Skip to content

Commit

Permalink
Merge branch 'vci-ref' of https://github.com/italia/eidas-it-wallet-docs
Browse files Browse the repository at this point in the history 
 into vci-ref
  • Loading branch information
@peppelinux
peppelinux committed Dec 28, 2023
2 parents cd80152 + 2737fbb commit 3a1f5b4
Showing 1 changed file with 17 additions and 16 deletions.
33 changes: 17 additions & 16 deletions docs/en/pid-eaa-issuance.rst
View file
Original file line number Diff line number Diff line change
Expand Up @@ -8,7 +8,7 @@ PID/(Q)EAA Issuance
This section describes the PID and (Q)EAAs issuance flow with an high level of security.
The relevant entities and interfaces involved in the issuance flow are:

- *Wallet Provider*: The entity responsible for releasing an EUDI Wallet Solution. The Wallet Provider issues the Wallet Instance Attestations to its Wallet Instances through an Attestation Service. The Wallet Attestation certifies the genuinity and authenticity of the Wallet Instance and its compliance with a trust framework in compliance to the security and privacy requirements.
- *Wallet Provider*: The entity responsible for releasing an EUDI Wallet Solution. The Wallet Provider issues the Wallet Instance Attestations to its Wallet Instances through an Attestation Service. The Wallet Attestation certifies the genuinity and authenticity of the Wallet Instance and its compliance with the security and privacy requirements.
- *Wallet Solution*: Entire product and service owned by a Wallet Provider, offered to all the Users and certified as EUDI-compliant by a Conformity Assessment Body (CAB).
- *Wallet Instance*: Instance of a Wallet Solution, installed on the User device. The Wallet Instance provides graphical interfaces for User interaction with Relying Parties, PID, (Q)EAA Providers and the Wallet Provider.
- *PID Provider*: The entity that issues the eIDAS Person Identification Data (PID). It is composed of:
Expand All @@ -19,7 +19,7 @@ The relevant entities and interfaces involved in the issuance flow are:

- *(Q)EAA Provider*: It represents the Issuer of (Q)EAAs. It is composed of:

- OpenID4VCI Component: based on the "OpenID for Verifiable Credential Issuance" specification ` to release (Q)EAAs.
- OpenID4VCI Component: based on the "OpenID for Verifiable Credential Issuance" specification to release (Q)EAAs.
- Relying Party: Component to authenticate the User with the PID. The (Q)EAA Provider acts as a Verifier by sending a presentation request to the Wallet Instance, according to [`OpenID4VP`_]. The Wallet Instance MUST have a valid PID, obtained in a previous time, to get authenticated with the (Q)EAA Provider.


Expand All @@ -38,7 +38,7 @@ The :numref:`fig_High-Level-Flow-ITWallet-PID-Issuance` shows a general architec
Below the description of the steps represented in the previous picture:

0. **Wallet Instance Setup**: the first time the Wallet Instance is started a preliminary setup phase is carried out. It consists of the release of the Wallet Instance Attestation issued by Wallet Attestation Service asserting the genuineness and the compliance of the Wallet Instance with the shared trust framework. The Wallet Instance Attestation binds the public key provided by the Wallet Instance, related to one of the private keys generated by the Wallet Instance.
1. **Digital Credential Issuers Discovery**: the Wallet Instance discovers the trusted Digital Credential Issuers using the Federation API (e.g.: using the Subordinate Listing Endpoint of the Trust Anchor and its Intermediates), inspecting the Credential Issuer metadata and Trust Marks for filtering the PID Provider.
1. **PID/(Q)EAA Provider Issuers Discovery**: the Wallet Instance discovers the trusted Digital Credential Issuers using the Federation API (e.g.: using the Subordinate Listing Endpoint of the Trust Anchor and its Intermediates), inspecting the Credential Issuer metadata and Trust Marks for filtering the PID Provider.
2. **PID Provider Metadata**: the Wallet Instance establishes the trust to the PID Provider according to the Trust Model and obtains the Metadata that discloses the formats of the PID, the algorithms supported, and any other parameter required for interoperability needs.
3. **PID Request**: using the Authorization Code Flow defined in `[OIDC4VCI. Draft 13] <https://openid.bitbucket.io/connect/openid-4-verifiable-credential-issuance-1_0.html>`_ the Wallet Instance requests the PID to the PID Provider.
4. **User Authentication**: the PID Provider authenticates the User with LoA High, acting as an Identity and Access Management Proxy to the National eID system.
Expand All @@ -63,7 +63,7 @@ The :numref:`fig_High-Level-Flow-ITWallet-QEAA-Issuance` shows a general archite

