From c0d2cbd608b9ee210ec1caba3930adf43a20157c Mon Sep 17 00:00:00 2001 From: fmarino-ipzs Date: Thu, 29 Feb 2024 15:00:03 +0100 Subject: [PATCH 1/8] fix!: removed IDA from vc datamodel --- docs/en/pid-eaa-data-model.rst | 549 +++++++++------------------------ 1 file changed, 146 insertions(+), 403 deletions(-) diff --git a/docs/en/pid-eaa-data-model.rst b/docs/en/pid-eaa-data-model.rst index ae1f4f76e..233b9b4c1 100644 --- a/docs/en/pid-eaa-data-model.rst +++ b/docs/en/pid-eaa-data-model.rst @@ -15,8 +15,6 @@ The User attributes provided within the Italian PID are the ones listed below: - Unique Identifier - Taxpayer identification number -The Italian digital Credentials, like the PID and the (Q)EAA, contains additional claims and according to the `OpenID Identity Assurance Profile [OIDC.IDA] `_, these carries the national trust framework and the identity proofing procedures underlying the issuance. In particular, these carries some relevant information about the Authentic Sources of the subject's attributes. - The (Q)EAAs are issued by (Q)EAA Issuers to a Wallet Instance and MUST be provided in SD-JWT-VC or MDOC-CBOR data format. The PID/(Q)EAA data format and the mechanism through which a digital credential is issued to the Wallet Instance and presented to a Relying Party are described in the following sections. @@ -24,7 +22,7 @@ The PID/(Q)EAA data format and the mechanism through which a digital credential SD-JWT ====== -The PID/(Q)EAA is issued in the form of a digital credential. The digital credential format is `Selective Disclosure JWT format `_ as specified in `[draft-terbu-sd-jwt-vc-latest] `__. +The PID/(Q)EAA is issued in the form of a digital credential. The digital credential format is `Selective Disclosure JWT format `_ as specified in `[SD-JWT-based Verifiable Credentials 02] `__. An SD-JWT is a JWT that MUST be signed using the Issuer's private key. The SD-JWT payload of the MUST contain the **_sd_alg** claim described in `[SD-JWT]. Section 5.1.2. `_ and other claims specified in this section, some of them may be selectively disclosable claims. @@ -44,7 +42,7 @@ The Disclosures are sent to the Holder together with the SD-JWT in the *Combined ~~~...~ -See `[draft-terbu-sd-jwt-vc-latest] `_ and `[SD-JWT] `__ for more details. +See `[SD-JWT VC] `_ and `[SD-JWT] `__ for more details. PID/(Q)EAA SD-JWT parameters @@ -99,80 +97,22 @@ The following claims MUST be in the JWT payload. Some of these claims can be dis - [NSD].UNIX Timestamp with the expiry time of the JWT, coded as NumericDate as indicated in :rfc:`7519`. - `[RFC7519, Section 4.1.4] `_. * - **status** - - [NSD].HTTPS URL where the credential validity status is available. - - `[SD-JWT-VC. Section 4.2.2.2] `_. + - [NSD].it MUST be a valid JSON object containing the information on how to read the status of the Verifiable Credential. It MUST contain the JSON member *status_attestation* set to a JSON Object containing the *credential_hash_alg* claim indicating the Algorithm used for hashing the Digital Credential to which the Status Attestation is bound. It is RECOMMENDED to use *sha-256*. + - `[SD-JWT-VC. Section 3.2.2.2] `_ and `[OAuth Status Attestations Draft 01] `_. * - **cnf** - [NSD].JSON object containing the proof-of-possession key materials. By including a **cnf** (confirmation) claim in a JWT, the issuer of the JWT declares that the Holder is in control of the private key related to the public one defined in the **cnf** parameter. The recipient MUST cryptographically verify that the Holder is in control of that key. - - `[RFC7800, Section 3.1] `_. + - `[RFC7800, Section 3.1] `_ and `[SD-JWT-VC. Section 3.2.2.2] `_. * - **vct** - [NSD].Credential type as a string, MUST be set in accordance to the type obtained from the PID/(Q)EAA Issuer metadata. For example, in the case of the PID, it MUST be set to ``PersonIdentificationData``. - - `[draft-terbu-sd-jwt-vc-latest. Section Type Claim] `__. - * - **verified_claims** - - [NSD].JSON object containing the following sub-elements: - - - **verification**; - - **claims**. - - `[OIDC.IDA. Section 5] `_. - -.. _sec-pid-eaa-verification-field: - -PID/(Q)EAA Verification field ------------------------------ - -The ``verification`` claim contains the information regarding the trust framework used by the PID/(Q)EAA Issuer to provide the User attributes (claims). - -The ``verification`` claim is a JSON structure with all the following mandatory sub-claims. - -.. list-table:: - :widths: 20 60 20 - :header-rows: 1 - - * - **Claim** - - **Description** - - **Reference** - * - **trust_framework** - - [NSD]. It MUST be set to ``eidas``. - - `[OID.IDA. Section 5.1] `_ - * - **assurance_level** - - [NSD]. MUST be set according to the LoA required. For PID credential it MUST be set to ``high``. - - `[OID.IDA. Section 5.1] `_ - * - **evidence** - - [SD]. JSON Array. Each element is the electronic evidence of the User identification during the PID issuance or, in the case of (Q)EAA, with this evidence the Authentic Source assures the authenticity of the data conveyed in the (Q)EAA. It MUST contain at least the following claims: - - - **type**: MUST be set to ``electronic_record`` - - **record**: JSON object (see the table below) - - `[OID.IDA. Section 5.1] `_ - - -The ``record`` MUST have at least the following sub parameters: + - `[SD-JWT-VC. Section 3.2.2.2] `_. -.. list-table:: - :widths: 20 60 20 - :header-rows: 1 - - * - **Claim** - - **Description** - - **Reference** - * - **type** - - It uniquely identifies the trust framework used for the provisioning of the credential. For example, in case of PID, the value ``https://eudi.wallet.cie.gov.it`` means that the CIE id identification scheme is used. - - `[OID.IDA. Section 5.1.1.2] `_ - * - **source** - - JSON Object cointaining the following mandatory claims: - - - **organization_name**: Name of the Organization acting as Authentic Source. - - **organization_id**: Identification code for the Organization. For public Organization, it MUST be set to the *IPA Code*, following the URN namespace ``urn:eudi:it:organization_id:ipa_code:``. - - **country_code**: String representing country in `[ISO3166-1] Alpha-2 (e.g., IT) or [ISO3166-3] syntax `_. - - `[OID.IDA. Section 5.1.1.2] `_ - -.. warning:: - Note that the sub-claims of the **evidence** parameter are not selectively disclosable separately, thus, for example, the User cannot give only the *record type* without the disclosure of the *record source* value (organization name, identifier and country). -.. _sec-pid-user-claims: +.. _sec-pid-user-claims: -PID Claims field ----------------- +PID Claims +---------- -The ``claims`` parameter contains the User attributes with the following mandatory fields: +Depending on the Digital Credential type **vct**, additional claims data MAY be added. The PID MUST support the following data: .. list-table:: :widths: 20 60 20 @@ -198,8 +138,7 @@ The ``claims`` parameter contains the User attributes with the following mandato - - -PID Non-normative Examples +PID non-normative examples -------------------------- In the following, the non-normative example of a PID in JSON format. @@ -212,35 +151,16 @@ In the following, the non-normative example