-
Notifications
You must be signed in to change notification settings - Fork 19
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
1 parent
754bc43
commit 8302df2
Showing
6 changed files
with
87 additions
and
112 deletions.
There are no files selected for viewing
Binary file not shown.
Binary file not shown.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
|
|
@@ -914,7 +914,12 @@ Credential Response to the Wallet Instance MUST be sent using `application/json` | |
| Entity Configuration Credential Issuer | ||
| ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ | ||
|
|
||
| Below is a non-normative example of an Entity Configuration containing an `openid_credential_issuer` metadata. | ||
| Below is a non-normative example of an Entity Configuration of a PID Provider containing a metadata for | ||
|
|
||
| - `federation_entity` | ||
| - `oauth_authorization_server` | ||
| - `openid_credential_issuer` | ||
| - `openid_relying_party` | ||
|
|
||
| .. code-block:: http | ||
|
|
@@ -945,26 +950,31 @@ Below is a non-normative example of an Entity Configuration containing an `openi | |
| }, | ||
| "authority_hints": ["https://superior-entity.example.org/federation"], | ||
| "metadata": { | ||
| "federation_entity": { | ||
| "organization_name": "PID Provider Organization Example", | ||
| "homepage_uri": "https://pid-provider.example.org", | ||
| "policy_uri": "https://pid-provider.example.org/privacy_policy", | ||
| "tos_uri": "https://pid-provider.example.org/info_policy", | ||
| "logo_uri": "https://pid-provider.example.org/logo.svg", | ||
| "contacts": ["[email protected]"], | ||
| "federation_resolve_endpoint": "https://pid-provider.example.org/resolve" | ||
| }, | ||
| "oauth_authorization_server": { | ||
| "authorization_endpoint": "https://pid-provider.example.org/authorization", | ||
| "pushed_authorization_request_endpoint": "https://pid-provider.example.org/connect/par", | ||
| "dpop_signing_alg_values_supported": ["RS256", "RS512", "ES256", "ES512"], | ||
| "revocation_endpoint": "https://pid-provider.example.org/revocation", | ||
| "id_token_encryption_alg_values_supported": ["RSA-OAEP"], | ||
| "id_token_encryption_enc_values_supported": ["A128CBC-HS256"], | ||
| "token_endpoint": "https://pid-provider.example.org/token", | ||
| "userinfo_endpoint": "https://pid-provider.example.org/userinfo", | ||
| "introspection_endpoint": "https://pid-provider.example.org/introspection", | ||
| "contacts": ["[email protected]"], | ||
| "client_registration_types_supported": ["automatic"], | ||
| "code_challenge_methods_supported": ["S256"], | ||
| "request_authentication_methods_supported": {"ar": ["request_object"]}, | ||
| "authorization_details_types_supported":[ | ||
| "openid_credential", | ||
| ], | ||
| "acr_values_supported": [ | ||
| "https://www.spid.gov.it/SpidL2", | ||
| "https://www.spid.gov.it/SpidL3" | ||
| ], | ||
| "grant_types_supported": ["authorization_code"], | ||
| "id_token_signing_alg_values_supported": ["ES256"], | ||
| "issuer": "https://pid-provider.example.org", | ||
| "jwks": { | ||
| "keys": [ | ||
|
|
@@ -976,20 +986,13 @@ Below is a non-normative example of an Entity Configuration containing an `openi | |
| ] | ||
| }, | ||
| "scopes_supported": [ | ||
| "openid", | ||
| "offline_access", | ||
| "PersonIdentificationData" | ||
| ], | ||
| "logo_uri": "https://pid-provider.example.org/static/svg/spid-logo-c-lb.svg", | ||
| "organization_name": "Authorization Server", | ||
| "op_policy_uri": "https://pid-provider.example.org/legal-information/", | ||
| "request_parameter_supported":true, | ||
| "request_uri_parameter_supported":true, | ||
| "require_request_uri_registration":true, | ||
| "request_uri_parameter_supported":false, | ||
| "response_types_supported": ["code"], | ||
| "subject_types_supported": [ | ||
