Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

fix!: WIA examples and removed type since we already have typ in the headers #99

Merged
merged 2 commits into from
Sep 6, 2023
Merged

fix!: WIA examples and removed type since we already have typ in the headers #99

Changes from 1 commit
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
ff11791
fix!: WIA examples and removed type since we already have typ in the …
peppelinux Aug 29, 2023
63fd7cc
Merge branch 'versione-corrente' into wia
Sep 6, 2023
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
184 changes: 87 additions & 97 deletions docs/en/wallet-instance-attestation.rst
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -102,38 +102,32 @@ Header

Payload
^^^^^^^
+--------+----------------------------------------+
| **key**| **value** |
+--------+----------------------------------------+
|| iss || The thumbprint |
|| || of the JWK of the Wallet Instance |
|| || for which the attestation is |
|| || being requested. |
+--------+----------------------------------------+
|| aud || The public url of the Wallet |
|| || Provider. |
+--------+----------------------------------------+
|| jti || Unique identifier of the request. |
|| || This parameter will be used to |
|| || avoid replay attacks. |
+--------+----------------------------------------+
|| type || String. It must be set to |
|| || ``WalletInstanceAttestationRequest``. |
+--------+----------------------------------------+
|| nonce || The nonce obtained from the |
|| || Wallet Porvider. |
+--------+----------------------------------------+
|| cnf || This parameter will contain the |
|| || configuration of the Wallet |
|| || Instance in JSON format. Among |
|| || the mandatory attributes there |
|| || will be the jwk parameter |
|| || containing the public key of the |
|| || Wallet Instance. It will also |
|| || contain all the information |
|| || useful for the Wallet Provider |
|| || to verify that the app is genuine. |
+--------+----------------------------------------+
+--------+-------------------------------------------------------------+
| **key**| **value** |
+--------+-------------------------------------------------------------+
|| iss || The thumbprint |
|| || of the JWK of the Wallet Instance |
|| || for which the attestation is |
|| || being requested. |
+--------+-------------------------------------------------------------+
|| aud || The public url of the Wallet |
|| || Provider. |
+--------+-------------------------------------------------------------+
|| jti || Unique identifier of the request, according to |
|| || `RFC7519 <https://datatracker.ietf.org/doc/html/rfc7519>`_.|
|| || |
+--------+-------------------------------------------------------------+
|| type || String. It MUST be set to |
|| || ``WalletInstanceAttestationRequest``. |
+--------+-------------------------------------------------------------+
|| nonce || The nonce obtained from the |
|| || Wallet Provider. |
+--------+-------------------------------------------------------------+
|| cnf || JSON object, according to |
|| || `RFC7800 <https://www.rfc-editor.org/rfc/rfc7800.html>`_ |
|| || containing the public key of the |
|| || Wallet Instance. |
+--------+-------------------------------------------------------------+

Below a non-normative example of the Wallet Instance Attestation
request where the decoded JWS headers and payload are separated by a comma:
Expand Down Expand Up @@ -205,69 +199,66 @@ Header
Payload
^^^^^^^