of a PID in JSON format. "jti": "urn:uuid:6c5c0a49-b589-431d-bae7-219122a9ec2c", "iat": 1683000000, "exp": 1883000000, - "status": "https://pidprovider.example.org/status", - "vct": "PersonIdentificationData", - "verified_claims": { - "verification": { - "trust_framework": "eidas", - "assurance_level": "high", - "evidence": [ - { - "type": "electronic_record", - "record": { - "type": "https://eudi.wallet.cie.gov.it", - "source": { - "organization_name": "Ministero dell'Interno", - "organization_id": - "urn:eudi:it:organization_id:ipa_code:m_it", - "country_code": "IT" - } - } - } - ] + "status": { + "status_attestation": { + "credential_hash_alg": "S256" }, - "claims": { - "unique_id": "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx", - "given_name": "Mario", - "family_name": "Rossi", - "birth_date": "1980-01-10", - "tax_id_code": "TINIT-XXXXXXXXXXXXXXXX" - } - } + "vct": "PersonIdentificationData", + "unique_id": "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx", + "given_name": "Mario", + "family_name": "Rossi", + "birth_date": "1980-01-10", + "tax_id_code": "TINIT-XXXXXXXXXXXXXXXX" } The corresponding SD-JWT verson for PID is given by @@ -249,7 +169,7 @@ The corresponding SD-JWT verson for PID is given by { "typ":"vc+sd-jwt", - "alg":"RS512", + "alg":"ES256", "kid":"dB67gL7ck3TFiIAf7N6_7SHvqk0MDYMEQcoGGlkUAAw", "trust_chain" : [ "NEhRdERpYnlHY3M5WldWTWZ2aUhm ...", @@ -262,32 +182,23 @@ The corresponding SD-JWT verson for PID is given by { "_sd": [ - "7WG4nT6K26_R3975zcwnVwgoHA7b988_3-vJzbZf6Yc" + "7WG4nT6K26_R3975zcwnVwgoHA7b988_3-vJzbZf6Yc", + "NOxVzjUJg667iBdeDwmr6tZ46X-jchKwIVxMAfv43yc", + "TK2RguPYoXzCx0vv5hbN9u5M2mHlWBt41qGWlLXCNu8", + "UHChpGtNF2bj1FvAfBby1rnf7WXkxelFJ5a4vSj2FO4", + "q6Tqnxau97tu-MqUDg0fSAmLGZdSuMUMk6a2s3bcsC0", + "wyfxVqq9BosPT7tN4SHOI4E48P19aVA1ktW5Zf0E-fc" ], - "iss": "https://issuer.example.org", "exp": 1883000000, + "iss": "https://pidprovider.example.org", "sub": "NzbLsXh8uDCcd7noWXFZAfHkxZsRGC9Xs", "jti": "urn:uuid:6c5c0a49-b589-431d-bae7-219122a9ec2c", - "status": "https://pidprovider.example.org/status", - "vct": "PersonIdentificationData", - "verified_claims": { - "verification": { - "_sd": [ - "gd8gRxKT1hg8ptnvR5fPGhae0VXllDblsiJT9adxiS8" - ], - "trust_framework": "eidas", - "assurance_level": "high" - }, - "claims": { - "_sd": [ - "4g9lBt38U1EeTA1zlvvGfFgPPcoe3zmbQ_zSRDgHQaE", - "EYgzJ1hTYWJjhBK2V3b8HV3e_fEf-Udffc5ymY77WtQ", - "IcYHQydT_C3U1IqaJlFicxLlaHTHvElyFZ6Jxia27qQ", - "KxIG8rWXmtR884xTV7eXuHICfPYPw6gFvfr07v-d5oc", - "lXgxEDAuPeUvmkcNGr9FZuqodwFqUT01gJj7xd4yEPA" - ] + "status": { + "status_attestation": { + "credential_hash_alg": "S256" } }, + "vct": "PersonIdentificationData", "_sd_alg": "sha-256", "cnf": { "jwk": { @@ -308,74 +219,46 @@ In the following the disclosure list is given ``WyI1N212eWNUaDV5WkNyS0xaNXhuZlV3IiwgImlhdCIsIDE2ODMwMDAwMDBd`` - Contents: ``["57mvycTh5yZCrKLZ5xnfUw", "iat", 1683000000]`` -**Claim** ``source``: - -- SHA-256 Hash: ``ZMHbFH9SeT9CZQaOMVrXDMGWIouzXRKspKp9fDhvJ3I`` -- Disclosure: - ``WyJrdWNyQm1sb19oTWFJRkY1ODVSemFRIiwgInNvdXJjZSIsIHsib3JnYW5p`` - ``emF0aW9uX25hbWUiOiAiTWluaXN0ZXJvIGRlbGwnSW50ZXJubyIsICJvcmdh`` - ``bml6YXRpb25faWQiOiAidXJuOmV1ZGk6aXQ6b3JnYW5pemF0aW9uX2lkOmlw`` - ``YV9jb2RlOm1faXQiLCAiY291bnRyeV9jb2RlIjogIklUIn1d`` -- Contents: - ``["kucrBmlo_hMaIFF585RzaQ", "source", {"organization_name":`` - ``"Ministero dell'Interno", "organization_id":`` - ``"urn:eudi:it:organization_id:ipa_code:m_it", "country_code":`` - ``"IT"}]`` - -**Claim** ``evidence``: - -- SHA-256 Hash: ``gd8gRxKT1hg8ptnvR5fPGhae0VXllDblsiJT9adxiS8`` -- Disclosure: - ``WyJOVE5Sb09pdVZWUnRGNkNFenRkOVp3IiwgImV2aWRlbmNlIiwgW3sidHlw`` - ``ZSI6ICJlbGVjdHJvbmljX3JlY29yZCIsICJyZWNvcmQiOiB7Il9zZCI6IFsi`` - ``Wk1IYkZIOVNlVDlDWlFhT01WclhETUdXSW91elhSS3NwS3A5ZkRodkozSSJd`` - ``LCAidHlwZSI6ICJodHRwczovL2V1ZGkud2FsbGV0LmNpZS5nb3YuaXQifX1d`` - ``XQ`` -- Contents: ``["NTNRoOiuVVRtF6CEztd9Zw", "evidence", [{"type":`` - ``"electronic_record", "record": {"_sd":`` - ``["ZMHbFH9SeT9CZQaOMVrXDMGWIouzXRKspKp9fDhvJ3I"], "type":`` - ``"https://eudi.wallet.cie.gov.it"}}]]`` - **Claim** ``unique_id``: -- SHA-256 Hash: ``4g9lBt38U1EeTA1zlvvGfFgPPcoe3zmbQ_zSRDgHQaE`` +- SHA-256 Hash: ``NOxVzjUJg667iBdeDwmr6tZ46X-jchKwIVxMAfv43yc`` - Disclosure: - ``WyJGRFNTUGdnekdCVXdRTEhEU0U2d1FRIiwgInVuaXF1ZV9pZCIsICJ4eHh4`` + ``WyJrdWNyQm1sb19oTWFJRkY1ODVSemFRIiwgInVuaXF1ZV9pZCIsICJ4eHh4`` ``eHh4eC14eHh4LXh4eHgteHh4eC14eHh4eHh4eHh4eHgiXQ`` -- Contents: ``["FDSSPggzGBUwQLHDSE6wQQ", "unique_id",`` +- Contents: ``["kucrBmlo_hMaIFF585RzaQ", "unique_id",`` ``"xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx"]`` **Claim** ``given_name``: -- SHA-256 Hash: ``lXgxEDAuPeUvmkcNGr9FZuqodwFqUT01gJj7xd4yEPA`` +- SHA-256 Hash: ``wyfxVqq9BosPT7tN4SHOI4E48P19aVA1ktW5Zf0E-fc`` - Disclosure: - ``WyJLWjhlNXdWRXREdmIxemlTUEE0RHpBIiwgImdpdmVuX25hbWUiLCAiTWFy`` + ``WyJOVE5Sb09pdVZWUnRGNkNFenRkOVp3IiwgImdpdmVuX25hbWUiLCAiTWFy`` ``aW8iXQ`` -- Contents: ``["KZ8e5wVEtDvb1ziSPA4DzA", "given_name", "Mario"]`` +- Contents: ``["NTNRoOiuVVRtF6CEztd9Zw", "given_name", "Mario"]`` **Claim** ``family_name``: -- SHA-256 Hash: ``IcYHQydT_C3U1IqaJlFicxLlaHTHvElyFZ6Jxia27qQ`` +- SHA-256 Hash: ``UHChpGtNF2bj1FvAfBby1rnf7WXkxelFJ5a4vSj2FO4`` - Disclosure: - ``WyJwWjVNUnlPeHBWV1p1SExvSi15alJnIiwgImZhbWlseV9uYW1lIiwgIlJv`` + ``WyJGRFNTUGdnekdCVXdRTEhEU0U2d1FRIiwgImZhbWlseV9uYW1lIiwgIlJv`` ``c3NpIl0`` -- Contents: ``["pZ5MRyOxpVWZuHLoJ-yjRg", "family_name", "Rossi"]`` +- Contents: ``["FDSSPggzGBUwQLHDSE6wQQ", "family_name", "Rossi"]`` **Claim** ``birth_date``: -- SHA-256 Hash: ``EYgzJ1hTYWJjhBK2V3b8HV3e_fEf-Udffc5ymY77WtQ`` +- SHA-256 Hash: ``TK2RguPYoXzCx0vv5hbN9u5M2mHlWBt41qGWlLXCNu8`` - Disclosure: - ``WyJqdFZ1S0NwbjdiVGNIckFnX3NlVWJRIiwgImJpcnRoX2RhdGUiLCAiMTk4`` + ``WyJLWjhlNXdWRXREdmIxemlTUEE0RHpBIiwgImJpcnRoX2RhdGUiLCAiMTk4`` ``MC0wMS0xMCJd`` -- Contents: ``["jtVuKCpn7bTcHrAg_seUbQ", "birth_date", "1980-01-10"]`` +- Contents: ``["KZ8e5wVEtDvb1ziSPA4DzA", "birth_date", "1980-01-10"]`` **Claim** ``tax_id_code``: -- SHA-256 Hash: ``KxIG8rWXmtR884xTV7eXuHICfPYPw6gFvfr07v-d5oc`` +- SHA-256 Hash: ``q6Tqnxau97tu-MqUDg0fSAmLGZdSuMUMk6a2s3bcsC0`` - Disclosure: - ``WyI0a3NBejZiTVVLeTZadk4xaDhIRHVRIiwgInRheF9pZF9jb2RlIiwgIlRJ`` + ``WyJwWjVNUnlPeHBWV1p1SExvSi15alJnIiwgInRheF9pZF9jb2RlIiwgIlRJ`` ``TklULVhYWFhYWFhYWFhYWFhYWFgiXQ`` -- Contents: ``["4ksAz6bMUKy6ZvN1h8HDuQ", "tax_id_code",`` +- Contents: ``["pZ5MRyOxpVWZuHLoJ-yjRg", "tax_id_code",`` ``"TINIT-XXXXXXXXXXXXXXXX"]`` @@ -385,41 +268,31 @@ The combined format for the PID issuance is given by .. code-block:: eyJhbGciOiAiRVMyNTYiLCAidHlwIjogImV4YW1wbGUrc2Qtand0In0.eyJfc2QiOiBb - IjdXRzRuVDZLMjZfUjM5NzV6Y3duVndnb0hBN2I5ODhfMy12SnpiWmY2WWMiXSwgImlz - cyI6ICJodHRwczovL3BpZHByb3ZpZGVyLmV4YW1wbGUub3JnIiwgImV4cCI6IDE4ODMw - MDAwMDAsICJzdWIiOiAiTnpiTHNYaDh1RENjZDdub1dYRlpBZkhreFpzUkdDOVhzIiwg - Imp0aSI6ICJ1cm46dXVpZDo2YzVjMGE0OS1iNTg5LTQzMWQtYmFlNy0yMTkxMjJhOWVj - MmMiLCAic3RhdHVzIjogImh0dHBzOi8vcGlkcHJvdmlkZXIuZXhhbXBsZS5vcmcvc3Rh - dHVzIiwgInZjdCI6ICJQaWRJZGVudGlmaWNhdGlvbkRhdGEiLCAidmVyaWZpZWRfY2xh - aW1zIjogeyJ2ZXJpZmljYXRpb24iOiB7Il9zZCI6IFsiZ2Q4Z1J4S1QxaGc4cHRudlI1 - ZlBHaGFlMFZYbGxEYmxzaUpUOWFkeGlTOCJdLCAidHJ1c3RfZnJhbWV3b3JrIjogImVp - ZGFzIiwgImFzc3VyYW5jZV9sZXZlbCI6ICJoaWdoIn0sICJjbGFpbXMiOiB7Il9zZCI6 - IFsiNGc5bEJ0MzhVMUVlVEExemx2dkdmRmdQUGNvZTN6bWJRX3pTUkRnSFFhRSIsICJF - WWd6SjFoVFlXSmpoQksyVjNiOEhWM2VfZkVmLVVkZmZjNXltWTc3V3RRIiwgIkljWUhR - eWRUX0MzVTFJcWFKbEZpY3hMbGFIVEh2RWx5Rlo2SnhpYTI3cVEiLCAiS3hJRzhyV1ht - dFI4ODR4VFY3ZVh1SElDZlBZUHc2Z0Z2ZnIwN3YtZDVvYyIsICJsWGd4RURBdVBlVXZt - a2NOR3I5Rlp1cW9kd0ZxVVQwMWdKajd4ZDR5RVBBIl19fSwgIl9zZF9hbGciOiAic2hh + IjdXRzRuVDZLMjZfUjM5NzV6Y3duVndnb0hBN2I5ODhfMy12SnpiWmY2WWMiLCAiTk94 + VnpqVUpnNjY3aUJkZUR3bXI2dFo0NlgtamNoS3dJVnhNQWZ2NDN5YyIsICJUSzJSZ3VQ + WW9YekN4MHZ2NWhiTjl1NU0ybUhsV0J0NDFxR1dsTFhDTnU4IiwgIlVIQ2hwR3RORjJi + ajFGdkFmQmJ5MXJuZjdXWGt4ZWxGSjVhNHZTajJGTzQiLCAicTZUcW54YXU5N3R1LU1x + VURnMGZTQW1MR1pkU3VNVU1rNmEyczNiY3NDMCIsICJ3eWZ4VnFxOUJvc1BUN3RONFNI + T0k0RTQ4UDE5YVZBMWt0VzVaZjBFLWZjIl0sICJleHAiOiAxODgzMDAwMDAwLCAiaXNz + IjogImh0dHBzOi8vcGlkcHJvdmlkZXIuZXhhbXBsZS5vcmciLCAic3ViIjogIk56Ykxz + WGg4dURDY2Q3bm9XWEZaQWZIa3hac1JHQzlYcyIsICJqdGkiOiAidXJuOnV1aWQ6NmM1 + YzBhNDktYjU4OS00MzFkLWJhZTctMjE5MTIyYTllYzJjIiwgInN0YXR1cyI6IHsic3Rh + dHVzX2F0dGVzdGF0aW9uIjogeyJjcmVkZW50aWFsX2hhc2hfYWxnIjogIlMyNTYifX0s + ICJ2Y3QiOiAiUGVyc29uSWRlbnRpZmljYXRpb25EYXRhIiwgIl9zZF9hbGciOiAic2hh LTI1NiIsICJjbmYiOiB7Imp3ayI6IHsia3R5IjogIkVDIiwgImNydiI6ICJQLTI1NiIs ICJ4IjogIlRDQUVSMTladnUzT0hGNGo0VzR2ZlNWb0hJUDFJTGlsRGxzN3ZDZUdlbWMi LCAieSI6ICJaeGppV1diWk1RR0hWV0tWUTRoYlNJaXJzVmZ1ZWNDRTZ0NGpUOUYySFpR - In19fQ.1xdAqLpgMM0bBDQrYv0thRwtgRikZq75JJVhGyfWAsu8SopmhumzsTA4ohJKC - le1MV3UB6DYMFkEnoal8R1Yrw~WyI1N212eWNUaDV5WkNyS0xaNXhuZlV3IiwgImlhdC - IsIDE2ODMwMDAwMDBd~WyJrdWNyQm1sb19oTWFJRkY1ODVSemFRIiwgInNvdXJjZSIsI - Hsib3JnYW5pemF0aW9uX25hbWUiOiAiTWluaXN0ZXJvIGRlbGwnSW50ZXJubyIsICJvc - mdhbml6YXRpb25faWQiOiAidXJuOmV1ZGk6aXQ6b3JnYW5pemF0aW9uX2lkOmlwYV9jb - 2RlOm1faXQiLCAiY291bnRyeV9jb2RlIjogIklUIn1d~WyJOVE5Sb09pdVZWUnRGNkNF - enRkOVp3IiwgImV2aWRlbmNlIiwgW3sidHlwZSI6ICJlbGVjdHJvbmljX3JlY29yZCIs - ICJyZWNvcmQiOiB7Il9zZCI6IFsiWk1IYkZIOVNlVDlDWlFhT01WclhETUdXSW91elhS - S3NwS3A5ZkRodkozSSJdLCAidHlwZSI6ICJodHRwczovL2V1ZGkud2FsbGV0LmNpZS5n - b3YuaXQifX1dXQ~WyJGRFNTUGdnekdCVXdRTEhEU0U2d1FRIiwgInVuaXF1ZV9pZCIsI - CJ4eHh4eHh4eC14eHh4LXh4eHgteHh4eC14eHh4eHh4eHh4eHgiXQ~WyJLWjhlNXdWRX - REdmIxemlTUEE0RHpBIiwgImdpdmVuX25hbWUiLCAiTWFyaW8iXQ~WyJwWjVNUnlPeHB - WV1p1SExvSi15alJnIiwgImZhbWlseV9uYW1lIiwgIlJvc3NpIl0~WyJqdFZ1S0Nwbjd - iVGNIckFnX3NlVWJRIiwgImJpcnRoX2RhdGUiLCAiMTk4MC0wMS0xMCJd~WyJXRGtkNk - pzTmhERnZMUDRzMWhRZHlBIiwgInRheF9pZF9jb2RlIiwgIlRJTklULVhYWFhYWFhYWF - hYWFhYWFgiXQ~ - -(Q)EAA Non-normative examples + In19fQ.7xhOQpYjKxLQDI0pdYoPrgHQoam2BzkDFKKIKrH2gPf7Ip470VB7O9wK0_nHT + lfyFQ0AG6W7RuSqTLKBAP-z7w~WyI1N212eWNUaDV5WkNyS0xaNXhuZlV3IiwgImlhdC + IsIDE2ODMwMDAwMDBd~WyJrdWNyQm1sb19oTWFJRkY1ODVSemFRIiwgInVuaXF1ZV9pZ + CIsICJ4eHh4eHh4eC14eHh4LXh4eHgteHh4eC14eHh4eHh4eHh4eHgiXQ~WyJOVE5Sb0 + 9pdVZWUnRGNkNFenRkOVp3IiwgImdpdmVuX25hbWUiLCAiTWFyaW8iXQ~WyJGRFNTUGd + nekdCVXdRTEhEU0U2d1FRIiwgImZhbWlseV9uYW1lIiwgIlJvc3NpIl0~WyJLWjhlNXd + WRXREdmIxemlTUEE0RHpBIiwgImJpcnRoX2RhdGUiLCAiMTk4MC0wMS0xMCJd~WyJwWj + VNUnlPeHBWV1p1SExvSi15alJnIiwgInRheF9pZF9jb2RlIiwgIlRJTklULVhYWFhYWF + hYWFhYWFhYWFgiXQ~ + +(Q)EAA non-normative examples ----------------------------- In the following, we provide a non-normative example of (Q)EAA in JSON. @@ -432,37 +305,18 @@ In the following, we provide a non-normative example of (Q)EAA in JSON. "jti": "urn:uuid:6c5c0a49-b589-431d-bae7-219122a9ec2c", "iat": 1683000000, "exp": 1883000000, - "status": "https://issuer.example.org/status", - "vct": "DisabilityCard", - "verified_claims": { - "verification": { - "trust_framework": "eidas", - "assurance_level": "high", - "evidence": [ - { - "type": "electronic_record", - "record": { - "type": "https://eudi.wallet.pdnd.gov.it", - "source": { - "organization_name": "Istituto Nazionale della Previdenza Sociale", - "organization_id": - "urn:eudi:it:organization_id:ipa_code:inps", - "country_code": "IT" - } - } - } - ] - }, - "claims": { - "document_number": "XXXXXXXXXX", - "given_name": "Mario", - "family_name": "Rossi", - "birth_date": "1980-01-10", - "expiry_date": "2024-01-01", - "tax_id_code": "TINIT-XXXXXXXXXXXXXXXX", - "constant_attendance_allowance": true - } + "status": { + "status_attestation": { + "credential_hash_alg": "S256" } + "vct": "DisabilityCard", + "document_number": "XXXXXXXXXX", + "given_name": "Mario", + "family_name": "Rossi", + "birth_date": "1980-01-10", + "expiry_date": "2024-01-01", + "tax_id_code": "TINIT-XXXXXXXXXXXXXXXX", + "constant_attendance_allowance": true } The corresponding SD-JWT for the previous data is represented as follow, as decoded JSON for both header and payload. @@ -484,34 +338,25 @@ The corresponding SD-JWT for the previous data is represented as follow, as deco { "_sd": [ - "7WG4nT6K26_R3975zcwnVwgoHA7b988_3-vJzbZf6Yc" + "-LLA7MCh-YWWYNzFfwZsJBGGiE096fN8d60a-ml3sgo", + "7WG4nT6K26_R3975zcwnVwgoHA7b988_3-vJzbZf6Yc", + "AFRJaRPZTMaNxYu5IIWPifOAXJCnK-_h1eJt7MymcgM", + "TK2RguPYoXzCx0vv5hbN9u5M2mHlWBt41qGWlLXCNu8", + "UHChpGtNF2bj1FvAfBby1rnf7WXkxelFJ5a4vSj2FO4", + "i9XHLePHyV8OM35l3nf1MKqfpWuD7OFpRamSAsX0-5g", + "rhPkItz7BGGpjnWX2SGVH_OV9VhRjz9Hx_INXwBbz6o", + "wyfxVqq9BosPT7tN4SHOI4E48P19aVA1ktW5Zf0E-fc" ], - "iss": "https://issuer.example.org", "exp": 1883000000, + "iss": "https://issuer.example.org", "sub": "NzbLsXh8uDCcd7noWXFZAfHkxZsRGC9Xs", "jti": "urn:uuid:6c5c0a49-b589-431d-bae7-219122a9ec2c", - "status": "https://issuer.example.org/status", - "vct": "DisabilityCard", - "verified_claims": { - "verification": { - "_sd": [ - "sTskq0yFy31ZH3YP2nN_nFnd7H9q18dU3oEa1DC5LRc" - ], - "trust_framework": "eidas", - "assurance_level": "high" - }, - "claims": { - "_sd": [ - "3humFjiCYHdHzjL-OEd1vKnQa10ivaYEd1dCCkfRuaA", - "EYgzJ1hTYWJjhBK2V3b8HV3e_fEf-Udffc5ymY77WtQ", - "F90SKK9nIQcHIElkHY_ult_9FGqYe-RydvY3E0qR96s", - "IcYHQydT_C3U1IqaJlFicxLlaHTHvElyFZ6Jxia27qQ", - "dfrmUvonZDgealZCGwk3ufmc_4ept3y9N7xhWZlCyxo", - "ji86HS1v3D41tU5JqW4oWCwTJDuTUwp1ewqoCUzzEXk", - "lXgxEDAuPeUvmkcNGr9FZuqodwFqUT01gJj7xd4yEPA" - ] + "status": { + "status_attestation": { + "credential_hash_alg": "S256" } }, + "vct": "DisabilityCard", "_sd_alg": "sha-256", "cnf": { "jwk": { @@ -532,140 +377,98 @@ In the following the disclosure list is given: ``WyI1N212eWNUaDV5WkNyS0xaNXhuZlV3IiwgImlhdCIsIDE2ODMwMDAwMDBd`` - Contents: ``["57mvycTh5yZCrKLZ5xnfUw", "iat", 1683000000]`` -**Claim** ``source``: - -- SHA-256 Hash: ``qfuzrQuGcbBBKaE4Q9eqVCSznzJ2rNndLG8q606RLsM`` -- Disclosure: - ``WyJrdWNyQm1sb19oTWFJRkY1ODVSemFRIiwgInNvdXJjZSIsIHsib3JnYW5p`` - ``emF0aW9uX25hbWUiOiAiSXN0aXR1dG8gTmF6aW9uYWxlIGRlbGxhIFByZXZp`` - ``ZGVuemEgU29jaWFsZSIsICJvcmdhbml6YXRpb25faWQiOiAidXJuOmV1ZGk6`` - ``aXQ6b3JnYW5pemF0aW9uX2lkOmlwYV9jb2RlOmlucHMiLCAiY291bnRyeV9j`` - ``b2RlIjogIklUIn1d`` -- Contents: - ``["kucrBmlo_hMaIFF585RzaQ", "source", {"organization_name":`` - ``"Istituto Nazionale della Previdenza Sociale",`` - ``"organization_id":`` - ``"urn:eudi:it:organization_id:ipa_code:inps", "country_code":`` - ``"IT"}]`` - -**Claim** ``evidence``: - -- SHA-256 Hash: ``sTskq0yFy31ZH3YP2nN_nFnd7H9q18dU3oEa1DC5LRc`` -- Disclosure: - ``WyJOVE5Sb09pdVZWUnRGNkNFenRkOVp3IiwgImV2aWRlbmNlIiwgW3sidHlw`` - ``ZSI6ICJlbGVjdHJvbmljX3JlY29yZCIsICJyZWNvcmQiOiB7Il9zZCI6IFsi`` - ``cWZ1enJRdUdjYkJCS2FFNFE5ZXFWQ1N6bnpKMnJObmRMRzhxNjA2UkxzTSJd`` - ``LCAidHlwZSI6ICJodHRwczovL2V1ZGkud2FsbGV0LnBkbmQuZ292Lml0In19`` - ``XV0`` -- Contents: ``["NTNRoOiuVVRtF6CEztd9Zw", "evidence", [{"type":`` - ``"electronic_record", "record": {"_sd":`` - ``["qfuzrQuGcbBBKaE4Q9eqVCSznzJ2rNndLG8q606RLsM"], "type":`` - ``"https://eudi.wallet.pdnd.gov.it"}}]]`` - **Claim** ``document_number``: -- SHA-256 Hash: ``3humFjiCYHdHzjL-OEd1vKnQa10ivaYEd1dCCkfRuaA`` +- SHA-256 Hash: ``AFRJaRPZTMaNxYu5IIWPifOAXJCnK-_h1eJt7MymcgM`` - Disclosure: - ``WyJGRFNTUGdnekdCVXdRTEhEU0U2d1FRIiwgImRvY3VtZW50X251bWJlciIs`` + ``WyJrdWNyQm1sb19oTWFJRkY1ODVSemFRIiwgImRvY3VtZW50X251bWJlciIs`` ``ICJYWFhYWFhYWFhYIl0`` - Contents: - ``["FDSSPggzGBUwQLHDSE6wQQ", "document_number", "XXXXXXXXXX"]`` + ``["kucrBmlo_hMaIFF585RzaQ", "document_number", "XXXXXXXXXX"]`` **Claim** ``given_name``: -- SHA-256 Hash: ``lXgxEDAuPeUvmkcNGr9FZuqodwFqUT01gJj7xd4yEPA`` +- SHA-256 Hash: ``wyfxVqq9BosPT7tN4SHOI4E48P19aVA1ktW5Zf0E-fc`` - Disclosure: - ``WyJLWjhlNXdWRXREdmIxemlTUEE0RHpBIiwgImdpdmVuX25hbWUiLCAiTWFy`` + ``WyJOVE5Sb09pdVZWUnRGNkNFenRkOVp3IiwgImdpdmVuX25hbWUiLCAiTWFy`` ``aW8iXQ`` -- Contents: ``["KZ8e5wVEtDvb1ziSPA4DzA", "given_name", "Mario"]`` +- Contents: ``["NTNRoOiuVVRtF6CEztd9Zw", "given_name", "Mario"]`` **Claim** ``family_name``: -- SHA-256 Hash: ``IcYHQydT_C3U1IqaJlFicxLlaHTHvElyFZ6Jxia27qQ`` +- SHA-256 Hash: ``UHChpGtNF2bj1FvAfBby1rnf7WXkxelFJ5a4vSj2FO4`` - Disclosure: - ``WyJwWjVNUnlPeHBWV1p1SExvSi15alJnIiwgImZhbWlseV9uYW1lIiwgIlJv`` + ``WyJGRFNTUGdnekdCVXdRTEhEU0U2d1FRIiwgImZhbWlseV9uYW1lIiwgIlJv`` ``c3NpIl0`` -- Contents: ``["pZ5MRyOxpVWZuHLoJ-yjRg", "family_name", "Rossi"]`` +- Contents: ``["FDSSPggzGBUwQLHDSE6wQQ", "family_name", "Rossi"]`` **Claim** ``birth_date``: -- SHA-256 Hash: ``EYgzJ1hTYWJjhBK2V3b8HV3e_fEf-Udffc5ymY77WtQ`` +- SHA-256 Hash: ``TK2RguPYoXzCx0vv5hbN9u5M2mHlWBt41qGWlLXCNu8`` - Disclosure: - ``WyJqdFZ1S0NwbjdiVGNIckFnX3NlVWJRIiwgImJpcnRoX2RhdGUiLCAiMTk4`` + ``WyJLWjhlNXdWRXREdmIxemlTUEE0RHpBIiwgImJpcnRoX2RhdGUiLCAiMTk4`` ``MC0wMS0xMCJd`` -- Contents: ``["jtVuKCpn7bTcHrAg_seUbQ", "birth_date", "1980-01-10"]`` +- Contents: ``["KZ8e5wVEtDvb1ziSPA4DzA", "birth_date", "1980-01-10"]`` **Claim** ``expiry_date``: -- SHA-256 Hash: ``dfrmUvonZDgealZCGwk3ufmc_4ept3y9N7xhWZlCyxo`` +- SHA-256 Hash: ``i9XHLePHyV8OM35l3nf1MKqfpWuD7OFpRamSAsX0-5g`` - Disclosure: - ``WyJXRGtkNkpzTmhERnZMUDRzMWhRZHlBIiwgImV4cGlyeV9kYXRlIiwgIjIw`` + ``WyJwWjVNUnlPeHBWV1p1SExvSi15alJnIiwgImV4cGlyeV9kYXRlIiwgIjIw`` ``MjQtMDEtMDEiXQ`` -- Contents: ``["WDkd6JsNhDFvLP4s1hQdyA", "expiry_date", "2024-01-01"]`` +- Contents: ``["pZ5MRyOxpVWZuHLoJ-yjRg", "expiry_date", "2024-01-01"]`` **Claim** ``tax_id_code``: -- SHA-256 Hash: ``F90SKK9nIQcHIElkHY_ult_9FGqYe-RydvY3E0qR96s`` +- SHA-256 Hash: ``-LLA7MCh-YWWYNzFfwZsJBGGiE096fN8d60a-ml3sgo`` - Disclosure: - ``WyI0a3NBejZiTVVLeTZadk4xaDhIRHVRIiwgInRheF9pZF9jb2RlIiwgIlRJ`` + ``WyJqdFZ1S0NwbjdiVGNIckFnX3NlVWJRIiwgInRheF9pZF9jb2RlIiwgIlRJ`` ``TklULVhYWFhYWFhYWFhYWFhYWFgiXQ`` -- Contents: ``["4ksAz6bMUKy6ZvN1h8HDuQ", "tax_id_code",`` +- Contents: ``["jtVuKCpn7bTcHrAg_seUbQ", "tax_id_code",`` ``"TINIT-XXXXXXXXXXXXXXXX"]`` **Claim** ``constant_attendance_allowance``: -- SHA-256 Hash: ``ji86HS1v3D41tU5JqW4oWCwTJDuTUwp1ewqoCUzzEXk`` +- SHA-256 Hash: ``rhPkItz7BGGpjnWX2SGVH_OV9VhRjz9Hx_INXwBbz6o`` - Disclosure: - ``WyJEZFdxS2g3d2RJNVZBeEtTdnhzWFZRIiwgImNvbnN0YW50X2F0dGVuZGFu`` + ``WyJXRGtkNkpzTmhERnZMUDRzMWhRZHlBIiwgImNvbnN0YW50X2F0dGVuZGFu`` ``Y2VfYWxsb3dhbmNlIiwgdHJ1ZV0`` - Contents: - ``["DdWqKh7wdI5VAxKSvxsXVQ", "constant_attendance_allowance",`` + ``["WDkd6JsNhDFvLP4s1hQdyA", "constant_attendance_allowance",`` ``true]`` - The combined format for the PID issuance is represented below: .. code-block:: eyJhbGciOiAiRVMyNTYiLCAidHlwIjogImV4YW1wbGUrc2Qtand0In0.eyJfc2QiOiBb - IjdXRzRuVDZLMjZfUjM5NzV6Y3duVndnb0hBN2I5ODhfMy12SnpiWmY2WWMiXSwgImlz - cyI6ICJodHRwczovL2lzc3Vlci5leGFtcGxlLm9yZyIsICJleHAiOiAxODgzMDAwMDAw - LCAic3ViIjogIk56YkxzWGg4dURDY2Q3bm9XWEZaQWZIa3hac1JHQzlYcyIsICJqdGki - OiAidXJuOnV1aWQ6NmM1YzBhNDktYjU4OS00MzFkLWJhZTctMjE5MTIyYTllYzJjIiwg - InN0YXR1cyI6ICJodHRwczovL2lzc3Vlci5leGFtcGxlLm9yZy9zdGF0dXMiLCAidmN0 - IjogIkRpc2FiaWxpdHlDYXJkIiwgInZlcmlmaWVkX2NsYWltcyI6IHsidmVyaWZpY2F0 - aW9uIjogeyJfc2QiOiBbInNUc2txMHlGeTMxWkgzWVAybk5fbkZuZDdIOXExOGRVM29F - YTFEQzVMUmMiXSwgInRydXN0X2ZyYW1ld29yayI6ICJlaWRhcyIsICJhc3N1cmFuY2Vf - bGV2ZWwiOiAiaGlnaCJ9LCAiY2xhaW1zIjogeyJfc2QiOiBbIjNodW1GamlDWUhkSHpq - TC1PRWQxdktuUWExMGl2YVlFZDFkQ0NrZlJ1YUEiLCAiRVlnekoxaFRZV0pqaEJLMlYz - YjhIVjNlX2ZFZi1VZGZmYzV5bVk3N1d0USIsICJGOTBTS0s5bklRY0hJRWxrSFlfdWx0 - XzlGR3FZZS1SeWR2WTNFMHFSOTZzIiwgIkljWUhReWRUX0MzVTFJcWFKbEZpY3hMbGFI - VEh2RWx5Rlo2SnhpYTI3cVEiLCAiZGZybVV2b25aRGdlYWxaQ0d3azN1Zm1jXzRlcHQz - eTlON3hoV1psQ3l4byIsICJqaTg2SFMxdjNENDF0VTVKcVc0b1dDd1RKRHVUVXdwMWV3 - cW9DVXp6RVhrIiwgImxYZ3hFREF1UGVVdm1rY05HcjlGWnVxb2R3RnFVVDAxZ0pqN3hk - NHlFUEEiXX19LCAiX3NkX2FsZyI6ICJzaGEtMjU2IiwgImNuZiI6IHsiandrIjogeyJr - dHkiOiAiRUMiLCAiY3J2IjogIlAtMjU2IiwgIngiOiAiVENBRVIxOVp2dTNPSEY0ajRX - NHZmU1ZvSElQMUlMaWxEbHM3dkNlR2VtYyIsICJ5IjogIlp4amlXV2JaTVFHSFZXS1ZR - NGhiU0lpcnNWZnVlY0NFNnQ0alQ5RjJIWlEifX19.hbgWxBoQtLVpTfygYVDhrgnoCkw - aw_hqY9GpxG4oXixejLEMvTOAwYFtqiNnYSuNaaGD6aemJW7jLSHDm9NOGA~WyI1N212 - eWNUaDV5WkNyS0xaNXhuZlV3IiwgImlhdCIsIDE2ODMwMDAwMDBd~WyJrdWNyQm1sb19 - oTWFJRkY1ODVSemFRIiwgInNvdXJjZSIsIHsib3JnYW5pemF0aW9uX25hbWUiOiAiSXN - 0aXR1dG8gTmF6aW9uYWxlIGRlbGxhIFByZXZpZGVuemEgU29jaWFsZSIsICJvcmdhbml - 6YXRpb25faWQiOiAidXJuOmV1ZGk6aXQ6b3JnYW5pemF0aW9uX2lkOmlwYV9jb2RlOml - ucHMiLCAiY291bnRyeV9jb2RlIjogIklUIn1d~WyJOVE5Sb09pdVZWUnRGNkNFenRkOV - p3IiwgImV2aWRlbmNlIiwgW3sidHlwZSI6ICJlbGVjdHJvbmljX3JlY29yZCIsICJyZW - NvcmQiOiB7Il9zZCI6IFsicWZ1enJRdUdjYkJCS2FFNFE5ZXFWQ1N6bnpKMnJObmRMRz - hxNjA2UkxzTSJdLCAidHlwZSI6ICJodHRwczovL2V1ZGkud2FsbGV0LnBkbmQuZ292Lm - l0In19XV0~WyJGRFNTUGdnekdCVXdRTEhEU0U2d1FRIiwgImRvY3VtZW50X251bWJlci - IsICJYWFhYWFhYWFhYIl0~WyJLWjhlNXdWRXREdmIxemlTUEE0RHpBIiwgImdpdmVuX2 - 5hbWUiLCAiTWFyaW8iXQ~WyJwWjVNUnlPeHBWV1p1SExvSi15alJnIiwgImZhbWlseV9 - uYW1lIiwgIlJvc3NpIl0~WyJqdFZ1S0NwbjdiVGNIckFnX3NlVWJRIiwgImJpcnRoX2R - hdGUiLCAiMTk4MC0wMS0xMCJd~WyJXRGtkNkpzTmhERnZMUDRzMWhRZHlBIiwgImV4cG - lyeV9kYXRlIiwgIjIwMjQtMDEtMDEiXQ~WyI0a3NBejZiTVVLeTZadk4xaDhIRHVRIiw - gInRheF9pZF9jb2RlIiwgIlRJTklULVhYWFhYWFhYWFhYWFhYWFgiXQ~WyJEZFdxS2g3 - d2RJNVZBeEtTdnhzWFZRIiwgImNvbnN0YW50X2F0dGVuZGFuY2VfYWxsb3dhbmNlIiwg - dHJ1ZV0~ + Ii1MTEE3TUNoLVlXV1lOekZmd1pzSkJHR2lFMDk2Zk44ZDYwYS1tbDNzZ28iLCAiN1dH + NG5UNksyNl9SMzk3NXpjd25Wd2dvSEE3Yjk4OF8zLXZKemJaZjZZYyIsICJBRlJKYVJQ + WlRNYU54WXU1SUlXUGlmT0FYSkNuSy1faDFlSnQ3TXltY2dNIiwgIlRLMlJndVBZb1h6 + Q3gwdnY1aGJOOXU1TTJtSGxXQnQ0MXFHV2xMWENOdTgiLCAiVUhDaHBHdE5GMmJqMUZ2 + QWZCYnkxcm5mN1dYa3hlbEZKNWE0dlNqMkZPNCIsICJpOVhITGVQSHlWOE9NMzVsM25m + MU1LcWZwV3VEN09GcFJhbVNBc1gwLTVnIiwgInJoUGtJdHo3QkdHcGpuV1gyU0dWSF9P + VjlWaFJqejlIeF9JTlh3QmJ6Nm8iLCAid3lmeFZxcTlCb3NQVDd0TjRTSE9JNEU0OFAx + OWFWQTFrdFc1WmYwRS1mYyJdLCAiZXhwIjogMTg4MzAwMDAwMCwgImlzcyI6ICJodHRw + czovL2lzc3Vlci5leGFtcGxlLm9yZyIsICJzdWIiOiAiTnpiTHNYaDh1RENjZDdub1dY + RlpBZkhreFpzUkdDOVhzIiwgImp0aSI6ICJ1cm46dXVpZDo2YzVjMGE0OS1iNTg5LTQz + MWQtYmFlNy0yMTkxMjJhOWVjMmMiLCAic3RhdHVzIjogeyJzdGF0dXNfYXR0ZXN0YXRp + b24iOiB7ImNyZWRlbnRpYWxfaGFzaF9hbGciOiAiUzI1NiJ9fSwgInZjdCI6ICJEaXNh + YmlsaXR5Q2FyZCIsICJfc2RfYWxnIjogInNoYS0yNTYiLCAiY25mIjogeyJqd2siOiB7 + Imt0eSI6ICJFQyIsICJjcnYiOiAiUC0yNTYiLCAieCI6ICJUQ0FFUjE5WnZ1M09IRjRq + NFc0dmZTVm9ISVAxSUxpbERsczd2Q2VHZW1jIiwgInkiOiAiWnhqaVdXYlpNUUdIVldL + VlE0aGJTSWlyc1ZmdWVjQ0U2dDRqVDlGMkhaUSJ9fX0.a6yFlMTs32SXy7QNQtW0pTk_ + _TT4n4AqUKBD8699GXiovqqemN_wiUAdGyS229rNTIaCuB1UTv_c8jEz1NoarA~WyI1N + 212eWNUaDV5WkNyS0xaNXhuZlV3IiwgImlhdCIsIDE2ODMwMDAwMDBd~WyJrdWNyQm1s + b19oTWFJRkY1ODVSemFRIiwgImRvY3VtZW50X251bWJlciIsICJYWFhYWFhYWFhYIl0~ + WyJOVE5Sb09pdVZWUnRGNkNFenRkOVp3IiwgImdpdmVuX25hbWUiLCAiTWFyaW8iXQ~W + yJGRFNTUGdnekdCVXdRTEhEU0U2d1FRIiwgImZhbWlseV9uYW1lIiwgIlJvc3NpIl0~W + yJLWjhlNXdWRXREdmIxemlTUEE0RHpBIiwgImJpcnRoX2RhdGUiLCAiMTk4MC0wMS0xM + CJd~WyJwWjVNUnlPeHBWV1p1SExvSi15alJnIiwgImV4cGlyeV9kYXRlIiwgIjIwMjQt + MDEtMDEiXQ~WyJqdFZ1S0NwbjdiVGNIckFnX3NlVWJRIiwgInRheF9pZF9jb2RlIiwgI + lRJTklULVhYWFhYWFhYWFhYWFhYWFgiXQ~WyJXRGtkNkpzTmhERnZMUDRzMWhRZHlBIi + wgImNvbnN0YW50X2F0dGVuZGFuY2VfYWxsb3dhbmNlIiwgdHJ1ZV0~ MDOC-CBOR ========= @@ -824,18 +627,6 @@ The **elementIdentifier** data that MUST be included in a PID/(Q)EAA are: * - **eu.europa.ec.eudiw.pid.1** - **issuing_country** - *tstr (text string)*. Alpha-2 country code as defined in [ISO 3166]. - * - **eu.europa.ec.eudiw.pid.it.1** - - **verification.evidence** - - *bstr (byte string)*. As defined in the :ref:`PID/(Q)EAA Verification field Section `. - * - **eu.europa.ec.eudiw.pid.it.1** - - **verification.trust_framework** - - *tstr (text string)*. As defined in the :ref:`PID/(Q)EAA Verification field Section `. - * - **eu.europa.ec.eudiw.pid.it.1** - - **verification.assurance_level** - - *tstr (text string)*. As defined in the :ref:`PID/(Q)EAA Verification field Section `. - * - **eu.europa.ec.eudiw.pid.it.1** - - **status** - - *tstr (text string)*. HTTPS URL where the credential validity status is available. Depending on the Digital Credential type, additional **elementIdentifier** data MAY be added. The PID MUST support the following data: @@ -957,7 +748,7 @@ A non-normative example of a PID in MDOC-CBOR format is represented below using .. code-block:: text - a366737461747573006776657273696f6e63312e3069646f63756d656e747381a267646f6354797065781865752e6575726f70612e65632e65756469772e7069642e316c6973737565725369676e6564a26a697373756572417574688443a10126a1182159021930820215308201bca003020102021404ad06a30c1a6dc6e93be0e2e8f78dcafa7907c2300a06082a8648ce3d040302305b310b3009060355040613025a45312e302c060355040a0c25465053204d6f62696c69747920616e64205472616e73706f7274206f66205a65746f706961311c301a06035504030c1349414341205a65746573436f6e666964656e73301e170d3231303932393033333034355a170d3232313130333033333034345a3050311a301806035504030c114453205a65746573436f6e666964656e7331253023060355040a0c1c5a65746f70696120436974792044657074206f662054726166666963310b3009060355040613025a453059301306072a8648ce3d020106082a8648ce3d030107034200047c5545e9a0b15f4ff3ce5015121e8ad3257c28d541c1cd0d604fc9d1e352ccc38adef5f7902d44b7a6fc1f99f06eedf7b0018fd9da716aec2f1ffac173356c7da3693067301f0603551d23041830168014bba2a53201700d3c97542ef42889556d15b7ac4630150603551d250101ff040b3009060728818c5d050102301d0603551d0e04160414ce5fd758a8e88563e625cf056bfe9f692f4296fd300e0603551d0f0101ff040403020780300a06082a8648ce3d0403020347003044022012b06a3813ffec5679f3b8cddb51eaa4b95b0cbb1786b09405e2000e9c46618c02202c1f778ad252285ed05d9b55469f1cb78d773671f30fe7ab815371942328317c59032ad818590325a667646f6354797065781865752e6575726f70612e65632e65756469772e7069642e316776657273696f6e63312e306c76616c6964697479496e666fa3667369676e6564c074323032332d30322d32325430363a32333a35365a6976616c696446726f6dc074323032332d30322d32325430363a32333a35365a6a76616c6964556e74696cc074323032342d30322d32325430303a30303a30305a6c76616c756544696765737473a2781865752e6575726f70612e65632e65756469772e7069642e31ac015820a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a025820cd372fb85148700fa88095e3492d3f9f5beb43e555e5ff26d95f5a6adc36f8e6035820e67e72111b363d80c8124d28193926000980e1211c7986cacbd26aacc5528d48045820f7d062d662826ed95869851db06bb539b402047baee53a00e0aa35bfbe98265d0658202a132dbfe4784627b86aa3807cd19cfeff487aab3dd7a60d0ab119a72e736936075820bdca9e8dbca354e824e67bfe1533fa4a238b9ea832f23fb4271ebeb3a5a8f7200858202c0eaec2f05b6c7fe7982683e3773b5d8d7a01e33d04dfcb162add8bd99bee9a095820bfe220d85657ccec3c67e7db1df747e9148a152334bb6d4b65b273279bcc36ec0a582018e38144f5044301d6a0b4ec9d5f98d4cd950e6ea2c29b849cbd457da29b6ad30b58203c71d2f0efa09d9e3fbbdffd29204f6b292c9f79570aef72dd86c91f7a3aa5c50c582065743d58d89d45e52044758f546034fd13a4f994bc270cdfa7844f74eb3f4b6e0d5820b4a8eb5d523bffa17b41bda12ddc7da32ae1e5f7ff3dcc394a35401f16919bbf781b65752e6575726f70612e65632e65756469772e7069642e69742e31a10e58209d6c11644651126c94acdaf0803e86d4c71d15d3b2712a14295416734efd514d6d6465766963654b6579496e666fa1696465766963654b6579a401022001215820ba01aea44eee1e338eb2f04e279dbd51b34655783ee185150838c9a7a7c4db7122582025ba0044439a3871a7b975a0994a85e79b705a9ac263b3fe899b0a93412ee8c96f646967657374416c676f726974686d675348412d32353658400813c28fd62f2602cbc14724e5865733c44a0fca589b55c085ec9d5c725d6cce25ba0044439a3871a7b975a0994a85e79b705a9ac263b3fe899b0a93412ee8c96a6e616d65537061636573a2781865752e6575726f70612e65632e65756469772e7069642e318cd818586da4686469676573744944016672616e646f6d5820156df9227ad341eaa61aabd301106fd21bdc18820e01dfc16bcf5fecc447111b71656c656d656e744964656e7469666965726b6578706972795f646174656c656c656d656e7456616c7565d903ec6a323032342d30322d3232d818586fa4686469676573744944026672616e646f6d5820a3a1f13f05544d03a5b50b5fdb78465808393bcf3b7953a345fe28f820c7be0d71656c656d656e744964656e7469666965726d69737375616e63655f646174656c656c656d656e7456616c7565d903ec6a323032332d30322d3232d8185866a4686469676573744944036672616e646f6d5820852591f90f2c9ded57a03632e2c1322ab52a082a431e71a4149a6830c8f1ad0c71656c656d656e744964656e7469666965726f69737375696e675f636f756e7472796c656c656d656e7456616c7565624954d818587ca4686469676573744944046672616e646f6d5820d1d587b3512acce15c4f6b20944ceb002a464e4a158389788563408873c3fce571656c656d656e744964656e7469666965727169737375696e675f617574686f726974796c656c656d656e7456616c7565764d696e69737465726f2064656c6c27496e7465726e6fd8185864a4686469676573744944056672616e646f6d582094fdd7609c0e73dc8589b5cab11e1d9058cf8bff8a336da5f81fcba055396a0f71656c656d656e744964656e7469666965726a676976656e5f6e616d656c656c656d656e7456616c7565654d6172696fd8185865a4686469676573744944066672616e646f6d5820660c0a7bf79e0e0261ca1547a4294fb808aa70738f424b13ab1b9440b566ae1371656c656d656e744964656e7469666965726b66616d696c795f6e616d656c656c656d656e7456616c756565526f737369d818586ba4686469676573744944076672616e646f6d5820315c53491286488fa07f5c2ce67135ef5c9959c3469c99a14e9b6dc924f9eba571656c656d656e744964656e746966696572696269727468646174656c656c656d656e7456616c7565d903ec6a313935362d30312d3132d818587da4686469676573744944086672616e646f6d5820764ef39c9d01f3aa6a87f441603cfe853fba3cee3bc2c168bcc9e96271d6e06371656c656d656e744964656e74696669657269756e697175655f69646c656c656d656e7456616c7565781e78787878787878782d7878782d787878782d787878787878787878787878d81858e8a4686469676573744944096672616e646f6d5820ad20b3b9c67aed8089ff33ecdc108781c3b49b81cd7a3f059d2fe236977037b271656c656d656e744964656e74696669657275766572696669636