Below the description of the most relevant operations involved in the (Q)EAA issuance:

1. **Discovery of the trusted (Q)EAA Issuer**: the Wallet Instance obtains the list of the trusted (Q)EAA Issuer using the Federaiton API (e.g.: using the Subordinate Listing Endpoint of the Trust Anchor and its Intermediates), then inspects the metadata and Trust Mark looking for the Digital Credential capabilities of each (Q)EAA Provider.
1. **Discovery of the trusted (Q)EAA Provider**: the Wallet Instance obtains the list of the trusted (Q)EAA Provider using the Federation API (e.g.: using the Subordinate Listing Endpoint of the Trust Anchor and its Intermediates), then inspects the metadata and Trust Mark looking for the Digital Credential capabilities of each (Q)EAA Provider.
2. **(Q)EAA Provider Metadata**: the Wallet Instance establishes the trust to the (Q)EAA Provider according to the Trust Model, obtaining the Metadata that discloses the formats of the (Q)EAA, the algorithms supported, and any other parameter required for interoperability needs.
3. **(Q)EAA Request**: using the Authorization Code Flow , defined in `[OIDC4VCI. Draft 13] <https://openid.bitbucket.io/connect/openid-4-verifiable-credential-issuance-1_0.html>`_, the Wallet Instance requests a (Q)EAA to the (Q)EAA Provider.
4. **User Authentication**: the (Q)EAA Provider, acting as a Verifier (Relying Party), authenticates the User evaluating the presentation of the PID.
Expand Down Expand Up @@ -255,7 +255,8 @@ The PID/(Q)EAA Provider returns the issued ``request_uri`` to the Wallet Instanc
**Steps 12-13 (DPoP Proof for Token Endpoint)**: The Wallet Instance MUST create a new key pair for the DPoP and a fresh DPoP Proof JWT following the instruction provided in Section 4 of (:rfc:`9449`) for the token request to the PID/(Q)EAA Provider. The DPoP Proof JWT is signed using the private key for DPoP created by Wallet Instance for this scope. DPoP binds the Access Token to a certain Wallet Instance (:rfc:`9449`) and mitigates the misuse of leaked or stolen Access Tokens at the Credential Endpoint.

**Step 14 (Token Request):** The Wallet Instance sends a token request to the PID/(Q)EAA Provider Token Endpoint using the authorization ``code``, ``code_verifier`` and *DPoP Proof JWT*. The PID/(Q)EAA Provider performs the following checks:
**Step 14 (Token Request):** The Wallet Instance sends a token request to the PID/(Q)EAA Provider Token Endpoint with a *DPoP Proof JWT* and the parameters: ``code``, ``code_verifier``, and OAuth 2.0 Attestation based Client Authentication (``client_assertion_type=urn:ietf:params:oauth:client-assertion-type:jwt-client-attestation`` and ``client_assertion=WIA~WIA-PoP``).
The ``client_assertion`` is signed using the private key that is created during the setup phase to obtain the Wallet Instance Attestation. The related public key that is attested by the Wallet Provider is provided within the Wallet Instance Attestation (``cnf`` claim). The PID/(Q)EAA Provider performs the following checks on the Token Request:

1. It MUST ensure that the Authorization ``code`` is issued to the authenticated Wallet Instance (:rfc:`6749`) and was not replied.
2. It MUST ensure the Authorization ``code`` is valid and has not been previously used (:rfc:`6749`).
Expand Down Expand Up @@ -341,8 +342,8 @@ The PID/(Q)EAA Provider returns the issued ``request_uri`` to the Wallet Instanc
}
Where the decoded content of the ``jwt`` parameter is represented below,
without endpding and signature, for example purpose. The JWS header:
Where a non-normative example of the decoded content of the ``jwt`` parameter is represented below,
without encoding and signature. The JWS header:

