Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix: RSA removed, according to #164 #174

Merged
merged 14 commits into from
Feb 29, 2024
Merged

fix: RSA removed, according to #164 #174

Changes from 1 commit
Commits
Show all changes
14 commits
Select commit Hold shift + click to select a range
cfe40bb
fix: RSA removed, according to #164
peppelinux Dec 7, 2023
1389ef0
chore: Section improved by Amir Work
fmarino-ipzs Feb 26, 2024
6915090
chore: editorial
fmarino-ipzs Feb 26, 2024
c39cc31
editorial
asharif1990 Feb 26, 2024
1857626
Merge branch 'versione-corrente' into p256
asharif1990 Feb 27, 2024
1158f3d
editorial
asharif1990 Feb 27, 2024
b27d6df
update RP solution.
asharif1990 Feb 28, 2024
0483b49
Merge branch 'versione-corrente' into p256
fmarino-ipzs Feb 29, 2024
5bfaaed
Update docs/en/algorithms.rst
fmarino-ipzs Feb 29, 2024
c0ca6b2
Update docs/en/algorithms.rst
fmarino-ipzs Feb 29, 2024
82e1e59
Update docs/en/algorithms.rst
fmarino-ipzs Feb 29, 2024
105b242
fix: pid issuance conflicts
fmarino-ipzs Feb 29, 2024
9b8caa6
Merge branch 'p256' of https://github.com/italia/eudi-wallet-it-docs …
fmarino-ipzs Feb 29, 2024
43bf3e4
fix: RP solution conflicts
fmarino-ipzs Feb 29, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
196 changes: 32 additions & 164 deletions docs/en/relying-party-solution.rst
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,17 +1,19 @@
@ -1,512 +1,512 @@
.. include:: ../common/common_definitions.rst



.. _Wallet Instance Attestation: wallet-instance-attestation.html
.. _Trust Model: trust.html

.. _relying-party-solution:

Relying Party Solution
+++++++++++++++++++++++

This section describes how a remote Relying Party or a Verifier App requests to a Wallet Instance the presentation of the PID/EAAs.
This section describes how a Relying Party may request to a Wallet Instance the presentation of the PID and the (Q)EAAs,
according to `OpenID for Verifiable Presentations - draft 20 <https://openid.net/specs/openid-4-verifiable-presentations-1_0.html>`_.

In this section the following flows are described:

<<<
- **Remote Same Device Flow**, where the user-agent and the Wallet Instance are used in the same device.
- **Remote Cross Device Flow**, where the user-agent and the Wallet Instance are used in different devices.

Expand Down Expand Up @@ -505,19 +507,18 @@ Below is a non-normative response example:
.. code-block:: text

{
"alg": "RS256",
fmarino-ipzs marked this conversation as resolved.
Show resolved Hide resolved
"alg": "ES256",
"kid": "2HnoFS3YnC9tjiCaivhWLVUJ3AxwGGz_98uRFaqMEEs",
"typ": "entity-statement+jwt"
}
.
{
"exp": 1649590602,
"iat": 1649417862,
"iss": "https://rp.example.it",
"sub": "https://rp.example.it",
@ -519,9 +519,11 @@ Below is a non-normative response example:
"jwks": {
"keys": [
{
"kty": "RSA",
"n": "5s4qi …",
"e": "AQAB",
"kty": "EC",
"crv": "P-256",
"x": "1kNR9Ar3MzMokYTY8BRvRIue85NIXrYX4XD3K4JW7vI",
Expand All @@ -526,178 +527,38 @@ Below is a non-normative response example:
"kid": "2HnoFS3YnC9tjiCaivhWLVUJ3AxwGGz_98uRFaqMEEs"
}
]
},
"metadata": {
"wallet_relying_party": {
"application_type": "web",
"client_id": "https://rp.example.it",
"client_name": "Name of an example organization",
fmarino-ipzs marked this conversation as resolved.
Show resolved Hide resolved
@ -534,10 +536,11 @@ Below is a non-normative response example:
"jwks": {
"keys": [
{
"kty": "RSA",
"kty": "EC",
"use": "sig",
"n": "1Ta-sE …",
"e": "AQAB",
"crv": "P-256",
"x": "1kNR9Ar3MzMokYTY8BRvRIue85NIXrYX4XD3K4JW7vI",
"y": "slT14644zbYXYF-xmw7aPdlbMuw3T1URwI4nafMtKrY",
fmarino-ipzs marked this conversation as resolved.
Show resolved Hide resolved
"kid": "YhNFS3YnC9tjiCaivhWLVUJ3AxwGGz_98uRFaqMEEs",
"x5c": [ "..." ]
}
]
},