174696f6e2e65766964656e63656c656c656d656e7456616c756581a2647479706571656c656374726f6e69635f7265636f7264667265636f7264a264747970656c65696461732e69742e63696566736f75726365a3716f7267616e697a6174696f6e5f6e616d656c65696461732e69742e6369656f6f7267616e697a6174696f6e5f6964646d5f69746c636f756e7472795f636f6465626974d8185879a46864696765737449440a6672616e646f6d5820c12314b3695d1401505187e2113115e2f7b4a14b135dee320f5e6df81275f17671656c656d656e744964656e746966696572667374617475736c656c656d656e7456616c7565781d68747470733a2f2f70696470726f76696465722e69742f737461747573d8185877a46864696765737449440b6672616e646f6d5820a7b6a9027ed97f25df96dd0eab8093b264a3bd6a1d5b24228f3fc5b18ef835fb71656c656d656e744964656e746966696572781c766572696669636174696f6e2e74727573745f6672616d65776f726b6c656c656d656e7456616c7565656569646173d8185876a46864696765737449440c6672616e646f6d5820c76ce2ae4e9be1db07a5cb397b54ace3eccc786d3f85e4348b923dee059783db71656c656d656e744964656e746966696572781c766572696669636174696f6e2e6173737572616e63655f6c6576656c6c656c656d656e7456616c75656468696768781b65752e6575726f70612e65632e65756469772e7069642e69742e3181d8185877a46864696765737449440d6672616e646f6d5820717df3f583b1484366c33a1f869f2b5d201d466a8b589c79ab1a2d85e595432571656c656d656e744964656e7469666965726d7461785f69645f6e756d6265726c656c656d656e7456616c75657554494e49542d585858585858585858585858585858 + a366737461747573006776657273696f6e63312e3069646f63756d656e747381a267646f6354797065781865752e6575726f70612e65632e65756469772e7069642e316c6973737565725369676e6564a26a697373756572417574688443a10126a1182159021930820215308201bca003020102021404ad06a30c1a6dc6e93be0e2e8f78dcafa7907c2300a06082a8648ce3d040302305b310b3009060355040613025a45312e302c060355040a0c25465053204d6f62696c69747920616e64205472616e73706f7274206f66205a65746f706961311c301a06035504030c1349414341205a65746573436f6e666964656e73301e170d3231303932393033333034355a170d3232313130333033333034345a3050311a301806035504030c114453205a65746573436f6e666964656e7331253023060355040a0c1c5a65746f70696120436974792044657074206f662054726166666963310b3009060355040613025a453059301306072a8648ce3d020106082a8648ce3d030107034200047c5545e9a0b15f4ff3ce5015121e8ad3257c28d541c1cd0d604fc9d1e352ccc38adef5f7902d44b7a6fc1f99f06eedf7b0018fd9da716aec2f1ffac173356c7da3693067301f0603551d23041830168014bba2a53201700d3c97542ef42889556d15b7ac4630150603551d250101ff040b3009060728818c5d050102301d0603551d0e04160414ce5fd758a8e88563e625cf056bfe9f692f4296fd300e0603551d0f0101ff040403020780300a06082a8648ce3d0403020347003044022012b06a3813ffec5679f3b8cddb51eaa4b95b0cbb1786b09405e2000e9c46618c02202c1f778ad252285ed05d9b55469f1cb78d773671f30fe7ab815371942328317c59032ad818590325a667646f6354797065781865752e6575726f70612e65632e65756469772e7069642e316776657273696f6e63312e306c76616c6964697479496e666fa3667369676e6564c074323032332d30322d32325430363a32333a35365a6976616c696446726f6dc074323032332d30322d32325430363a32333a35365a6a76616c6964556e74696cc074323032342d30322d32325430303a30303a30305a6c76616c756544696765737473a2781865752e6575726f70612e65632e65756469772e7069642e31ac015820a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a025820cd372fb85148700fa88095e3492d3f9f5beb43e555e5ff26d95f5a6adc36f8e6035820e67e72111b363d80c8124d28193926000980e1211c7986cacbd26aacc5528d48045820f7d062d662826ed95869851db06bb539b402047baee53a00e0aa35bfbe98265d0658202a132dbfe4784627b86aa3807cd19cfeff487aab3dd7a60d0ab119a72e736936075820bdca9e8dbca354e824e67bfe1533fa4a238b9ea832f23fb4271ebeb3a5a8f7200858202c0eaec2f05b6c7fe7982683e3773b5d8d7a01e33d04dfcb162add8bd99bee9a095820bfe220d85657ccec3c67e7db1df747e9148a152334bb6d4b65b273279bcc36ec0a582018e38144f5044301d6a0b4ec9d5f98d4cd950e6ea2c29b849cbd457da29b6ad30b58203c71d2f0efa09d9e3fbbdffd29204f6b292c9f79570aef72dd86c91f7a3aa5c50c582065743d58d89d45e52044758f546034fd13a4f994bc270cdfa7844f74eb3f4b6e0d5820b4a8eb5d523bffa17b41bda12ddc7da32ae1e5f7ff3dcc394a35401f16919bbf781b65752e6575726f70612e65632e65756469772e7069642e69742e31a10e58209d6c11644651126c94acdaf0803e86d4c71d15d3b2712a14295416734efd514d6d6465766963654b6579496e666fa1696465766963654b6579a401022001215820ba01aea44eee1e338eb2f04e279dbd51b34655783ee185150838c9a7a7c4db7122582025ba0044439a3871a7b975a0994a85e79b705a9ac263b3fe899b0a93412ee8c96f646967657374416c676f726974686d675348412d32353658400813c28fd62f2602cbc14724e5865733c44a0fca589b55c085ec9d5c725d6cce25ba0044439a3871a7b975a0994a85e79b705a9ac263b3fe899b0a93412ee8c96a6e616d65537061636573a2781865752e6575726f70612e65632e65756469772e7069642e3188d818586da4686469676573744944016672616e646f6d5820156df9227ad341eaa61aabd301106fd21bdc18820e01dfc16bcf5fecc447111b71656c656d656e744964656e7469666965726b6578706972795f646174656c656c656d656e7456616c7565d903ec6a323032342d30322d3232d818586fa4686469676573744944026672616e646f6d5820a3a1f13f05544d03a5b50b5fdb78465808393bcf3b7953a345fe28f820c7be0d71656c656d656e744964656e7469666965726d69737375616e63655f646174656c656c656d656e7456616c7565d903ec6a323032332d30322d3232d8185866a4686469676573744944036672616e646f6d5820852591f90f2c9ded57a03632e2c1322ab52a082a431e71a4149a6830c8f1ad0c71656c656d656e744964656e7469666965726f69737375696e675f636f756e7472796c656c656d656e7456616c7565624954d818587ca4686469676573744944046672616e646f6d5820d1d587b3512acce15c4f6b20944ceb002a464e4a158389788563408873c3fce571656c656d656e744964656e7469666965727169737375696e675f617574686f726974796c656c656d656e7456616c7565764d696e69737465726f2064656c6c27496e7465726e6fd8185864a4686469676573744944056672616e646f6d582094fdd7609c0e73dc8589b5cab11e1d9058cf8bff8a336da5f81fcba055396a0f71656c656d656e744964656e7469666965726a676976656e5f6e616d656c656c656d656e7456616c7565654d6172696fd8185865a4686469676573744944066672616e646f6d5820660c0a7bf79e0e0261ca1547a4294fb808aa70738f424b13ab1b9440b566ae1371656c656d656e744964656e7469666965726b66616d696c795f6e616d656c656c656d656e7456616c756565526f737369d818586ba4686469676573744944076672616e646f6d5820315c53491286488fa07f5c2ce67135ef5c9959c3469c99a14e9b6dc924f9eba571656c656d656e744964656e746966696572696269727468646174656c656c656d656e7456616c7565d903ec6a313935362d30312d3132d818587da4686469676573744944086672616e646f6d5820764ef39c9d01f3aa6a87f441603cfe853fba3cee3bc2c168bcc9e96271d6e06371656c656d656e744964656e74696669657269756e697175655f69646c656c656d656e7456616c7565781e78787878787878782d7878782d787878782d787878787878787878787878781b65752e6575726f70612e65632e65756469772e7069642e69742e3181d8185877a46864696765737449440d6672616e646f6d5820717df3f583b1484366c33a1f869f2b5d201d466a8b589c79ab1a2d85e595432571656c656d656e744964656e7469666965726d7461785f69645f6e756d6265726c656c656d656e7456616c75657554494e49542d585858585858585858585858585858 The `Diagnostic Notation` of the above MDOC-CBOR is given below: @@ -967,7 +758,7 @@ The `Diagnostic Notation` of the above MDOC-CBOR is given below: "status": 0, "version": "1.0", "documents": [ - { + { "docType": "eu.europa.ec.eudiw.pid.1", "issuerSigned": { "issuerAuth": [ @@ -987,7 +778,7 @@ The `Diagnostic Notation` of the above MDOC-CBOR is given below: }, "valueDigests": { "eu.europa.ec.eudiw.pid.1": { - 1:h'0F1571A97FFB799CC8FCDF2BA4FC2909929…', + 1: h'0F1571A97FFB799CC8FCDF2BA4FC2909929…', 2: h'0CDFE077400432C055A2B69596C90…', 3: h'E2382149255AE8E955AF9B8984395…', 4: h'BBC77E6CCA981A3AD0C3E544EDF86…', @@ -996,11 +787,7 @@ The `Diagnostic Notation` of the above MDOC-CBOR is given below: 8: h'DEFDF1AA746718016EF1B94BFE5R6…' }, "eu.europa.ec.eudiw.pid.it.1": { - 9: h'AFC5A127BE44753172844B13491D8…', - 10: h'AFC5A127BE44753172844B13492H4…', - 11: h'DJA5A127BE44753172844B13492H4…', - 12: h'KDL5A127BE44753172844B13492H4…', - 13: h'F9EE4D36F67DBD75E23311AC1C29…' + 9: h'F9EE4D36F67DBD75E23311AC1C29…' } }, "deviceKeyInfo": { @@ -1086,53 +873,9 @@ The `Diagnostic Notation` of the above MDOC-CBOR is given below: >>) ], "eu.europa.ec.eudiw.pid.it.1": [ - 24(<< - { - "digestID": 9, - "random": h'CAD1F6A38F603451F1FA653F81FF309D', - "elementIdentifier": "verification.evidence", - "elementValue": [ - { - "type": "electronic_record", - "record": { - "type": "eidas.it.cie", - "source": { - "organization_name": "eidas.it.cie", - "organization_id": "m_it", - "country_code": "it", - } - } - } - ] - } - >>), - 24(<< - { - "digestID": 10, - "random": h'CAD1F6A38F603451F1FA653F81FF309D, - "elementIdentifier": "status", - "elementValue": "https://pidprovider.example.it/status" - } - >>), - 24(<< - { - "digestID": 11, - "random": h'564E3C65D46D06FEDEB0E7293A86GF', - "elementIdentifier": "verification.trust_framework", - "elementValue": "eidas" - } - >>), - 24(<< - { - "digestID": 12, - "random": h'D884E5D5EF4CFC93FDB1E4EE8F3923', - "elementIdentifier": "verification.assurance_level", - "elementValue": "high" - } - >>) 24(<< { - "digestID": 13, + "digestID": 9, "random": h'11aa7273a2d2daa973f5951f0c34c2fbae', "elementIdentifier": "tax_id_number", "elementValue": "TINIT-XXXXXXXXXXXXXXX" @@ -1141,7 +884,7 @@ The `Diagnostic Notation` of the above MDOC-CBOR is given below: ] } } - } + } ] } From 3fc9e702104be8b9f68b9e620a0304676b2fd613 Mon Sep 17 00:00:00 2001 From: fmarino-ipzs <77629526+fmarino-ipzs@users.noreply.github.com> Date: Thu, 29 Feb 2024 15:17:43 +0100 Subject: [PATCH 2/8] Apply suggestions from code review Co-authored-by: Giuseppe De Marco --- docs/en/pid-eaa-data-model.rst | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/docs/en/pid-eaa-data-model.rst b/docs/en/pid-eaa-data-model.rst index 233b9b4c1..2596bd4ee 100644 --- a/docs/en/pid-eaa-data-model.rst +++ b/docs/en/pid-eaa-data-model.rst @@ -138,7 +138,7 @@ Depending on the Digital Credential type **vct**, additional claims data MAY be - -PID non-normative examples +PID Non-Normative Examples -------------------------- In the following, the non-normative example of a PID in JSON format. @@ -148,7 +148,6 @@ In the following, the non-normative example of a PID in JSON format. { "iss": "https://issuer.example.org", "sub": "NzbLsXh8uDCcd7noWXFZAfHkxZsRGC9Xs", - "jti": "urn:uuid:6c5c0a49-b589-431d-bae7-219122a9ec2c", "iat": 1683000000, "exp": 1883000000, "status": { From fca242ada475b559ee4d716200a299033647c5ac Mon Sep 17 00:00:00 2001 From: fmarino-ipzs <77629526+fmarino-ipzs@users.noreply.github.com> Date: Thu, 29 Feb 2024 15:20:07 +0100 Subject: [PATCH 3/8] Apply suggestions from code review Co-authored-by: Giuseppe De Marco --- docs/en/pid-eaa-data-model.rst | 8 +++----- 1 file changed, 3 insertions(+), 5 deletions(-) diff --git a/docs/en/pid-eaa-data-model.rst b/docs/en/pid-eaa-data-model.rst index 2596bd4ee..10b2962ef 100644 --- a/docs/en/pid-eaa-data-model.rst +++ b/docs/en/pid-eaa-data-model.rst @@ -152,7 +152,7 @@ In the following, the non-normative example of a PID in JSON format. "exp": 1883000000, "status": { "status_attestation": { - "credential_hash_alg": "S256" + "credential_hash_alg": "sha-256" }, "vct": "PersonIdentificationData", "unique_id": "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx", @@ -191,10 +191,9 @@ The corresponding SD-JWT verson for PID is given by "exp": 1883000000, "iss": "https://pidprovider.example.org", "sub": "NzbLsXh8uDCcd7noWXFZAfHkxZsRGC9Xs", - "jti": "urn:uuid:6c5c0a49-b589-431d-bae7-219122a9ec2c", "status": { "status_attestation": { - "credential_hash_alg": "S256" + "credential_hash_alg": "sha-256" } }, "vct": "PersonIdentificationData", @@ -301,12 +300,11 @@ In the following, we provide a non-normative example of (Q)EAA in JSON. { "iss": "https://issuer.example.org", "sub": "NzbLsXh8uDCcd7noWXFZAfHkxZsRGC9Xs", - "jti": "urn:uuid:6c5c0a49-b589-431d-bae7-219122a9ec2c", "iat": 1683000000, "exp": 1883000000, "status": { "status_attestation": { - "credential_hash_alg": "S256" + "credential_hash_alg": "sha-256" } "vct": "DisabilityCard", "document_number": "XXXXXXXXXX", From 669b9fcb16ac5adf5898b7d220a3a9467543e5b9 Mon Sep 17 00:00:00 2001 From: fmarino-ipzs <77629526+fmarino-ipzs@users.noreply.github.com> Date: Thu, 29 Feb 2024 15:22:04 +0100 Subject: [PATCH 4/8] Apply suggestions from code review Co-authored-by: Giuseppe De Marco --- docs/en/pid-eaa-data-model.rst | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/en/pid-eaa-data-model.rst b/docs/en/pid-eaa-data-model.rst index 10b2962ef..e0774146d 100644 --- a/docs/en/pid-eaa-data-model.rst +++ b/docs/en/pid-eaa-data-model.rst @@ -350,7 +350,7 @@ The corresponding SD-JWT for the previous data is represented as follow, as deco "jti": "urn:uuid:6c5c0a49-b589-431d-bae7-219122a9ec2c", "status": { "status_attestation": { - "credential_hash_alg": "S256" + "credential_hash_alg": "sha-256" } }, "vct": "DisabilityCard", From d132f1c038b864a4b97d7f007718668d0f924595 Mon Sep 17 00:00:00 2001 From: fmarino-ipzs <77629526+fmarino-ipzs@users.noreply.github.com> Date: Thu, 29 Feb 2024 15:26:00 +0100 Subject: [PATCH 5/8] Update docs/en/pid-eaa-data-model.rst Co-authored-by: Giuseppe De Marco --- docs/en/pid-eaa-data-model.rst | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/en/pid-eaa-data-model.rst b/docs/en/pid-eaa-data-model.rst index e0774146d..b8528e30a 100644 --- a/docs/en/pid-eaa-data-model.rst +++ b/docs/en/pid-eaa-data-model.rst @@ -305,7 +305,7 @@ In the following, we provide a non-normative example of (Q)EAA in JSON. "status": { "status_attestation": { "credential_hash_alg": "sha-256" - } + }, "vct": "DisabilityCard", "document_number": "XXXXXXXXXX", "given_name": "Mario", From d536306da11743a1c4d72bc25f65fc78265d676a Mon Sep 17 00:00:00 2001 From: fmarino-ipzs <77629526+fmarino-ipzs@users.noreply.github.com> Date: Thu, 29 Feb 2024 15:26:18 +0100 Subject: [PATCH 6/8] Update docs/en/pid-eaa-data-model.rst Co-authored-by: Giuseppe De Marco --- docs/en/pid-eaa-data-model.rst | 1 - 1 file changed, 1 deletion(-) diff --git a/docs/en/pid-eaa-data-model.rst b/docs/en/pid-eaa-data-model.rst index b8528e30a..1603b9d56 100644 --- a/docs/en/pid-eaa-data-model.rst +++ b/docs/en/pid-eaa-data-model.rst @@ -347,7 +347,6 @@ The corresponding SD-JWT for the previous data is represented as follow, as deco "exp": 1883000000, "iss": "https://issuer.example.org", "sub": "NzbLsXh8uDCcd7noWXFZAfHkxZsRGC9Xs", - "jti": "urn:uuid:6c5c0a49-b589-431d-bae7-219122a9ec2c", "status": { "status_attestation": { "credential_hash_alg": "sha-256" From cded5ee75e5b71b564b15de7a91801fe7bf7355d Mon Sep 17 00:00:00 2001 From: fmarino-ipzs Date: Thu, 29 Feb 2024 15:35:16 +0100 Subject: [PATCH 7/8] fix: removed jti --- docs/en/pid-eaa-data-model.rst | 67 ++++++++++++++++------------------ 1 file changed, 31 insertions(+), 36 deletions(-) diff --git a/docs/en/pid-eaa-data-model.rst