| "pairwise", | ||
| "public" | ||
| ], | ||
| "token_endpoint_auth_methods_supported": [ | ||
| "attest_jwt_client_auth" | ||
|
|
@@ -999,33 +1002,18 @@ Below is a non-normative example of an Entity Configuration containing an `openi | |
| "ES384", | ||
| "ES512" | ||
| ], | ||
| "userinfo_encryption_alg_values_supported": [ | ||
| "RSA-OAEP", | ||
| "RSA-OAEP-256" | ||
| ], | ||
| "userinfo_encryption_enc_values_supported": [ | ||
| "A128CBC-HS256", | ||
| "A192CBC-HS384", | ||
| "A256CBC-HS512", | ||
| "A128GCM", | ||
| "A192GCM", | ||
| "A256GCM" | ||
| ], | ||
| "userinfo_signing_alg_values_supported": [ | ||
| "ES256", | ||
| "ES384", | ||
| "ES512" | ||
| ], | ||
| "request_object_signing_alg_values_supported": [ | ||
| "ES256", | ||
| "ES384", | ||
| "ES512" | ||
| ] | ||
| }, | ||
| "openid_credential_issuer": { | ||
| "credential_issuer": "https://pid-provider.example.org", | ||
| "authorization_servers": ["https://pid-provider.example.org"], | ||
| "credential_issuer": "https://pid-provider.example.org", | ||
| "credential_endpoint": "https://pid-provider.example.org/credential", | ||
| "revocation_endpoint": "https://pid-provider.example.org/revoke", | ||
| "status_attestation_endpoint": "https://pid-provider.example.org/status", | ||
| "credential_hash_alg_supported": "sha-256", | ||
| "display": [ | ||
| { | ||
| "name": "PID Provider Italiano di esempio", | ||
|
|
@@ -1086,6 +1074,24 @@ Below is a non-normative example of an Entity Configuration containing an `openi | |
| ], | ||
| "credential_definition": { | ||
| "type": ["PersonIdentificationData"], | ||
| "verification": { | ||
| "trust_framework": "eidas", | ||
| "assurance_level": "high", | ||
| "evidence": [ | ||
| { | ||
| "type": "electronic_record", | ||
| "record": { | ||
| "type": "https://eudi.wallet.cie.gov.it", | ||
| "source": { | ||
| "organization_name": "Ministero dell'Interno", | ||
| "organization_id": | ||
| "urn:eudi:it:organization_id:ipa_code:m_it", | ||
| "country_code": "IT" | ||
| } | ||
| } | ||
| } | ||
| ] | ||
| }, | ||
| "credentialSubject": { | ||
| "given_name": { | ||
| "mandatory": true, | ||
|
|
@@ -1111,7 +1117,7 @@ Below is a non-normative example of an Entity Configuration containing an `openi | |
| } | ||
| ] | ||
| }, | ||
| "birthdate": { | ||
| "birth_date": { | ||
| "mandatory": true, | ||
| "display": [{ | ||
| "name": "Date of Birth", | ||
|
|
@@ -1123,18 +1129,6 @@ Below is a non-normative example of an Entity Configuration containing an `openi | |
| } | ||
| ] | ||
| }, | ||
| "place_of_birth": { | ||
| "mandatory": true, | ||
| "display": [{ | ||
| "name": "Place of Birth", | ||
| "locale": "en-US" | ||
| }, | ||
| { | ||
| "name": "Luogo di Nascita", | ||
| "locale": "it-IT" | ||
| } | ||
| ] | ||
| }, | ||
| "unique_id": { | ||
| "mandatory": true, | ||
| "display": [{ | ||
|
|
@@ -1164,14 +1158,6 @@ Below is a non-normative example of an Entity Configuration containing an `openi | |
| } | ||
| } | ||
| }, | ||
| "federation_entity": { | ||
| "organization_name": "PID Provider Organization Example", | ||
| "homepage_uri": "https://pid-provider.example.org", | ||
| "policy_uri": "https://pid-provider.example.org/privacy_policy", | ||
| "tos_uri": "https://pid-provider.example.org/info_policy", | ||
| "logo_uri": "https://pid-provider.example.org/logo.svg" | ||
| }, | ||
| "openid_relying_party": { | ||
| <This is the metadata of the PID/EAA Provider acting as a Relying Party in the national digital identity systems (CIE/SPID). See spid-cie-oidc-docs for details.> | ||
| } | ||
|
|
||
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
|
|
@@ -2100,7 +2100,15 @@ <h3>Credential Response<a class="headerlink" href="#credential-response" title=" | |
| </section> | ||
| <section id="entity-configuration-credential-issuer"> | ||
