Skip to content

Commit

Permalink
Merge remote-tracking branch 'origin/versione-corrente' into backup-r…
Browse files Browse the repository at this point in the history 
…estore
  • Loading branch information
@ruphy
ruphy committed Dec 22, 2023
2 parents 7610c17 + 5d8ba19 commit da025e5
Show file tree
Hide file tree
Showing 10 changed files with 815 additions and 277 deletions.
1 change: 0 additions & 1 deletion README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -27,7 +27,6 @@ This repository hosts the sphinx project tree of EUDI Wallet Technical Specifica
The stable release in different languages is published at the link below:

- [English](https://italia.github.io/eudi-wallet-it-docs/versione-corrente/en/)
- [Italian](https://italia.github.io/eudi-wallet-it-docs/versione-corrente/it/)

### Preview of a branch

Expand Down
6 changes: 3 additions & 3 deletions docs/en/index.rst
View file
Original file line number Diff line number Diff line change
Expand Up @@ -43,14 +43,14 @@ Index of content
ssi-introduction.rst
defined-terms.rst
trust.rst
pid-eaa-data-model.rst
pid-eaa-issuance.rst
wallet-solution.rst
wallet-instance-attestation.rst
pid-eaa-data-model.rst
pid-eaa-issuance.rst
relying-party-solution.rst
revocation-lists.rst
pseudonyms.rst
backup-restore.rst
revocation-lists.rst
algorithms.rst
contribute.rst
standards.rst
Expand Down
517 changes: 506 additions & 11 deletions docs/en/pid-eaa-data-model.rst
View file

Large diffs are not rendered by default.

224 changes: 141 additions & 83 deletions docs/en/pid-eaa-issuance.rst
View file

Large diffs are not rendered by default.

118 changes: 49 additions & 69 deletions docs/en/relying-party-solution.rst
View file
Original file line number Diff line number Diff line change
Expand Up @@ -188,17 +188,13 @@ To attest a high level of security, the Wallet Instance submits its Wallet Insta

Below the description of the parameters defined in *OAuth 2.0 Demonstration of Proof-of-Possession at the Application Layer (DPoP)*.

.. note::
The use of DPoP doesn't represent any breaking changes to Wallet Instances that do not support DPoP to a *request_uri* endpoint, since it is assumed to use it as an additional security mechanisms for the attestation of the status of the Wallet Instance.

If the DPoP HTTP Header is missing, the Relying Party would assume the lowest attestable level of security to the Wallet Instance it is interacting with.
If the DPoP HTTP Header is missing, the Relying Party would assume the lowest attestable level of security to the Wallet Instance it is interacting with.

DPoP HTTP Header
^^^^^^^^^^^^^^^^

A **DPoP proof** is included in the request using the HTTP Header ``DPoP`` and containing a JWS. The JWS MUST be verified with the public key made available in the Wallet Instance Attestation (``Authorization: DPoP``).


The JOSE header of the **DPoP JWS** MUST contain at least the following parameters:

.. list-table::
Expand Down Expand Up @@ -288,7 +284,7 @@ The Relying Party issues the signed Request Object, where a non-normative exampl
}
.
{
"scope": "eu.europa.ec.eudiw.pid.it.1 pid-sd-jwt:unique_id+given_name+family_name",
"scope": "eu.europa.ec.eudiw.pid.it.1 tax_id_number",
"client_id_scheme": "entity_id",
"client_id": "https://relying-party.example.org",
"response_mode": "direct_post.jwt",
Expand Down Expand Up @@ -353,11 +349,7 @@ The JWS payload parameters are described herein:

.. warning::

This implementation profile use the parameter ``scope`` within the request instead of the ``presentation_definition``.

Using the parameter ``scope`` requires that the Relying Party Metadata MUST
contain the ``presentation_definition``, where a non-normative example of it
is given below:
Using the parameter ``scope`` requires that the Relying Party Metadata MUST contain the ``presentation_definition``, where a non-normative example of it is given below:

.. code-block:: JSON
Expand All @@ -366,7 +358,7 @@ is given below:
"id": "presentation definitions",
"input_descriptors": [
{
"id": "pid-sd-jwt:unique_id+given_name+family_name",
"id": "eu.europa.ec.eudiw.pid.it.1",
"name": "Person Identification Data",
"purpose": "User authentication",
"format": "vc+sd-jwt",
Expand Down Expand Up @@ -432,7 +424,7 @@ Below is a non-normative example of the decrypted JSON ``response`` content:
"id": "04a98be3-7fb0-4cf5-af9a-31579c8b0e7d",
"descriptor_map": [
{
"id": "pid-sd-jwt:unique_id+given_name+family_name",
"id": "eu.europa.ec.eudiw.pid.it.1",
"path": "$.vp_token.verified_claims.claims._sd[0]",
"format": "vc+sd-jwt"
}
Expand Down Expand Up @@ -567,72 +559,60 @@ Below is a non-normative response example:
"https://www.spid.gov.it/SpidL2",
"https://www.spid.gov.it/SpidL3"
],
"vp_formats": {
"jwt_vp_json": {
"alg": [
"EdDSA",
"ES256K"
"vp_formats": {
"vc+sd-jwt": {
"sd-jwt_alg_values": [
"ES256",
"ES384"
],
"kb-jwt_alg_values": [
"ES256",
"ES384"
]
}
},
}
},
"presentation_definitions": [
{
"id": "pid-sd-jwt:unique_id+given_name+family_name",
"id": "eu.europa.ec.eudiw.pid.it.1",
"input_descriptors": [
{
"id": "sd-jwt",
"id": "IdentityCredential",
"format": {
"jwt": {
"alg": [
"EdDSA",
"ES256"
]
},
"constraints": {
"limit_disclosure": "required",
"fields": [
{
"path": [
"$.sd-jwt.type"
],
"filter": {
"type": "string",
"const": "PersonIdentificationData"
}
},
{
"path": [
"$.sd-jwt.cnf"
],
"filter": {
"type": "object",
}
},
{
"path": [
"$.sd-jwt.family_name"
],
"intent_to_retain": "true"
},
{
"path": [
"$.sd-jwt.given_name"
],
"intent_to_retain": "true"
},
{
"path": [
"$.sd-jwt.unique_id"
],
"intent_to_retain": "true"
"vc+sd-jwt": {}
},
"constraints": {
"limit_disclosure": "required",
"fields": [
{
"path": [
"$.type"
],
"filter": {
"type": "string",
"const": "IdentityCredential"
}
]
}
},
{
"path": [
"$.family_name"
]
},
{
"path": [
"$.given_name"
]
},
{
"path": [
"$.unique_id"
],
"intent_to_retain": "true"
}
]
}
}
]
},
},
{
"id": "mDL-sample-req",
"input_descriptors": [
Expand Down
Loading

0 comments on commit da025e5

Please sign in to comment.