b/docs/en/pid-eaa-data-model.rst index 1603b9d56..d7428154d 100644 --- a/docs/en/pid-eaa-data-model.rst +++ b/docs/en/pid-eaa-data-model.rst @@ -87,9 +87,6 @@ The following claims MUST be in the JWT payload. Some of these claims can be dis * - **sub** - [NSD].Thumbprint of the JWK in the ``cnf`` parameter. - `[RFC7519, Section 4.1.2] `_. - * - **jti** - - [NSD].Unique Token ID identifier of this JWT. It SHOULD be a String in *uuid4* format. - - `[RFC7519, Section 4.1.7] `_. * - **iat** - [SD].UNIX Timestamp with the time of JWT issuance, coded as NumericDate as indicated in :rfc:`7519`. - `[RFC7519, Section 4.1.6] `_. @@ -273,22 +270,21 @@ The combined format for the PID issuance is given by VURnMGZTQW1MR1pkU3VNVU1rNmEyczNiY3NDMCIsICJ3eWZ4VnFxOUJvc1BUN3RONFNI T0k0RTQ4UDE5YVZBMWt0VzVaZjBFLWZjIl0sICJleHAiOiAxODgzMDAwMDAwLCAiaXNz IjogImh0dHBzOi8vcGlkcHJvdmlkZXIuZXhhbXBsZS5vcmciLCAic3ViIjogIk56Ykxz - WGg4dURDY2Q3bm9XWEZaQWZIa3hac1JHQzlYcyIsICJqdGkiOiAidXJuOnV1aWQ6NmM1 - YzBhNDktYjU4OS00MzFkLWJhZTctMjE5MTIyYTllYzJjIiwgInN0YXR1cyI6IHsic3Rh - dHVzX2F0dGVzdGF0aW9uIjogeyJjcmVkZW50aWFsX2hhc2hfYWxnIjogIlMyNTYifX0s - ICJ2Y3QiOiAiUGVyc29uSWRlbnRpZmljYXRpb25EYXRhIiwgIl9zZF9hbGciOiAic2hh - LTI1NiIsICJjbmYiOiB7Imp3ayI6IHsia3R5IjogIkVDIiwgImNydiI6ICJQLTI1NiIs - ICJ4IjogIlRDQUVSMTladnUzT0hGNGo0VzR2ZlNWb0hJUDFJTGlsRGxzN3ZDZUdlbWMi - LCAieSI6ICJaeGppV1diWk1RR0hWV0tWUTRoYlNJaXJzVmZ1ZWNDRTZ0NGpUOUYySFpR - In19fQ.7xhOQpYjKxLQDI0pdYoPrgHQoam2BzkDFKKIKrH2gPf7Ip470VB7O9wK0_nHT - lfyFQ0AG6W7RuSqTLKBAP-z7w~WyI1N212eWNUaDV5WkNyS0xaNXhuZlV3IiwgImlhdC - IsIDE2ODMwMDAwMDBd~WyJrdWNyQm1sb19oTWFJRkY1ODVSemFRIiwgInVuaXF1ZV9pZ - CIsICJ4eHh4eHh4eC14eHh4LXh4eHgteHh4eC14eHh4eHh4eHh4eHgiXQ~WyJOVE5Sb0 - 9pdVZWUnRGNkNFenRkOVp3IiwgImdpdmVuX25hbWUiLCAiTWFyaW8iXQ~WyJGRFNTUGd - nekdCVXdRTEhEU0U2d1FRIiwgImZhbWlseV9uYW1lIiwgIlJvc3NpIl0~WyJLWjhlNXd - WRXREdmIxemlTUEE0RHpBIiwgImJpcnRoX2RhdGUiLCAiMTk4MC0wMS0xMCJd~WyJwWj - VNUnlPeHBWV1p1SExvSi15alJnIiwgInRheF9pZF9jb2RlIiwgIlRJTklULVhYWFhYWF - hYWFhYWFhYWFgiXQ~ + WGg4dURDY2Q3bm9XWEZaQWZIa3hac1JHQzlYcyIsICJzdGF0dXMiOiB7InN0YXR1c19h + dHRlc3RhdGlvbiI6IHsiY3JlZGVudGlhbF9oYXNoX2FsZyI6ICJzaGEtMjU2In19LCAi + dmN0IjogIlBlcnNvbklkZW50aWZpY2F0aW9uRGF0YSIsICJfc2RfYWxnIjogInNoYS0y + NTYiLCAiY25mIjogeyJqd2siOiB7Imt0eSI6ICJFQyIsICJjcnYiOiAiUC0yNTYiLCAi + eCI6ICJUQ0FFUjE5WnZ1M09IRjRqNFc0dmZTVm9ISVAxSUxpbERsczd2Q2VHZW1jIiwg + InkiOiAiWnhqaVdXYlpNUUdIVldLVlE0aGJTSWlyc1ZmdWVjQ0U2dDRqVDlGMkhaUSJ9 + fX0.A36ovweqpCpPkYHX75dg-HIib7zQKlfmMCaixlpOCmEl1CxlX-NtZbFn_kdN0nlJ + YMLay4xSeetmic_ScLTxdg~WyI1N212eWNUaDV5WkNyS0xaNXhuZlV3IiwgImlhdCIsI + DE2ODMwMDAwMDBd~WyJrdWNyQm1sb19oTWFJRkY1ODVSemFRIiwgInVuaXF1ZV9pZCIs + ICJ4eHh4eHh4eC14eHh4LXh4eHgteHh4eC14eHh4eHh4eHh4eHgiXQ~WyJOVE5Sb09pd + VZWUnRGNkNFenRkOVp3IiwgImdpdmVuX25hbWUiLCAiTWFyaW8iXQ~WyJGRFNTUGdnek + dCVXdRTEhEU0U2d1FRIiwgImZhbWlseV9uYW1lIiwgIlJvc3NpIl0~WyJLWjhlNXdWRX + REdmIxemlTUEE0RHpBIiwgImJpcnRoX2RhdGUiLCAiMTk4MC0wMS0xMCJd~WyJwWjVNU + nlPeHBWV1p1SExvSi15alJnIiwgInRheF9pZF9jb2RlIiwgIlRJTklULVhYWFhYWFhYW + FhYWFhYWFgiXQ~ (Q)EAA non-normative examples ----------------------------- @@ -448,23 +444,22 @@ The combined format for the PID issuance is represented below: VjlWaFJqejlIeF9JTlh3QmJ6Nm8iLCAid3lmeFZxcTlCb3NQVDd0TjRTSE9JNEU0OFAx OWFWQTFrdFc1WmYwRS1mYyJdLCAiZXhwIjogMTg4MzAwMDAwMCwgImlzcyI6ICJodHRw czovL2lzc3Vlci5leGFtcGxlLm9yZyIsICJzdWIiOiAiTnpiTHNYaDh1RENjZDdub1dY - RlpBZkhreFpzUkdDOVhzIiwgImp0aSI6ICJ1cm46dXVpZDo2YzVjMGE0OS1iNTg5LTQz - MWQtYmFlNy0yMTkxMjJhOWVjMmMiLCAic3RhdHVzIjogeyJzdGF0dXNfYXR0ZXN0YXRp - b24iOiB7ImNyZWRlbnRpYWxfaGFzaF9hbGciOiAiUzI1NiJ9fSwgInZjdCI6ICJEaXNh - YmlsaXR5Q2FyZCIsICJfc2RfYWxnIjogInNoYS0yNTYiLCAiY25mIjogeyJqd2siOiB7 - Imt0eSI6ICJFQyIsICJjcnYiOiAiUC0yNTYiLCAieCI6ICJUQ0FFUjE5WnZ1M09IRjRq - NFc0dmZTVm9ISVAxSUxpbERsczd2Q2VHZW1jIiwgInkiOiAiWnhqaVdXYlpNUUdIVldL - VlE0aGJTSWlyc1ZmdWVjQ0U2dDRqVDlGMkhaUSJ9fX0.a6yFlMTs32SXy7QNQtW0pTk_ - _TT4n4AqUKBD8699GXiovqqemN_wiUAdGyS229rNTIaCuB1UTv_c8jEz1NoarA~WyI1N - 212eWNUaDV5WkNyS0xaNXhuZlV3IiwgImlhdCIsIDE2ODMwMDAwMDBd~WyJrdWNyQm1s - b19oTWFJRkY1ODVSemFRIiwgImRvY3VtZW50X251bWJlciIsICJYWFhYWFhYWFhYIl0~ - WyJOVE5Sb09pdVZWUnRGNkNFenRkOVp3IiwgImdpdmVuX25hbWUiLCAiTWFyaW8iXQ~W - yJGRFNTUGdnekdCVXdRTEhEU0U2d1FRIiwgImZhbWlseV9uYW1lIiwgIlJvc3NpIl0~W - yJLWjhlNXdWRXREdmIxemlTUEE0RHpBIiwgImJpcnRoX2RhdGUiLCAiMTk4MC0wMS0xM - CJd~WyJwWjVNUnlPeHBWV1p1SExvSi15alJnIiwgImV4cGlyeV9kYXRlIiwgIjIwMjQt - MDEtMDEiXQ~WyJqdFZ1S0NwbjdiVGNIckFnX3NlVWJRIiwgInRheF9pZF9jb2RlIiwgI - lRJTklULVhYWFhYWFhYWFhYWFhYWFgiXQ~WyJXRGtkNkpzTmhERnZMUDRzMWhRZHlBIi - wgImNvbnN0YW50X2F0dGVuZGFuY2VfYWxsb3dhbmNlIiwgdHJ1ZV0~ + RlpBZkhreFpzUkdDOVhzIiwgInN0YXR1cyI6IHsic3RhdHVzX2F0dGVzdGF0aW9uIjog + eyJjcmVkZW50aWFsX2hhc2hfYWxnIjogInNoYS0yNTYifX0sICJ2Y3QiOiAiRGlzYWJp + bGl0eUNhcmQiLCAiX3NkX2FsZyI6ICJzaGEtMjU2IiwgImNuZiI6IHsiandrIjogeyJr + dHkiOiAiRUMiLCAiY3J2IjogIlAtMjU2IiwgIngiOiAiVENBRVIxOVp2dTNPSEY0ajRX + NHZmU1ZvSElQMUlMaWxEbHM3dkNlR2VtYyIsICJ5IjogIlp4amlXV2JaTVFHSFZXS1ZR + NGhiU0lpcnNWZnVlY0NFNnQ0alQ5RjJIWlEifX19.1kOe6IgFxgbb_jtaLUhM_bgjmby + j6B63rm_WjaOwpOBsiPSKJY7hBHd2a83euSI8JqbSkVHJS3wcr0kd9ppZRw~WyI1N212 + eWNUaDV5WkNyS0xaNXhuZlV3IiwgImlhdCIsIDE2ODMwMDAwMDBd~WyJrdWNyQm1sb19 + oTWFJRkY1ODVSemFRIiwgImRvY3VtZW50X251bWJlciIsICJYWFhYWFhYWFhYIl0~WyJ + OVE5Sb09pdVZWUnRGNkNFenRkOVp3IiwgImdpdmVuX25hbWUiLCAiTWFyaW8iXQ~WyJG + RFNTUGdnekdCVXdRTEhEU0U2d1FRIiwgImZhbWlseV9uYW1lIiwgIlJvc3NpIl0~WyJL + WjhlNXdWRXREdmIxemlTUEE0RHpBIiwgImJpcnRoX2RhdGUiLCAiMTk4MC0wMS0xMCJd + ~WyJwWjVNUnlPeHBWV1p1SExvSi15alJnIiwgImV4cGlyeV9kYXRlIiwgIjIwMjQtMDE + tMDEiXQ~WyJqdFZ1S0NwbjdiVGNIckFnX3NlVWJRIiwgInRheF9pZF9jb2RlIiwgIlRJ + TklULVhYWFhYWFhYWFhYWFhYWFgiXQ~WyJXRGtkNkpzTmhERnZMUDRzMWhRZHlBIiwgI + mNvbnN0YW50X2F0dGVuZGFuY2VfYWxsb3dhbmNlIiwgdHJ1ZV0~ MDOC-CBOR ========= From 3e9e987d2e31078d1f21eaf0f217fe67e550976f Mon Sep 17 00:00:00 2001 From: Giuseppe De Marco Date: Thu, 29 Feb 2024 15:41:31 +0100 Subject: [PATCH 8/8] Apply suggestions from code review --- docs/en/pid-eaa-data-model.rst | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/docs/en/pid-eaa-data-model.rst b/docs/en/pid-eaa-data-model.rst index d7428154d..83f3b3866 100644 --- a/docs/en/pid-eaa-data-model.rst +++ b/docs/en/pid-eaa-data-model.rst @@ -22,7 +22,7 @@ The PID/(Q)EAA data format and the mechanism through which a digital credential SD-JWT ====== -The PID/(Q)EAA is issued in the form of a digital credential. The digital credential format is `Selective Disclosure JWT format `_ as specified in `[SD-JWT-based Verifiable Credentials 02] `__. +The PID/(Q)EAA is issued in the form of a Digital Credential. The Digital Credential format is `Selective Disclosure JWT format `_ as specified in `[SD-JWT-based Verifiable Credentials 02] `__. An SD-JWT is a JWT that MUST be signed using the Issuer's private key. The SD-JWT payload of the MUST contain the **_sd_alg** claim described in `[SD-JWT]. Section 5.1.2. `_ and other claims specified in this section, some of them may be selectively disclosable claims. @@ -45,7 +45,7 @@ The Disclosures are sent to the Holder together with the SD-JWT in the *Combined See `[SD-JWT VC] `_ and `[SD-JWT] `__ for more details. -PID/(Q)EAA SD-JWT parameters +PID/(Q)EAA SD-JWT parameters: ---------------------------- The JOSE header contains the following mandatory parameters: