Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

feat: Add Wallet Attestation request flow #233

Merged
merged 26 commits into from
Apr 5, 2024
Merged
Show file tree
Hide file tree
Changes from 16 commits
Commits
Show all changes
26 commits
Select commit Hold shift + click to select a range
da1c3af
feat: Add Wallet Attestation request flow
grausof Mar 12, 2024
809f15e
Apply suggestions from code review
grausof Mar 13, 2024
36ca2d9
Apply suggestions from code review
grausof Mar 18, 2024
83acccc
Add nonce endpoint reference
grausof Mar 18, 2024
9d3684c
Update docs/en/wallet-attestation.rst
grausof Mar 18, 2024
5c50e8d
chore: Wallet Attestation editorials and some normative verbs
peppelinux Mar 18, 2024
24ab089
chore: wallet solution editorials
peppelinux Mar 18, 2024
24d44af
Remove type
grausof Mar 19, 2024
11ad59e
Remove type
grausof Mar 19, 2024
caf862c
chore: standards editorials and removed unused token revocation
peppelinux Mar 19, 2024
b69f86a
Merge pull request #237 from italia/wa2
peppelinux Mar 19, 2024
f07b746
defind terms removea misleading element, wallet solution removed auth…
peppelinux Mar 19, 2024
f0dd120
Merge pull request #241 from italia/wa2
peppelinux Mar 19, 2024
4defabe
Apply suggestions from code review
grausof Mar 20, 2024
4eb0fb9
Update docs/en/defined-terms.rst
grausof Mar 20, 2024
3a37a32
Update docs/en/wallet-attestation.rst
grausof Mar 21, 2024
d8fcbb5
refactor
grausof Mar 25, 2024
d80d97a
Add Warning
grausof Mar 25, 2024
7aae53b
Add Warning
grausof Mar 25, 2024
c19cebf
Include other wscd technologies
grausof Mar 25, 2024
dae1758
Rename Wallet Hardware Key Tag to Cryptographic Hardware Key
grausof Mar 25, 2024
fbedf3b
Rename Wallet Hardware Key Tag to Cryptographic Hardware Key
grausof Mar 25, 2024
6b1fc3b
Apply suggestions from code review
grausof Apr 3, 2024
4f46cd6
Apply suggestions from code review
grausof Apr 3, 2024
e6916c6
Apply suggestions from code review
grausof Apr 4, 2024
07b4dea
Update docs/en/wallet-solution.rst
grausof Apr 5, 2024
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
28 changes: 13 additions & 15 deletions docs/common/standards.rst
Original file line number Diff line number Diff line change
Expand Up @@ -8,29 +8,27 @@ Technical References
:header-rows: 0

