Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Wallet Instance Lifecycle #252

Merged
merged 38 commits into from
Apr 15, 2024
Merged

Wallet Instance Lifecycle #252

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
38 commits
Select commit Hold shift + click to select a range
da1c3af
feat: Add Wallet Attestation request flow
grausof Mar 12, 2024
809f15e
Apply suggestions from code review
grausof Mar 13, 2024
36ca2d9
Apply suggestions from code review
grausof Mar 18, 2024
83acccc
Add nonce endpoint reference
grausof Mar 18, 2024
9d3684c
Update docs/en/wallet-attestation.rst
grausof Mar 18, 2024
5c50e8d
chore: Wallet Attestation editorials and some normative verbs
peppelinux Mar 18, 2024
24ab089
chore: wallet solution editorials
peppelinux Mar 18, 2024
24d44af
Remove type
grausof Mar 19, 2024
11ad59e
Remove type
grausof Mar 19, 2024
caf862c
chore: standards editorials and removed unused token revocation
peppelinux Mar 19, 2024
b69f86a
Merge pull request #237 from italia/wa2
peppelinux Mar 19, 2024
f07b746
defind terms removea misleading element, wallet solution removed auth…
peppelinux Mar 19, 2024
f0dd120
Merge pull request #241 from italia/wa2
peppelinux Mar 19, 2024
4defabe
Apply suggestions from code review
grausof Mar 20, 2024
4eb0fb9
Update docs/en/defined-terms.rst
grausof Mar 20, 2024
3a37a32
Update docs/en/wallet-attestation.rst
grausof Mar 21, 2024
c32ada2
wallet instance lifecycle
balanza Mar 22, 2024
c698f1f
Update docs/en/wallet-attestation.rst
balanza Mar 22, 2024
924415b
Update docs/en/wallet-attestation.rst
balanza Mar 22, 2024
4e01db6
Update docs/en/wallet-attestation.rst
balanza Mar 22, 2024
d8fcbb5
refactor
grausof Mar 25, 2024
d80d97a
Add Warning
grausof Mar 25, 2024
7aae53b
Add Warning
grausof Mar 25, 2024
c19cebf
Include other wscd technologies
grausof Mar 25, 2024
dae1758
Rename Wallet Hardware Key Tag to Cryptographic Hardware Key
grausof Mar 25, 2024
fbedf3b
Rename Wallet Hardware Key Tag to Cryptographic Hardware Key
grausof Mar 25, 2024
922f73c
Apply suggestions from code review
balanza Mar 25, 2024
2b52741
Update docs/en/wallet-attestation.rst
balanza Mar 29, 2024
4796bc4
add clarification
balanza Apr 2, 2024
4dbf7e2
clarify revocation
balanza Apr 2, 2024
6b1fc3b
Apply suggestions from code review
grausof Apr 3, 2024
4f46cd6
Apply suggestions from code review
grausof Apr 3, 2024
e6916c6
Apply suggestions from code review
grausof Apr 4, 2024
07b4dea
Update docs/en/wallet-solution.rst
grausof Apr 5, 2024
6d695d3
Apply suggestions from code review
balanza Apr 15, 2024
ccc5843
Merge pull request #242 from italia/wallet-instance-lifecycle
balanza Apr 15, 2024
fca2dd2
Merge branch 'versione-corrente' into wallet-attestation
grausof Apr 15, 2024
b7d84c2
image
balanza Apr 15, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
69 changes: 68 additions & 1 deletion docs/en/wallet-attestation.rst
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -493,7 +493,74 @@ The body of the Wallet Attestation JWT MUST contain:
-
* - **presentation_definition_uri_supported**
- Boolean value specifying whether the Wallet Instance supports the transfer of presentation_definition by reference. MUST be set to false.
-

Wallet Instance Lifecycle
-----------------------------

The ability of the Wallet Instance to obtain a Wallet Attestation is bound to its current state.
The Wallet Instance assesses its current state based on the Credentials stored locally and the Wallet Attestation issued by the Wallet Provider.