.. code-block:: JSON
Expand All @@ -358,7 +359,7 @@ without endpding and signature, for example purpose. The JWS header:
}
And the The JWS payload:
And the JWS payload:

.. code-block:: JSON
Expand All @@ -370,15 +371,15 @@ And the The JWS payload:
}
**Steps 19-21 (Credential Response):** The PID/(Q)EAA Provider MUST validate the *DPoP JWT Proof* based on the steps defined in Section 4.3 of (:rfc:`9449`) and whether the *Access Token* is valid and suitable for the requested PID/(Q)EAA. It also MUST validate the proof of possession for the key material the new credential SHALL be bound to following the steps in Section 7.2.2 of `OPENID4VCI`_. If all checks succeed, the PID/(Q)EAA Provider creates a new Credential bound to the key material and provide it to the Wallet Instance. The Wallet Instance MUST perform the following checks before proceeding with the secure storage of the PID/(Q)EAA:
**Steps 19-21 (Credential Response):** The PID/(Q)EAA Provider MUST validate the *DPoP JWT Proof* based on the steps defined in Section 4.3 of (:rfc:`9449`) and whether the *Access Token* is valid and suitable for the requested PID/(Q)EAA. It also MUST validate the proof of possession for the key material the new credential SHALL be bound to, according to `OPENID4VCI`_ Section 7.2.2. If all checks succeed, the PID/(Q)EAA Provider creates a new Credential bound to the key material and provide it to the Wallet Instance. The Wallet Instance MUST perform the following checks before proceeding with the secure storage of the PID/(Q)EAA:

1. It MUST check that the PID Credential Response contains all the mandatory parameters and values are validated according to :ref:`Table of the credential response parameters <table_credential_response_claim>`.
2. It MUST check the PID integrity by verifying the signature using the algorithm specified in the ``alg`` header parameter of SD-JWT (:ref:`PID/(Q)EAA Data Model <pid_eaa_data_model.rst>`) and the public key that is identified using using the ``kid`` header of the SD-JWT.
3. It MUST check that the received PID (in credential claim) matches the schema defined in :ref:`PID/(Q)EAA Data Model <pid_eaa_data_model.rst>`.
4. It MUST process and verify the PID in SD-JWT VC format (according to `SD.JWT#Verification <https://drafts.oauth.net/oauth-selective-disclosure-jwt/draft-ietf-oauth-selective-disclosure-jwt.html#name-verification-and-processing>`_ Section 6.) or MDOC CBOR format.
5. It MUST verify the Trust Chain in the header of SD-JWT VC to verify that the PID Provider is trusted.

If the checks defined above are successful the Wallet Instance proceeds with the secure storage of the Digital Credential.
If the checks defined above are successful the Wallet Instance proceeds with the secure storage of the PID/(Q)EAA.

.. code-block:: http
Expand Down Expand Up @@ -508,7 +509,7 @@ The JWT payload is given by the following parameters:
- Unique identifier of the JWT that, together with the value contained in the ``iss`` claim, prevents the reuse of the JWT (replay attack). Since the `jti` value alone is not collision resistant, it MUST be identified uniquely together with its issuer.
- [:rfc:`7519`].

The JOSE header of the Wallet Instance Attestation Proof of Possession MUST contain:
The JOSE header of the Wallet Instance Attestation proof of possession MUST contain:

.. _table_jwt_pop:
.. list-table::
Expand All @@ -528,7 +529,7 @@ The JOSE header of the Wallet Instance Attestation Proof of Possession MUST cont
- It MUST be set to ``jwt-client-attestation-pop``
- Currently under discussion in [`oauth-attestation-draft <https://vcstuff.github.io/draft-ietf-oauth-attestation-based-client-auth/draft-ietf-oauth-attestation-based-client-auth.html>`_].