| <span id="id38"></span><h3>Entity Configuration Credential Issuer<a class="headerlink" href="#entity-configuration-credential-issuer" title="Permalink to this heading">¶</a></h3> | ||
| <p>Below is a non-normative example of an Entity Configuration containing an <cite>openid_credential_issuer</cite> metadata.</p> | ||
| <p>Below is a non-normative example of an Entity Configuration of a PID Provider containing a metadata for</p> | ||
| <blockquote> | ||
| <div><ul class="simple"> | ||
| <li><p><cite>federation_entity</cite></p></li> | ||
| <li><p><cite>oauth_authorization_server</cite></p></li> | ||
| <li><p><cite>openid_credential_issuer</cite></p></li> | ||
| <li><p><cite>openid_relying_party</cite></p></li> | ||
| </ul> | ||
| </div></blockquote> | ||
| <div class="highlight-http notranslate"><div class="highlight"><pre><span></span><span class="kr">HTTP</span><span class="o">/</span><span class="m">1.1</span> <span class="m">200</span> <span class="ne">OK</span> | ||
| <span class="na">Content-Type</span><span class="o">:</span> <span class="l">application/entity-statement+jwt</span> | ||
|
|
||
|
|
@@ -2128,26 +2136,31 @@ <h3>Credential Response<a class="headerlink" href="#credential-response" title=" | |
| }, | ||
| "authority_hints": ["https://superior-entity.example.org/federation"], | ||
| "metadata": { | ||
| "federation_entity": { | ||
| "organization_name": "PID Provider Organization Example", | ||
| "homepage_uri": "https://pid-provider.example.org", | ||
| "policy_uri": "https://pid-provider.example.org/privacy_policy", | ||
| "tos_uri": "https://pid-provider.example.org/info_policy", | ||
| "logo_uri": "https://pid-provider.example.org/logo.svg", | ||
| "contacts": ["[email protected]"], | ||
| "federation_resolve_endpoint": "https://pid-provider.example.org/resolve" | ||
| }, | ||
| "oauth_authorization_server": { | ||
| "authorization_endpoint": "https://pid-provider.example.org/authorization", | ||
| "pushed_authorization_request_endpoint": "https://pid-provider.example.org/connect/par", | ||
| "dpop_signing_alg_values_supported": ["RS256", "RS512", "ES256", "ES512"], | ||
| "revocation_endpoint": "https://pid-provider.example.org/revocation", | ||
| "id_token_encryption_alg_values_supported": ["RSA-OAEP"], | ||
| "id_token_encryption_enc_values_supported": ["A128CBC-HS256"], | ||
| "token_endpoint": "https://pid-provider.example.org/token", | ||
| "userinfo_endpoint": "https://pid-provider.example.org/userinfo", | ||
| "introspection_endpoint": "https://pid-provider.example.org/introspection", | ||
| "contacts": ["[email protected]"], | ||
| "client_registration_types_supported": ["automatic"], | ||
| "code_challenge_methods_supported": ["S256"], | ||
| "request_authentication_methods_supported": {"ar": ["request_object"]}, | ||
| "authorization_details_types_supported":[ | ||
| "openid_credential", | ||
| ], | ||
| "acr_values_supported": [ | ||
| "https://www.spid.gov.it/SpidL2", | ||
| "https://www.spid.gov.it/SpidL3" | ||
| ], | ||
| "grant_types_supported": ["authorization_code"], | ||
| "id_token_signing_alg_values_supported": ["ES256"], | ||
| "issuer": "https://pid-provider.example.org", | ||
| "jwks": { | ||
| "keys": [ | ||
|
|
@@ -2159,20 +2172,13 @@ <h3>Credential Response<a class="headerlink" href="#credential-response" title=" | |
| ] | ||
| }, | ||
| "scopes_supported": [ | ||
| "openid", | ||
| "offline_access", | ||
| "PersonIdentificationData" | ||
| ], | ||
| "logo_uri": "https://pid-provider.example.org/static/svg/spid-logo-c-lb.svg", | ||
| "organization_name": "Authorization Server", | ||
| "op_policy_uri": "https://pid-provider.example.org/legal-information/", | ||
| "request_parameter_supported":true, | ||
| "request_uri_parameter_supported":true, | ||
| "require_request_uri_registration":true, | ||