+---------------------------+------------------------------------------------+
| **key** | **value** |
+---------------------------+------------------------------------------------+
|| iss || The public url of the Wallet |
|| || Instance attestation issuer. See |
|| || the example below in this section. |
+---------------------------+------------------------------------------------+
|| sub || Thumbprint value |
|| || of the JWK of the Wallet Instance |
|| || for which the attestation is |
|| || being issued. |
+---------------------------+------------------------------------------------+
|| iat || Unix timestamp of attestation |
|| || issuance time. |
+---------------------------+------------------------------------------------+
|| exp || Unix timestamp regarding the |
|| || expiration date time. |
|| || A good practice to avoid security |
|| || problems is to have a limited |
|| || duration of the attestation. |
+---------------------------+------------------------------------------------+
|| type || String: |
|| || "WalletInstanceAttestation". |
+---------------------------+------------------------------------------------+
|| policy_uri || URL to the privacy policy |
|| || of the wallet. |
+---------------------------+------------------------------------------------+
|| tos_uri || URL to the terms |
|| || of use of the Wallet Provider. |
+---------------------------+------------------------------------------------+
|| logo_uri || URL of the Wallet Provider logo in SVG format |
+---------------------------+------------------------------------------------+
|| attested_security_context|| Attested security context: |
|| || Represents a level of "trust" of |
|| || the service containing a Level Of |
|| || Agreement defined in the metadata |
|| || of the Wallet Provider. |
+---------------------------+------------------------------------------------+
|| cnf || This parameter contains the ``jwk`` |
|| || parameter |
|| || with the public key of the Wallet |
|| || necessary for the holder binding. |
+---------------------------+------------------------------------------------+
|| authorization_endpoint || URL of the OP's OAuth 2.0 |
|| || Authorization Endpoint. |
+---------------------------+------------------------------------------------+
|| response_types_supported || JSON array containing a list of |
|| || the OAuth 2.0 response_type values |
|| || that this OP supports. |
+---------------------------+------------------------------------------------+
|| vp_formats_supported || JSON object containing |
|| || ``jwt_vp_json`` and ``jwt_vc_json`` |
|| || supported algorithms array. |
+---------------------------+------------------------------------------------+
|| request_object_signing || JSON array containing a list of the |
|| _alg_values_supported || JWS signing algorithms (alg values) |
|| || supported by the OP for Request Objects. |
+---------------------------+------------------------------------------------+
|| presentation_definition || Boolean value specifying whether the |
|| _uri_supported || Wallet Instance supports the transfer of |
|| || presentation_definition by |
|| || reference, with true indicating support. |
+---------------------------+------------------------------------------------+
+---------------------------+-----------------------------------------------+
| **key** | **value** |
+---------------------------+-----------------------------------------------+
|| iss || The public url of the Wallet |
|| || Instance attestation issuer. See |
|| || the example below in this section. |
+---------------------------+-----------------------------------------------+
|| sub || Thumbprint value |
|| || of the JWK of the Wallet Instance |
|| || for which the attestation is |
|| || being issued. |
+---------------------------+-----------------------------------------------+
|| iat || Unix timestamp of attestation |
|| || issuance time. |
+---------------------------+-----------------------------------------------+
|| exp || Unix timestamp regarding the |
|| || expiration date time. |
|| || A good practice to avoid security |
|| || problems is to have a limited |
|| || duration of the attestation. |
+---------------------------+-----------------------------------------------+
|| policy_uri || URL to the privacy policy |
|| || of the wallet. |
+---------------------------+-----------------------------------------------+
|| tos_uri || URL to the terms |
|| || of use of the Wallet Provider. |
+---------------------------+-----------------------------------------------+
|| logo_uri || URL of the Wallet Provider logo in SVG format|
+---------------------------+-----------------------------------------------+
|| attested_security_context|| Attested security context: |
|| || Represents a level of "trust" of |
|| || the service containing a Level Of |
|| || Agreement defined in the metadata |
|| || of the Wallet Provider. |
+---------------------------+-----------------------------------------------+
|| cnf || This parameter contains the ``jwk`` |
|| || parameter |
|| || with the public key of the Wallet |
|| || necessary for the holder binding. |
+---------------------------+-----------------------------------------------+
|| authorization_endpoint || URL of the OP's OAuth 2.0 |
|| || Authorization Endpoint. |
+---------------------------+-----------------------------------------------+
|| response_types_supported || JSON array containing a list of |
|| || the OAuth 2.0 response_type values |
|| || that this OP supports. |
+---------------------------+-----------------------------------------------+
|| vp_formats_supported || JSON object containing |
|| || ``jwt_vp_json`` and ``jwt_vc_json`` |
|| || supported algorithms array. |
+---------------------------+-----------------------------------------------+
|| request_object_signing || JSON array containing a list of the |
|| _alg_values_supported || JWS signing algorithms (alg values) |
|| || supported by the OP for Request Objects. |
+---------------------------+-----------------------------------------------+
|| presentation_definition || Boolean value specifying whether the |
|| _uri_supported || Wallet Instance supports the transfer of |
|| || presentation_definition by |
|| || reference, with true indicating support. |
+---------------------------+-----------------------------------------------+

