c0e73dc8589b5cab11e1d9058cf8bff8a336da5f81fcba055396a0f71656c656d656e744964656e7469666965726a676976656e5f6e616d656c656c656d656e7456616c7565654d6172696fd8185865a4686469676573744944066672616e646f6d5820660c0a7bf79e0e0261ca1547a4294fb808aa70738f424b13ab1b9440b566ae1371656c656d656e744964656e7469666965726b66616d696c795f6e616d656c656c656d656e7456616c756565526f737369d818586ba4686469676573744944076672616e646f6d5820315c53491286488fa07f5c2ce67135ef5c9959c3469c99a14e9b6dc924f9eba571656c656d656e744964656e746966696572696269727468646174656c656c656d656e7456616c7565d903ec6a313935362d30312d3132d818587da4686469676573744944086672616e646f6d5820764ef39c9d01f3aa6a87f441603cfe853fba3cee3bc2c168bcc9e96271d6e06371656c656d656e744964656e74696669657269756e697175655f69646c656c656d656e7456616c7565781e78787878787878782d7878782d787878782d787878787878787878787878781b65752e6575726f70612e65632e65756469772e7069642e69742e3181d8185877a46864696765737449440d6672616e646f6d5820717df3f583b1484366c33a1f869f2b5d201d466a8b589c79ab1a2d85e595432571656c656d656e744964656e7469666965726d7461785f69645f6e756d6265726c656c656d656e7456616c75657554494e49542d585858585858585858585858585858 The `Diagnostic Notation` of the above MDOC-CBOR is given below: @@ -967,7 +749,7 @@ The `Diagnostic Notation` of the above MDOC-CBOR is given below: "status": 0, "version": "1.0", "documents": [ - { + { "docType": "eu.europa.ec.eudiw.pid.1", "issuerSigned": { "issuerAuth": [ @@ -987,7 +769,7 @@ The `Diagnostic Notation` of the above MDOC-CBOR is given below: }, "valueDigests": { "eu.europa.ec.eudiw.pid.1": { - 1:h'0F1571A97FFB799CC8FCDF2BA4FC2909929…', + 1: h'0F1571A97FFB799CC8FCDF2BA4FC2909929…', 2: h'0CDFE077400432C055A2B69596C90…', 3: h'E2382149255AE8E955AF9B8984395…', 4: h'BBC77E6CCA981A3AD0C3E544EDF86…', @@ -996,11 +778,7 @@ The `Diagnostic Notation` of the above MDOC-CBOR is given below: 8: h'DEFDF1AA746718016EF1B94BFE5R6…' }, "eu.europa.ec.eudiw.pid.it.1": { - 9: h'AFC5A127BE44753172844B13491D8…', - 10: h'AFC5A127BE44753172844B13492H4…', - 11: h'DJA5A127BE44753172844B13492H4…', - 12: h'KDL5A127BE44753172844B13492H4…', - 13: h'F9EE4D36F67DBD75E23311AC1C29…' + 9: h'F9EE4D36F67DBD75E23311AC1C29…' } }, "deviceKeyInfo": { @@ -1086,53 +864,9 @@ The `Diagnostic Notation` of the above MDOC-CBOR is given below: >>) ], "eu.europa.ec.eudiw.pid.it.1": [ - 24(<< - { - "digestID": 9, - "random": h'CAD1F6A38F603451F1FA653F81FF309D', - "elementIdentifier": "verification.evidence", - "elementValue": [ - { - "type": "electronic_record", - "record": { - "type": "eidas.it.cie", - "source": { - "organization_name": "eidas.it.cie", - "organization_id": "m_it", - "country_code": "it", - } - } - } - ] - } - >>), - 24(<< - { - "digestID": 10, - "random": h'CAD1F6A38F603451F1FA653F81FF309D, - "elementIdentifier": "status", - "elementValue": "https://pidprovider.example.it/status" - } - >>), - 24(<< - { - "digestID": 11, - "random": h'564E3C65D46D06FEDEB0E7293A86GF', - "elementIdentifier": "verification.trust_framework", - "elementValue": "eidas" - } - >>), - 24(<< - { - "digestID": 12, - "random": h'D884E5D5EF4CFC93FDB1E4EE8F3923', - "elementIdentifier": "verification.assurance_level", - "elementValue": "high" - } - >>) 24(<< { - "digestID": 13, + "digestID": 9, "random": h'11aa7273a2d2daa973f5951f0c34c2fbae', "elementIdentifier": "tax_id_number", "elementValue": "TINIT-XXXXXXXXXXXXXXX" @@ -1141,7 +875,7 @@ The `Diagnostic Notation` of the above MDOC-CBOR is given below: ] } } - } + } ] }