From ce3c67a608155d95606026a5d96afac99fc09473 Mon Sep 17 00:00:00 2001 From: asharif1990 <35602900+asharif1990@users.noreply.github.com> Date: Thu, 14 Sep 2023 18:28:22 +0200 Subject: [PATCH] [final changes] --- docs/en/pid-eaa-issuance.rst | 20 +++++++++++++++----- 1 file changed, 15 insertions(+), 5 deletions(-) diff --git a/docs/en/pid-eaa-issuance.rst b/docs/en/pid-eaa-issuance.rst index 9c6686386..b33309e21 100644 --- a/docs/en/pid-eaa-issuance.rst +++ b/docs/en/pid-eaa-issuance.rst @@ -38,7 +38,7 @@ The :numref:`fig_High-Level-Flow-ITWallet-PID-Issuance` shows a general architec Below a detailed description for each step represented in the previous picture: 0. **Wallet Instance Setup**: the first time the Wallet Instance is started a preliminary setup phase MUST be carried out. It consists of the release of a verifiable proof issued by the Attestation Service provided by the Wallet Provider that asserts the genuineness, the authenticity and the compliance with a trust framework of the Wallet Instance. The verifiable proof binds a public key corresponding to a local private key generated by the Wallet Instance. - 1. **Obtaining the trusted PID Provider**: the Wallet Instance discovers the trusted PID Provider at the Subordinate Listing Endpoint of the Trust Anchor, and then inspects the Metadata looking for the availability of the PID credential. + 1. **Obtaining the Trusted PID Provider**: the Wallet Instance discovers the trusted PID Provider at the Subordinate Listing Endpoint of the Trust Anchor, and then inspects the Metadata looking for the availability of the PID credential. 2. **Obtaining of PID Provider Metadata**: the Wallet Instance establishes the trust to the PID Provider according to the Trust Model, obtaining the Metadata that discloses the formats of the PID, the algorithms supported, and any other parameter required for interoperability needs. 3. **PID Request**: following the Authorization Code Flow in `[OIDC4VCI. Draft 13] `_ the Wallet Instance requests a PID to the PID Provider. A fresh key pair that is generated by the Wallet Instance for the purpose of the sender-constrained Access Token will be used by the PID Provider for the key binding of the PID. 4. **User Authentication**: the PID Provider authenticates the User with LoA High, acting as an IAM Proxy to the National eID system. @@ -320,10 +320,10 @@ Where the decoded content of the JWT is represented below: "alg": "ES256", "typ": "openid4vci-proof+jwt", "jwk": { - "kty": "EC", - "x": "l8tFrhx-34tV3hRICRDY9zCkDlpBhF42UQUfWVAWBFs", - "y": "9VE4jf_Ok_o64zbTTlcuNJajHmt6v9TDVrU0CdvGRDA", - "crv": "P-256" + "kty": "EC", + "x": "l8tFrhx-34tV3hRICRDY9zCkDlpBhF42UQUfWVAWBFs", + "y": "9VE4jf_Ok_o64zbTTlcuNJajHmt6v9TDVrU0CdvGRDA", + "crv": "P-256" } } @@ -877,6 +877,16 @@ Below a non-normative example of an Entity Configuration containing an `openid_c "pushed_authorization_request_endpoint": "https://pid-provider.example.org/connect/par", "dpop_signing_alg_values_supported": ["RS256", "RS512", "ES256", "ES512"], "credential_endpoint": "https://pid-provider.example.org/credential", + "jwks": { + "keys": [ + { + "crv": "P-256", + "kty": "EC", + "x": "newK5qDYMekrCPPO-yEYTdJVWJMTzasMavt2vm1Mb-A", + "y": "VizXaLO6dzeesZPxfpGZabTK3cTXtBUbIiQpmiYRtSE", + "kid": "ff0bded045fe63fe5d1d64dd83b567e0" + }] + } "credentials_supported": [ { "format": "vc+sd-jwt",