Skip to content

Commit

Permalink
Deploy to GitHub pages
Browse files Browse the repository at this point in the history
  • Loading branch information
@github-actions
github-actions[bot] authored Jul 19, 2023
1 parent ed4a126 commit 527fc63
Show file tree
Hide file tree
Showing 22 changed files with 1,019 additions and 860 deletions.
Binary file modified .doctrees/environment.pickle
View file
Binary file not shown.
Binary file modified .doctrees/wallet-instance-attestation.doctree
View file
Binary file not shown.
Binary file modified .doctrees/wallet-solution.doctree
View file
Binary file not shown.
451 changes: 121 additions & 330 deletions _sources/wallet-instance-attestation.rst.txt
View file

Large diffs are not rendered by default.

194 changes: 194 additions & 0 deletions _sources/wallet-solution.rst.txt
View file
Original file line number Diff line number Diff line change
Expand Up @@ -62,6 +62,200 @@ Deactivation
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Users have the ability to deactivate the Wallet Instance voluntarily. This action removes the operational capabilities of the Wallet Instance and sets it to the deactivated state. Deactivation provides Users with control over access and usage according to their preferences.


Wallet Provider Endpoints
^^^^^^^^^^^^^^^^^^^^^^^^^

The Wallet Provider that issues the Wallet Instance Attestations must
make available a series of APIs in REST format that follow the OpenID
Federation standard.

Wallet Provider Metadata
~~~~~~~~~~~~~~~~~~~~~~~~~~~~
A **GET /.well-known/openid-federation endpoint** for retrieving the Wallet
Provider Entity Configuration.

The Wallet Provider Entity Configuration is a JWS containing the public keys and supported algorithms of the Wallet Provider metadata definition. It is structured in accordance with the `OpenID Connect Federation <https://openid.net/specs/openid-connect-federation-1_0.html>`_ and the Trust Model section outlined in this specification.

Header
^^^^^^
+---------+-----------------------------------------------------------------+
| **Key** | **Value** |
+---------+-----------------------------------------------------------------+
| alg | Algorithm employed to verify the token signature (e.g., ES256). |
+---------+-----------------------------------------------------------------+
| kid | Thumbprint of the public key used for signing. |
+---------+-----------------------------------------------------------------+
| typ | Media type, here we use the entity-statement+jwt value. |
+---------+-----------------------------------------------------------------+

Payload
^^^^^^^
+-----------------------------------+-----------------------------------+
| **Key** | **Value** |
+-----------------------------------+-----------------------------------+
| iss | Public URL of the Wallet |
| | Provider. |
+-----------------------------------+-----------------------------------+
| sub | Public URL of the Wallet |
| | Provider. |
+-----------------------------------+-----------------------------------+
| iat | Issuance datetime in |
| | Unix Timestamp format. |
+-----------------------------------+-----------------------------------+
| exp | Expiration datetime |
| | in Unix Timestamp format. |
+-----------------------------------+-----------------------------------+
| jwks | Contains an array of all public |
| | keys associated with the domain. |
| | These could match the Wallet |
| | Provider's keys. |
+-----------------------------------+-----------------------------------+
| metadata | For each entity, this attribute |
| | houses its metadata. In this case,|
| | it contains the Wallet Provider's |
| | metadata within the |
| | ``eudi_wallet_provider`` attribute|
| | and the generic entity |
| | ``federation_entity``. |
+-----------------------------------+-----------------------------------+

Payload `wallet_provider`
~~~~~~~~~~~~~~~~~~~~~~~~~