"contacts": [
"[email protected]"
],

"request_uris": [
"https://relying-party.example.org/request_uri"
],
"redirect_uris": [
"https://relying-party.example.org/callback"
],

"default_acr_values": [
"https://www.spid.gov.it/SpidL2",
"https://www.spid.gov.it/SpidL3"
],
"vp_formats": {
"vc+sd-jwt": {
"sd-jwt_alg_values": [
"ES256",
"ES384"
],
"kb-jwt_alg_values": [
"ES256",
"ES384"
]
}
},
"presentation_definitions": [
{
"id": "eu.europa.ec.eudiw.pid.it.1",
"input_descriptors": [
{
"id": "IdentityCredential",
"format": {
"vc+sd-jwt": {}
},
"constraints": {
"limit_disclosure": "required",
"fields": [
{
"path": [
"$.type"
],
"filter": {
"type": "string",
"const": "IdentityCredential"
}
},
{
"path": [
"$.family_name"
]
},
{
"path": [
"$.given_name"
]
},
{
"path": [
"$.unique_id"
],
"intent_to_retain": "true"
}
]
}
}
]
},
{
"id": "mDL-sample-req",
"input_descriptors": [
{
"id": "mDL",
"format": {
"mso_mdoc": {
"alg": [
"EdDSA",
"ES256"
]
},
"constraints": {
"limit_disclosure": "required",
"fields": [
{
"path": [
"$.mdoc.doctype"
],
"filter": {
"type": "string",
"const": "org.iso.18013.5.1.mDL"
}
},
{
"path": [
"$.mdoc.namespace"
],
"filter": {
"type": "string",
"const": "org.iso.18013.5.1"
}
},
{
"path": [
"$.mdoc.family_name"
],
"intent_to_retain": "false"
},
{
"path": [
"$.mdoc.portrait"
],
"intent_to_retain": "false"
},
{
"path": [
"$.mdoc.driving_privileges"
],
"intent_to_retain": "false"
}
]
}
}
}
]
}
],

"default_max_age": 1111,
@ -676,8 +679,8 @@ Below is a non-normative response example:

// JARM related
"authorization_signed_response_alg": [[
"RS256",
"ES256"
"ES256",
"ES384"
],
"authorization_encrypted_response_alg": [
"RSA-OAEP",
"RSA-OAEP-256"
],
"authorization_encrypted_response_enc": [
"A128CBC-HS256",
"A192CBC-HS384",
"A256CBC-HS512",
"A128GCM",
"A192GCM",
"A256GCM"
],

// SIOPv2 related
@ -696,57 +699,57 @@
"subject_type": "pairwise",
"require_auth_time": true,
"id_token_signed_response_alg": [
"RS256",
"ES256"
"ES256",
"ES384"
],
Expand Down Expand Up @@ -736,11 +597,18 @@ The Entity Configuration is a JWS, where its header parameters are defined below
.. list-table::
:widths: 25 50
:header-rows: 1
- :ref:`Remote Flow <remote_flow_sec>`, where the User presents a Credential to a remote Relying Party according to `OPENID4VP`_. In this scenario the user-agent and the Wallet Instance may be used in the same device (**Same Device Flow**), or in different devices (**Cross Device Flow**).
- :ref:`Proximity Flow <proximity_flow_sec>`, where the User presents a Credential to a Verifier App according to ISO 18013-5. The User interacts with a Verifier using proximity connection technologies such as QR Code and Bluetooth Low Energy (BLE).

.. include:: remote-flow.rst
* - **Name**
- **Description**
* - **alg**
- Algorithm used to sign the JWT
* - **typ**
- Media Type of the JWT
* - **kid**
- Key ID used identifying the key used to sign the JWS

.. include:: proximity-flow.rst

.. note:
The Relying Party specific metadata parameter are experimental
and still under discussion `here <https://github.com/openid/OpenID4VP/issues/17>`_.

Loading