The lifecycle of a Wallet Instance encompasses all the potential states it can configure, along with the transitions from one state to another. This lifecycle is depicted in the diagram below:

.. figure:: ../../images/wallet_instance_lifecycle.svg
:name: Wallet Instance Lifecycle
:alt: Illustration representing the Wallet Instance lifecycle, with the states explained below.
:target: https://www.plantuml.com/plantuml/uml/SoWkIImgAStDuOhMYbNGrRLJyCm32kNafAPOAMH2c5mAG00N1YloBqWjIYp9pCzBpB5IA4ijoaoh1Ab25WUh2qlCoKm1gW1HYIMf83KGCKnJClDmg799JKmkoIm3IW1DAaejoyzEHRSBfpfCbmEzQQLGceVaDOH6x4emxS9KWd0mfgH3QbuAC801


A Wallet Instance SHOULD obtain a Wallet Attestation if it's in either `Installed`, `Operational` or `Valid` state; that implies that a `Deactivated` Wallet Instance cannot obtain a Wallet Attestation hence it cannot interact with other entities of the ecosystem, such as PID/(Q)EAA Providers and Relying Parties.

States
~~~~~~~~~~~~~~~~~~
.. list-table::
:widths: 20 60
:header-rows: 1

* - **State**
- **Description**
* - `Installed`
- The User has installed the Wallet Solution on the device.
* - `Operational`
- The Wallet Instance has been verified and the Wallet Hardware Key has been registered; no valid PID is present in the storage.
* - `Valid`
- A valid PID is present in the storage.
* - `Deactivated`
- The Wallet Instance has been revoked and its Wallet Hardware Key has been marked as not usable.

Transitions
~~~~~~~~~~~~~~~~~~
.. list-table::
:widths: 20 60
:header-rows: 1

* - **Transition**
- **Description**
* - `install`
- The User performs a fresh installation or restores the initial state of the Wallet Instance on the device.
* - `verify`
- The Wallet Instance has been verified by the Wallet Provider and its Wallet Hardware Key has been registered.
* - `validate`
- The Wallet Instance obtains a valid PID.
* - `invalidate`
- The PID expires or gets revoked.
* - `revoke`
- The Wallet Provider marks the Wallet Instance as not usable.
* - `uninstall`
- The User removes the Wallet Instance from the device.

Revocations
~~~~~~~~~~~~~~~~~~
As mentioned in the *Wallet Instance initialization and registration* section above, a Wallet Instance is bound to a Wallet Hardware Key and it's uniquely identified by it.
The Wallet Instance SHOULD send its public Wallet Hardware Key with the Wallet Provider, thus the Wallet Provider MUST identify a Wallet Instance by its Wallet Hardware Key.

When a Wallet Instance is not usable anymore, the Wallet Provider MUST revoke it. The revocation process is a unilateral action taken by the Wallet Provider, and it MUST be performed when the Wallet Instance is in the `Operational` or `Valid` state.
A Wallet Instance becomes unusable for several reasons, such as: the User requests the revocation, the Wallet Provider detects a security issue, or the Wallet Instance is no longer compliant with the Wallet Provider's security requirements.

The details of the revocation mechanism used by the Wallet Provider as well as the data model for maintaining the Wallet Instance references is delegated to the Wallet Provider's implementation.

During the *Wallet Instance initialization and registration* phase the Wallet Provider MAY associate the Wallet Instance with a specific User, subject to obtaining the User's consent. The Wallet Provider MUST evaluate the operating system and general technical capabilities of the device to check compliance with the technical and security requirements and to produce the Wallet Instance metadata.
When the User consents to being linked with the Wallet Instance, they gain the ability to directly request Wallet revocation from the Wallet Provider, and it also allows the Wallet Provider to revoke the Wallet Instance associated with that User.



.. _token endpoint: wallet-solution.html#wallet-attestation
Expand Down
1 change: 1 addition & 0 deletions images/wallet_instance_lifecycle.svg
View file
Open in desktop
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Loading