.. note::
The claim ``attested_security_context`` (Attested Security Context) is under discussion
Expand Down Expand Up @@ -296,7 +287,6 @@ Below is an example of Wallet Instance Attestation:
{
"iss": "https://wallet-provider.example.org",
"sub": "vbeXJksM45xphtANnCiG6mCyuU4jfGNzopGuKvogg9c",
"type": "WalletInstanceAttestation",
"policy_uri": "https://wallet-provider.example.org/privacy_policy",
"tos_uri": "https://wallet-provider.example.org/info_policy",
"logo_uri": "https://wallet-provider.example.org/logo.svg",
Expand Down Expand Up @@ -348,7 +338,7 @@ Below a non-normative example of the request.
Content-Type: application/x-www-form-urlencoded

grant_type=urn%3Aietf%3Aparams%3Aoauth%3Agrant-type%3Ajwt-bearer
&assertion=eyJhbGciOiJFUzI1NiIsImtpZCI6InZiZVhKa3NNNDV4cGh0QU5uQ2lHNm1DeXVVNGpmR056b3BHdUt2b2dnOWMiLCJ0eXAiOiJ2YXIrand0In0.eyJpc3MiOiJ2YmVYSmtzTTQ1eHBodEFObkNpRzZtQ3l1VTRqZkdOem9wR3VLdm9nZzljIiwiYXVkIjoiaHR0cHM6Ly93YWxsZXQtcHJvdmlkZXIuZXhhbXBsZS5vcmciLCJqdGkiOiJmNTY1MjA3Mi1hYmVmLTQ1OTktYjg2My05YTY5MDYwNzMyY2MiLCJ0eXBlIjoiV2FsbGV0SW5zdGFuY2VBdHRlc3RhdGlvblJlcXVlc3QiLCJub25jZSI6Ii4uLi4uIiwiY25mIjp7Imp3ayI6eyJjcnYiOiJQLTI1NiIsImt0eSI6IkVDIiwieCI6IjRITnB0SS14cjJwanlSSktHTW56NFdtZG5RRF91SlNxNFI5NU5qOThiNDQiLCJ5IjoiTElablNCMzl2RkpoWWdTM2s3alhFNHIzLUNvR0ZRd1p0UEJJUnFwTmxyZyIsImtpZCI6InZiZVhKa3NNNDV4cGh0QU5uQ2lHNm1DeXVVNGpmR056b3BHdUt2b2dnOWMifX0sImlhdCI6MTY5MTQ4ODk2MiwiZXhwIjoxNjkxNDk2MTYyfQ.Azg8zBzjCB2ms9XHVDCzP92kh3XcVR6dD4Z_aFZslBO-6i3xwGwDsk4W8uESr-ba84wXgyIzn_vKX3exVFfO6g
&assertion=eyJhbGciOiJFUzI1NiIsImtpZCI6ImtoakZWTE9nRjNHeGRxd2xVTl9LWl83NTVUT1ZEbmJIaDg2TW1KcHh2a1UifQ.eyJpc3MiOiAidmJlWEprc000NXhwaHRBTm5DaUc2bUN5dVU0amZHTnpvcEd1S3ZvZ2c5YyIsICJhdWQiOiAiaHR0cHM6Ly93YWxsZXQtcHJvdmlkZXIuZXhhbXBsZS5vcmciLCAianRpIjogImY1NjUyMDcyLWFiZWYtNDU5OS1iODYzLTlhNjkwNjA3MzJjYyIsICJub25jZSI6ICIuLi4uLiIsICJjbmYiOiB7Imp3ayI6IHsiY3J2IjogIlAtMjU2IiwgImt0eSI6ICJFQyIsICJ4IjogIjRITnB0SS14cjJwanlSSktHTW56NFdtZG5RRF91SlNxNFI5NU5qOThiNDQiLCAieSI6ICJMSVpuU0IzOXZGSmhZZ1MzazdqWEU0cjMtQ29HRlF3WnRQQklScXBObHJnIiwgImtpZCI6ICJ2YmVYSmtzTTQ1eHBodEFObkNpRzZtQ3l1VTRqZkdOem9wR3VLdm9nZzljIn19LCAiaWF0IjogMTY5MTQ4ODk2MiwgImV4cCI6IDE2OTE0OTYxNjJ9.Dg_yFaiv6lVftR3FFx0v5JW250mBgXLVP1j0ezZcHRyitqSY7xGmx4y-MGur93FAS85vf_Da-L-REVEltwU2Jw

the assertion parameter is used as an authentication parameter
of the Wallet Instance.
Expand Down