| "request_uri_parameter_supported":false, | ||
| "response_types_supported": ["code"], | ||
| "subject_types_supported": [ | ||
| "pairwise", | ||
| "public" | ||
| ], | ||
| "token_endpoint_auth_methods_supported": [ | ||
| "attest_jwt_client_auth" | ||
|
|
@@ -2182,23 +2188,6 @@ <h3>Credential Response<a class="headerlink" href="#credential-response" title=" | |
| "ES384", | ||
| "ES512" | ||
| ], | ||
| "userinfo_encryption_alg_values_supported": [ | ||
| "RSA-OAEP", | ||
| "RSA-OAEP-256" | ||
| ], | ||
| "userinfo_encryption_enc_values_supported": [ | ||
| "A128CBC-HS256", | ||
| "A192CBC-HS384", | ||
| "A256CBC-HS512", | ||
| "A128GCM", | ||
| "A192GCM", | ||
| "A256GCM" | ||
| ], | ||
| "userinfo_signing_alg_values_supported": [ | ||
| "ES256", | ||
| "ES384", | ||
| "ES512" | ||
| ], | ||
| "request_object_signing_alg_values_supported": [ | ||
| "ES256", | ||
| "ES384", | ||
|
|
@@ -2207,8 +2196,10 @@ <h3>Credential Response<a class="headerlink" href="#credential-response" title=" | |
| }, | ||
| "openid_credential_issuer": { | ||
| "credential_issuer": "https://pid-provider.example.org", | ||
| "authorization_servers": ["https://pid-provider.example.org"], | ||
| "credential_endpoint": "https://pid-provider.example.org/credential", | ||
| "revocation_endpoint": "https://pid-provider.example.org/revoke", | ||
| "status_attestation_endpoint": "https://pid-provider.example.org/status", | ||
| "credential_hash_alg_supported": "sha-256", | ||
| "display": [ | ||
| { | ||
| "name": "PID Provider Italiano di esempio", | ||
|
|
@@ -2269,6 +2260,24 @@ <h3>Credential Response<a class="headerlink" href="#credential-response" title=" | |
| ], | ||
| "credential_definition": { | ||
| "type": ["PersonIdentificationData"], | ||
| "verification": { | ||
| "trust_framework": "eidas", | ||
| "assurance_level": "high", | ||
| "evidence": [ | ||
| { | ||
| "type": "electronic_record", | ||
| "record": { | ||
| "type": "https://eudi.wallet.cie.gov.it", | ||
| "source": { | ||
| "organization_name": "Ministero dell'Interno", | ||
| "organization_id": | ||
| "urn:eudi:it:organization_id:ipa_code:m_it", | ||
| "country_code": "IT" | ||
| } | ||
| } | ||
| } | ||
| ] | ||
| }, | ||
| "credentialSubject": { | ||
| "given_name": { | ||
| "mandatory": true, | ||
|
|
@@ -2294,7 +2303,7 @@ <h3>Credential Response<a class="headerlink" href="#credential-response" title=" | |
| } | ||
| ] | ||
| }, | ||
| "birthdate": { | ||
| "birth_date": { | ||
| "mandatory": true, | ||
| "display": [{ | ||
| "name": "Date of Birth", | ||
|
|
@@ -2306,18 +2315,6 @@ <h3>Credential Response<a class="headerlink" href="#credential-response" title=" | |
| } | ||
| ] | ||
| }, | ||
| "place_of_birth": { | ||
| "mandatory": true, | ||
| "display": [{ | ||
| "name": "Place of Birth", | ||
| "locale": "en-US" | ||
| }, | ||
| { | ||
| "name": "Luogo di Nascita", | ||
| "locale": "it-IT" | ||
| } | ||
| ] | ||
| }, | ||
| "unique_id": { | ||
| "mandatory": true, | ||
| "display": [{ | ||
|
|
@@ -2347,14 +2344,6 @@ <h3>Credential Response<a class="headerlink" href="#credential-response" title=" | |
| } | ||
| } | ||
| }, | ||
| "federation_entity": { | ||
| "organization_name": "PID Provider Organization Example", | ||
| "homepage_uri": "https://pid-provider.example.org", | ||
| "policy_uri": "https://pid-provider.example.org/privacy_policy", | ||
| "tos_uri": "https://pid-provider.example.org/info_policy", | ||
| "logo_uri": "https://pid-provider.example.org/logo.svg" | ||
| }, | ||
|
|
||
| "openid_relying_party": { | ||
| <This is the metadata of the PID/EAA Provider acting as a Relying Party in the national digital identity systems (CIE/SPID). See spid-cie-oidc-docs for details.> | ||
| } | ||
|
|
||
Large diffs are not rendered by default.
Oops, something went wrong.
Binary file not shown.