* - `OIDC-FED`_
- OpenID Connect Federation 1.0
- OpenID Connect Federation 1.0.
* - `OPENID4VCI`_
- T\. Lodderstedt, K. Yasuda, T. Looker, "OpenID for Verifiable Credential Issuance", February 2023.
- T. Lodderstedt, K. Yasuda, T. Looker, "OpenID for Verifiable Credential Issuance", February 2023.
* - `SD-JWT-VC`_
- O\. Terbu, D.Fett, "SD-JWT-based Verifiable Credentials (SD-JWT VC)".
- O. Terbu, D.Fett, "SD-JWT-based Verifiable Credentials (SD-JWT VC)".
* - `EIDAS-ARF`_
- EUDI Wallet - Architecture and Reference Framework
- EUDI Wallet - Architecture and Reference Framework.
* - `OPENID4VP`_
- OpenID for Verifiable Presentations - draft 19
- OpenID for Verifiable Presentations.
* - `PresentationExch`_
- Presentation Exchange 2.0 for Presentation Definition
- Presentation Exchange 2.0 for Presentation Definition.
* - :rfc:`2119`
- Bradner, S., "Key words for use in RFCs to Indicate Requirement Levels," BCP 14, RFC 2119, March 1997.
- Bradner, S., "Key words for use in RFCs to Indicate Requirement Levels" BCP 14, RFC 2119, March 1997.
* - :rfc:`2616`
- Fielding, R., Gettys, J., Mogul, J., Frystyk, H., Masinter, L., Leach, P., and T. Berners-Lee, “Hypertext Transfer Protocol -- HTTP/1.1,” RFC 2616, June 1999.
* - :rfc:`3339`
- Klyne, G. and C. Newman, "Date and Time on the Internet: Timestamps", RFC 3339, DOI 10.17487/RFC3339, July 2002.
* - :rfc:`3986`
- Uniform Resource Identifier (URI): Generic Syntax
* - :rfc:`7009`
- Lodderstedt, T., Dronia, S., Scurtescu, M., “OAuth 2.0 Token Revocation,” RFC7009, August 2013.
- Uniform Resource Identifier (URI): Generic Syntax.
* - :rfc:`7159`
- Bray, T., “The JavaScript Object Notation (JSON) Data Interchange Format,” RFC 7159, March 2014.
- Bray, T., “The JavaScript Object Notation (JSON) Data Interchange Format” RFC 7159, March 2014.
* - :rfc:`7515`
- Jones, M., Bradley, J. and N. Sakimura, "JSON Web Signature (JWS)", RFC 7515, DOI 10.17487/RFC7515, May 2015.
* - :rfc:`7516`
Expand All @@ -42,7 +40,7 @@ Technical References
* - :rfc:`7519`
- Jones, M., Bradley, J. and N. Sakimura, "JSON Web Token (JWT)", RFC 7519, DOI 10.17487/RFC7519, May 2015.
* - :rfc:`7638`
- Jones, M., Sakimura, N., “JSON Web Key (JWK) Thumbprint,”RFC7638, September 2015.
- Jones, M., Sakimura, N., “JSON Web Key (JWK) Thumbprint, September 2015.
* - :rfc:`7800`
- Jones, M., Bradley, J. and H. Tschofenig, "Proof-of-Possession Key Semantics for JSON Web Tokens (JWTs)", RFC 7800, DOI 10.17487/RFC7800, April 2016.
* - :rfc:`8174`
Expand All @@ -52,8 +50,8 @@ Technical References
* - `JARM`_
- Lodderstedt, T., Campbell, B., "JWT Secured Authorization Response Mode for OAuth 2.0 (JARM)", November 2022.
* - :rfc:`6749`
- The OAuth 2.0 Authorization Framework
- The OAuth 2.0 Authorization Framework.
* - :rfc:`9449`
- D\. Fett, B. Campbell, J. Bradley, T. Lodderstedt, M. Jones, D. Waite, "OAuth 2.0 Demonstrating Proof-of-Possession at the Application Layer (DPoP)"
- D. Fett, B. Campbell, J. Bradley, T. Lodderstedt, M. Jones, D. Waite, "OAuth 2.0 Demonstrating Proof-of-Possession at the Application Layer (DPoP)".
* - `OPENID4VC-HAIP`_
- Lodderstedt, T., K. Yasuda, "OpenID4VC High Assurance Interoperability Profile with SD-JWT VC"
- Lodderstedt, T., K. Yasuda, "OpenID4VC High Assurance Interoperability Profile with SD-JWT VC".
18 changes: 14 additions & 4 deletions docs/en/defined-terms.rst
Original file line number Diff line number Diff line change
Expand Up @@ -27,8 +27,6 @@ Below are the description of acronyms and definitions which are useful for furth
- An entity accredited by the Federation Authority, responsible for managing the process of verification and certification of accreditation requirements for ecosystem roles.
* - Digital Identity Provider
- An entity, recognized and accredited by the State, responsible for identifying citizens for the issuance of an Electronic Identity Certificate.
* - Electronic Attestation of Identity
- Electronic attestation of attributes referring to master data already present in Italian digital identity systems.
* - Digital Credential
- An signed Credential whose integrity can be cryptographically verified using the public keys of its Issuer. It is also known as Credential.
* - Federation Authority
Expand All @@ -39,10 +37,18 @@ Below are the description of acronyms and definitions which are useful for furth
- All public and/or private entities, conforming to a technical profile and accredited by the Federation Authority, that provide citizens with an IT Wallet Instance.
* - Wallet Attestation
- Verifiable Attestation, issued by the Wallet Provider, that proves the security compliace of the Wallet Instance.
* - Wallet Secure Cryptographic Device
- Hardware-backed secure environment for creating, storing, and/or managing cryptographic keys and data. Examples include Secure Elements (SE), Trusted Execution Environments (TEEs), and Strongbox.
peppelinux marked this conversation as resolved.
Show resolved Hide resolved
* - Credential Status Attestation
- Verifiable Attestation proving that a related Digital Credential is not revoked.
* - Wallet Attestation Service
- Device manufacturer service that allows you to certify the authenticity of the mobile app (Wallet Instance).
* - Device Integrity Service
- A service provided by device manufacturers that verifies the integrity and authenticity of the app instance (Wallet Instance), as well as certifying the secure storage of private keys generated by the device within its dedicated hardware. It's important to note that the terminology used to describe this service varies among manufacturers.
* - Wallet Hardware Keys
- During the app initialization, the Wallet Instance generates a pair of keys, one public and one private, which remain valid for the entire duration of the Wallet Instance's life. Functioning as a Master Key for the personal device, these Wallet Hardware Keys are confined to the OS domain and are not designed for signing arbitrary payloads. Their primary role is to provide a unique identification for each Wallet Instance.
peppelinux marked this conversation as resolved.
Show resolved Hide resolved
* - Wallet Hardware Key Tag
peppelinux marked this conversation as resolved.
Show resolved Hide resolved
- A unique identifier created by the operating system for the Wallet Hardware Keys, utilized to gain access to the private key stored in the hardware.
* - Key Attestation
peppelinux marked this conversation as resolved.
Show resolved Hide resolved
- An attestation from the device's OEM that enhances your confidence in the keys used in your Wallet Instance being securely stored within the device's hardware-backed keystore.
* - Qualified Electronic Attestation of Attributes (QEAA)
- A digitally verifiable attestation in electronic form, issued by a QTSP, that substantiates a person's possession of attributes.
* - Qualified Electronic Signature Provider
Expand Down Expand Up @@ -83,3 +89,7 @@ Acronyms
- Application Programming Interface
* - **LoA**
- Level of Assurance
grausof marked this conversation as resolved.
Show resolved Hide resolved
* - **AAL**
- Authenticator Assurance Level as defined in `<https://csrc.nist.gov/glossary/term/authenticator_assurance_level>`_
* - **WSCD**
- Wallet Secure Cryptographic Device
Loading
Loading