The body of the Wallet Instance Attestation Proof of Possession JWT MUST contain:
The body of the Wallet Instance Attestation proof of possession JWT MUST contain:

.. list-table::
:widths: 20 60 20
Expand Down Expand Up @@ -633,15 +634,15 @@ If the authentication is successful the PID/(Q)EAA Issuer redirects the User by
Token endpoint
--------------

The token endpoint is used by the Wallet Instance to obtain an Access Token by presenting its authorization grant, as
The token endpoint is used by the Wallet Instance to obtain an Access Token by presenting an authorization grant, as
defined in :rfc:`6749`. The Token Endpoint is a protected endpoint with a client authentication based on the model defined in OAuth 2.0 Attestation-based Client Authentication [`oauth-attestation-draft <https://vcstuff.github.io/draft-ietf-oauth-attestation-based-client-auth/draft-ietf-oauth-attestation-based-client-auth.html>`_].

Token Request
^^^^^^^^^^^^^^^

The request to the PID/(Q)EAA Token endpoint MUST be an HTTP request with method POST, with the body message encoded in ``application/x-www-form-urlencoded`` format. The Wallet Instance sends the Token endpoint request with ``client_assertion_type=urn:ietf:params:oauth:client-assertion-type:jwt-client-attestation`` and ``client_assertion=WIA~WIA-PoP``.

The Token endpoint MUST accept and validate the DPoP proof sent in the DPoP HTTP header. The Token endpoint MUST validate the DPoP proof according to Section 4.3 of the DPoP specifications (:rfc:`9449`). Thus, this mitigates the misuse of leaked or stolen Access Tokens at the credential endpoint. If the DPoP proof is invalid, the Token endpoint returns an error response, according to Section 5.2 of [:rfc:`6749`] with ``invalid_dpop_proof`` as the value of the error parameter.
The Token endpoint MUST accept and validate the DPoP proof sent in the DPoP HTTP header. The Token endpoint MUST validate the DPoP proof according to Section 4.3 of the DPoP specifications (:rfc:`9449`). This mitigates the misuse of leaked or stolen Access Tokens at the credential endpoint. If the DPoP proof is invalid, the Token endpoint returns an error response, according to Section 5.2 of [:rfc:`6749`] with ``invalid_dpop_proof`` as the value of the error parameter.

All the parameters listed below are REQUIRED:

Expand Down Expand Up @@ -683,7 +684,7 @@ The JOSE header of a **DPoP JWT** MUST contain at least the following parameters
- A digital signature algorithm identifier such as per IANA "JSON Web Signature and Encryption Algorithms" registry. It MUST be one of the supported algorithms in Section :ref:`Cryptographic Algorithms <supported_algs>` and MUST NOT be set to ``none`` or with a symmetric algorithm (MAC) identifier.
- [:rfc:`7515`].
* - **jwk**
- It represents the public key chosen by the Wallet Instance, in JSON Web Key (JWK) [:rfc:`7517`] format that the Access Token SHALL be bound to, as defined in Section 4.1.3 of [:rfc:`7515`]. It MUST NOT contain a private key.
- It represents the public key chosen by the Wallet Instance, in JSON Web Key (JWK) [:rfc:`7517`] format that the Access Token SHALL be bound to, as defined in [:rfc:`7515`] Section 4.1.3. It MUST NOT contain a private key.
- [:rfc:`7517`] and [:rfc:`7515`].


Expand Down Expand Up @@ -732,7 +733,7 @@ Token endpoint response MUST contain the following mandatory claims.
- Expiry time of the *Access Token* in seconds.
- :rfc:`6749`.
* - **c_nonce**
- JSON string containing a ``nonce`` value to be used to create a *proof of possession* of key material when requesting a credential.
- JSON string containing a ``nonce`` value to be used to create a *proof of possession* of key material when requesting a Credential.
- `[OIDC4VCI. Draft 13] <https://openid.bitbucket.io/connect/openid-4-verifiable-credential-issuance-1_0.html>`_.
* - **c_nonce_expires_in**
- JSON integer, it represents the lifetime in seconds of the **c_nonce**.
Expand Down

0 comments on commit 3a1f5b4

Please sign in to comment.