+---------------------------------------------+------------------------------------+
| **Key** | **Value** |
+---------------------------------------------+------------------------------------+
| jwks | Contains an array of all the Wallet|
| | Provider's public keys. |
+---------------------------------------------+------------------------------------+
| token_endpoint | Endpoint for obtaining the Wallet |
| | Instance Attestation. |
+---------------------------------------------+------------------------------------+
| attested_security_context_values_supported | List of supported values for the |
| | certified security context. These |
| | values specify the security level |
| | of the app—low, medium, or high. |
| | An attested security context is |
| | defined by the proof that the |
| | Wallet Instance can send to the |
| | Wallet Provider. Note: this |
| | parameter is defined in this |
| | specification |
+---------------------------------------------+------------------------------------+
| grant_types_supported | The types of grants supported by |
| | the endpoint token. It MUST be set to |
| | ``urn:ietf:params:oauth:client-assertion-type:jwt-key-attestation`` |
+---------------------------------------------+------------------------------------+
| token_endpoint_auth_methods_suppor | Supported authentication method for|
| ted | the endpoint token. |
+---------------------------------------------+------------------------------------+
| token_endpoint_auth_signing_alg_va | List of supported signature |
| lues_supported | algorithms. |
+---------------------------------------------+------------------------------------+

.. note::
The `asc_values_supported` parameter is experimental and under review.

Payload `federation_entity`
~~~~~~~~~~~~~~~~~~~~~~~~~~~~

+-------------------+----------------------------------------------+
| **Key** | **Value** |
+-------------------+----------------------------------------------+
| organization_name | Organization name. |
+-------------------+----------------------------------------------+
| homepage_uri | Organization's website URL. |
+-------------------+----------------------------------------------+
| tos_uri | URL to the terms of service. |
+-------------------+----------------------------------------------+
| policy_uri | URL to the privacy policy. |
+-------------------+----------------------------------------------+
| logo_uri | URL of the organization's logo in SVG format.|
+-------------------+----------------------------------------------+

Below a non-normative example of the Entity Configuration.

.. code-block:: javascript
{
"alg": "ES256",
"kid": "5t5YYpBhN-EgIEEI5iUzr6r0MR02LnVQ0OmekmNKcjY",
"typ": "entity-statement+jwt"
}
.
{
"iss": "https://wallet-provider.example.org",
"sub": "https://wallet-provider.example.org",
"jwks": {
"keys": [
{
"crv": "P-256",
"kty": "EC",
"x": "qrJrj3Af_B57sbOIRrcBM7br7wOc8ynj7lHFPTeffUk",
"y": "1H0cWDyGgvU8w-kPKU_xycOCUNT2o0bwslIQtnPU6iM",
"kid": "5t5YYpBhN-EgIEEI5iUzr6r0MR02LnVQ0OmekmNKcjY"
}
]
},
"metadata": {
"wallet_provider": {
"jwks": {
"keys": [
{
"crv": "P-256",
"kty": "EC",
"x": "qrJrj3Af_B57sbOIRrcBM7br7wOc8ynj7lHFPTeffUk",
"y": "1H0cWDyGgvU8w-kPKU_xycOCUNT2o0bwslIQtnPU6iM",
"kid": "5t5YYpBhN-EgIEEI5iUzr6r0MR02LnVQ0OmekmNKcjY"
}
]
},
"token_endpoint": "https://wallet-provider.example.org/token",
"attested_security_context_values_supported": [
"https://wallet-provider.example.org/LoA/basic",
"https://wallet-provider.example.org/LoA/medium",
"https://wallet-provider.example.org/LoA/high"
],
"grant_types_supported": [
"urn:ietf:params:oauth:client-assertion-type:jwt-key-attestation"
],
"token_endpoint_auth_methods_supported": [
"private_key_jwt"
],
"token_endpoint_auth_signing_alg_values_supported": [
"ES256",
"ES384",
"ES512"
]
},
"federation_entity": {
"organization_name": "PagoPa S.p.A.",
"homepage_uri": "https://wallet-provider.example.org",
"policy_uri": "https://wallet-provider.example.org/privacy_policy",
"tos_uri": "https://wallet-provider.example.org/info_policy",
"logo_uri": "https://wallet-provider.example.org/logo.svg"
}
},
"iat": 1687171759,
"exp": 1709290159
}
Wallet Instance Attestation
~~~~~~~~~~~~~~~~~~~~~~~~~~~~

The **token** endpoint requires two parameters as input, in HTTP Post method:

``grant_type`` which in our case is a string:
``urn:ietf:params:oauth:client-assertion-type:jwt-key-attestation``

``assertion`` which contains the signed JWT of the Wallet Instance Attestation
Request.

The response will then contain the Wallet Instance Attestation.


External references
^^^^^^^^^^^^^^^^^^^^
¹ Definitions are inherited from the EUDI Wallet Architecture and Reference Framework, version 1.1.0 at the time of writing. Please refer to `this page <https://github.com/eu-digital-identity-wallet/eudi-doc-architecture-and-reference-framework/blob/9647a408f628569449af6b30a15fed82cd41129a/arf.md#2-definitions>`_ for extended definitions and details.
Expand Down
42 changes: 30 additions & 12 deletions algorithms.html
View file
Original file line number Diff line number Diff line change
Expand Up @@ -659,22 +659,31 @@ <h2 class='tooltip__title'>{{ item.title }}</h2>
<li class="toctree-l3"><a class="reference internal" href="wallet-solution.html#deactivation">Deactivation</a></li>
</ul>
</li>
<li class="toctree-l2"><a class="reference internal" href="wallet-solution.html#wallet-provider-endpoints">Wallet Provider Endpoints</a><ul>
<li class="toctree-l3"><a class="reference internal" href="wallet-solution.html#wallet-provider-metadata">Wallet Provider Metadata</a></li>
</ul>
</li>
<li class="toctree-l2"><a class="reference internal" href="wallet-solution.html#header">Header</a></li>
<li class="toctree-l2"><a class="reference internal" href="wallet-solution.html#payload">Payload</a><ul>
<li class="toctree-l3"><a class="reference internal" href="wallet-solution.html#payload-wallet-provider">Payload <cite>wallet_provider</cite></a></li>
<li class="toctree-l3"><a class="reference internal" href="wallet-solution.html#payload-federation-entity">Payload <cite>federation_entity</cite></a></li>
<li class="toctree-l3"><a class="reference internal" href="wallet-solution.html#wallet-instance-attestation">Wallet Instance Attestation</a></li>
</ul>
</li>
<li class="toctree-l2"><a class="reference internal" href="wallet-solution.html#external-references">External references</a></li>
</ul>
</li>
<li class="toctree-l1"><a class="reference internal" href="wallet-instance-attestation.html">Wallet Instance Attestation</a><ul>
<li class="toctree-l2"><a class="reference internal" href="wallet-instance-attestation.html#general-properties">General Properties</a></li>
<li class="toctree-l2"><a class="reference internal" href="wallet-instance-attestation.html#requirements">Requirements</a></li>
<li class="toctree-l2"><a class="reference internal" href="wallet-instance-attestation.html#high-end-design">High-end design</a><ul>
<li class="toctree-l3"><a class="reference internal" href="wallet-instance-attestation.html#static-view-of-the-components">Static view of the components</a></li>
<li class="toctree-l3"><a class="reference internal" href="wallet-instance-attestation.html#dynamic-view-of-the-components">Dynamic view of the components</a></li>
<li class="toctree-l2"><a class="reference internal" href="wallet-instance-attestation.html#high-level-design">High-level Design</a><ul>
<li class="toctree-l3"><a class="reference internal" href="wallet-instance-attestation.html#static-component-view">Static Component View</a></li>
<li class="toctree-l3"><a class="reference internal" href="wallet-instance-attestation.html#dynamic-component-view">Dynamic Component View</a></li>
</ul>
</li>
<li class="toctree-l2"><a class="reference internal" href="wallet-instance-attestation.html#detail-design">Detail design</a><ul>
<li class="toctree-l3"><a class="reference internal" href="wallet-instance-attestation.html#format-of-the-wallet-provider-entity-configuration">Format of the Wallet Provider Entity Configuration</a></li>
<li class="toctree-l2"><a class="reference internal" href="wallet-instance-attestation.html#detailed-design">Detailed Design</a><ul>
<li class="toctree-l3"><a class="reference internal" href="wallet-instance-attestation.html#format-of-the-wallet-instance-attestation-request">Format of the Wallet Instance Attestation Request</a></li>
<li class="toctree-l3"><a class="reference internal" href="wallet-instance-attestation.html#format-of-the-wallet-instance-attestation">Format of the Wallet Instance Attestation</a></li>
<li class="toctree-l3"><a class="reference internal" href="wallet-instance-attestation.html#endpoints">Endpoints</a></li>
</ul>
</li>
</ul>
Expand Down Expand Up @@ -891,22 +900,31 @@ <h2 class='tooltip__title'>{{ item.title }}</h2>
<li class="toctree-l3"><a class="reference internal" href="wallet-solution.html#deactivation">Deactivation</a></li>
</ul>
</li>
<li class="toctree-l2"><a class="reference internal" href="wallet-solution.html#wallet-provider-endpoints">Wallet Provider Endpoints</a><ul>
<li class="toctree-l3"><a class="reference internal" href="wallet-solution.html#wallet-provider-metadata">Wallet Provider Metadata</a></li>
</ul>
</li>
<li class="toctree-l2"><a class="reference internal" href="wallet-solution.html#header">Header</a></li>
<li class="toctree-l2"><a class="reference internal" href="wallet-solution.html#payload">Payload</a><ul>
<li class="toctree-l3"><a class="reference internal" href="wallet-solution.html#payload-wallet-provider">Payload <cite>wallet_provider</cite></a></li>
<li class="toctree-l3"><a class="reference internal" href="wallet-solution.html#payload-federation-entity">Payload <cite>federation_entity</cite></a></li>
<li class="toctree-l3"><a class="reference internal" href="wallet-solution.html#wallet-instance-attestation">Wallet Instance Attestation</a></li>
</ul>
</li>
<li class="toctree-l2"><a class="reference internal" href="wallet-solution.html#external-references">External references</a></li>
</ul>
</li>
<li class="toctree-l1"><a class="reference internal" href="wallet-instance-attestation.html">Wallet Instance Attestation</a><ul>
<li class="toctree-l2"><a class="reference internal" href="wallet-instance-attestation.html#general-properties">General Properties</a></li>
<li class="toctree-l2"><a class="reference internal" href="wallet-instance-attestation.html#requirements">Requirements</a></li>
<li class="toctree-l2"><a class="reference internal" href="wallet-instance-attestation.html#high-end-design">High-end design</a><ul>
<li class="toctree-l3"><a class="reference internal" href="wallet-instance-attestation.html#static-view-of-the-components">Static view of the components</a></li>
<li class="toctree-l3"><a class="reference internal" href="wallet-instance-attestation.html#dynamic-view-of-the-components">Dynamic view of the components</a></li>
<li class="toctree-l2"><a class="reference internal" href="wallet-instance-attestation.html#high-level-design">High-level Design</a><ul>
<li class="toctree-l3"><a class="reference internal" href="wallet-instance-attestation.html#static-component-view">Static Component View</a></li>
<li class="toctree-l3"><a class="reference internal" href="wallet-instance-attestation.html#dynamic-component-view">Dynamic Component View</a></li>
</ul>
</li>
<li class="toctree-l2"><a class="reference internal" href="wallet-instance-attestation.html#detail-design">Detail design</a><ul>
<li class="toctree-l3"><a class="reference internal" href="wallet-instance-attestation.html#format-of-the-wallet-provider-entity-configuration">Format of the Wallet Provider Entity Configuration</a></li>
<li class="toctree-l2"><a class="reference internal" href="wallet-instance-attestation.html#detailed-design">Detailed Design</a><ul>
<li class="toctree-l3"><a class="reference internal" href="wallet-instance-attestation.html#format-of-the-wallet-instance-attestation-request">Format of the Wallet Instance Attestation Request</a></li>
<li class="toctree-l3"><a class="reference internal" href="wallet-instance-attestation.html#format-of-the-wallet-instance-attestation">Format of the Wallet Instance Attestation</a></li>
<li class="toctree-l3"><a class="reference internal" href="wallet-instance-attestation.html#endpoints">Endpoints</a></li>
</ul>
</li>
</ul>
Expand Down
Loading

0 comments on commit 527fc63

Please sign in to comment.