From acac73aff049eb07f232af69c9071aba7a0d54d0 Mon Sep 17 00:00:00 2001
From: peppelinux <demarcog83@gmail.com>
Date: Tue, 29 Aug 2023 11:01:26 +0200
Subject: [PATCH 1/3] fix: openid credential issuer discovery example

---
 docs/en/pid-eaa-issuance.rst | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/docs/en/pid-eaa-issuance.rst b/docs/en/pid-eaa-issuance.rst
index 9cfca1822..aa8fb2c48 100644
--- a/docs/en/pid-eaa-issuance.rst
+++ b/docs/en/pid-eaa-issuance.rst
@@ -37,7 +37,7 @@ The :numref:`fig_High-Level-Flow-ITWallet-PID-Issuance` shows a general architec
 Below a detailed description for each step represented in the previous picture:
 
     0. **Wallet Instance Setup**: the first time the Wallet Instance is started a preliminary setup phase MUST be carried out. It consists of the release of a verifiable proof issued by the Attestation Service provided by the Wallet Provider that asserts the genuineness, the authenticity and the compliance with a trust framework of the Wallet Instance. The verifiable proof binds a public key corresponding to a local private key generated by the Wallet Instance. 
-    1. **Obtaining the trusted PID Provider**: the Wallet Instance queries the Trust Anchor to fetch the trusted PID Provider. 
+    1. **Obtaining the trusted PID Provider**: the Wallet Instance discovers the trusted PID Provider, eg: `https://trust-anchor.eudi.wallet.developers.italia.it/list?entity_type=openid_credential_issuer` and then inspects the metadata looking to the availability of the PID credential. 
     2. **Obtaining of PID Provider metadata**: the Wallet Instance establishes the trust to the PID Provider according to the Trust Model, obtaining the Metadata that discloses the formats of the PID, the algorithms supported, and any other parameter required for interoperability needs.
     3. **PID request**: following the Authorization Code Flow in `[OIDC4VCI. Draft 13] <https://openid.bitbucket.io/connect/openid-4-verifiable-credential-issuance-1_0.html>`_ the Wallet Instance requests a PID to the PID Provider. A fresh key pairs is generated by the Wallet Instance, the public key is used by PID Provider for the key binding of the PID. The PID Provider checks the Wallet Instance by means of the Wallet Attestation and the Trust Chain related to the Wallet Provider.
     4. **End-user authentication**: the PID Provider authenticates the End-User with LoA High, acting as an IAM Proxy to the National eID system. 

From 88ad92fd9debfa3f8d38e42a783109ecb3aca74a Mon Sep 17 00:00:00 2001
From: fmarino-ipzs <77629526+fmarino-ipzs@users.noreply.github.com>
Date: Thu, 31 Aug 2023 19:05:45 +0200
Subject: [PATCH 2/3] chore: editorial improvement in (Q)EAA high level flow
 description

---
 docs/en/pid-eaa-issuance.rst | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/docs/en/pid-eaa-issuance.rst b/docs/en/pid-eaa-issuance.rst
index aa8fb2c48..d7559cf8c 100644
--- a/docs/en/pid-eaa-issuance.rst
+++ b/docs/en/pid-eaa-issuance.rst
@@ -62,7 +62,7 @@ The :numref:`fig_High-Level-Flow-ITWallet-QEAA-Issuance` shows a general archite
 
 Below the description of the most relevant operations involved in the (Q)EAA issuance:
 
-    1. **Obtaining the trusted (Q)EAA Issuer**: the Wallet Instance queries the Trust Anchor to fetch the trusted (Q)EAA Issuer. 
+    1. **Obtaining the trusted (Q)EAA Issuer**: the Wallet Instance discovers the trusted (Q)EAA Issuer at the Subordinate Listing Endpoint of the Trust Anchor, and then inspects the metadata looking for the credential capabilities. 
     2. **Obtaining of (Q)EAA Issuer metadata**: the Wallet Instance establishes the trust to the (Q)EAA Issuer according to the Trust Model, obtaining the Metadata that discloses the formats of the (Q)EAA, the algorithms supported, and any other parameter required for interoperability needs.
     3. **(Q)EAA request**: following the Authorization Code Flow in `[OIDC4VCI. Draft 13] <https://openid.bitbucket.io/connect/openid-4-verifiable-credential-issuance-1_0.html>`_ the Wallet Instance requests a (Q)EAA to the (Q)EAA Issuer. A fresh key pairs is generated by the Wallet Instance, the public key is used by (Q)EAA Issuer for the key binding of the (Q)EAA. The (Q)EAA Issuer checks the Wallet Instance by means of the Wallet Attestation and the Trust Chain related to the Wallet Provider.
     4. **End-user authentication**: the (Q)EAA Issuer, acting as a verifier (Relying Party), authenticates the User with the PID. 

From c532590cde0db8baa7387ccbb6669c135c9b64ef Mon Sep 17 00:00:00 2001
From: Giuseppe De Marco <giuseppe.demarco@teamdigitale.governo.it>
Date: Fri, 1 Sep 2023 23:40:53 +0200
Subject: [PATCH 3/3] Update docs/en/pid-eaa-issuance.rst

Co-authored-by: fmarino-ipzs <77629526+fmarino-ipzs@users.noreply.github.com>
---
 docs/en/pid-eaa-issuance.rst | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/docs/en/pid-eaa-issuance.rst b/docs/en/pid-eaa-issuance.rst
index d7559cf8c..ce4a2c2fc 100644
--- a/docs/en/pid-eaa-issuance.rst
+++ b/docs/en/pid-eaa-issuance.rst
@@ -37,7 +37,7 @@ The :numref:`fig_High-Level-Flow-ITWallet-PID-Issuance` shows a general architec
 Below a detailed description for each step represented in the previous picture:
 
     0. **Wallet Instance Setup**: the first time the Wallet Instance is started a preliminary setup phase MUST be carried out. It consists of the release of a verifiable proof issued by the Attestation Service provided by the Wallet Provider that asserts the genuineness, the authenticity and the compliance with a trust framework of the Wallet Instance. The verifiable proof binds a public key corresponding to a local private key generated by the Wallet Instance. 
-    1. **Obtaining the trusted PID Provider**: the Wallet Instance discovers the trusted PID Provider, eg: `https://trust-anchor.eudi.wallet.developers.italia.it/list?entity_type=openid_credential_issuer` and then inspects the metadata looking to the availability of the PID credential. 
+    1. **Obtaining the trusted PID Provider**: the Wallet Instance discovers the trusted PID Provider at the Subordinate Listing Endpoint of the Trust Anchor, and then inspects the metadata looking for the availability of the PID credential. 
     2. **Obtaining of PID Provider metadata**: the Wallet Instance establishes the trust to the PID Provider according to the Trust Model, obtaining the Metadata that discloses the formats of the PID, the algorithms supported, and any other parameter required for interoperability needs.
     3. **PID request**: following the Authorization Code Flow in `[OIDC4VCI. Draft 13] <https://openid.bitbucket.io/connect/openid-4-verifiable-credential-issuance-1_0.html>`_ the Wallet Instance requests a PID to the PID Provider. A fresh key pairs is generated by the Wallet Instance, the public key is used by PID Provider for the key binding of the PID. The PID Provider checks the Wallet Instance by means of the Wallet Attestation and the Trust Chain related to the Wallet Provider.
     4. **End-user authentication**: the PID Provider authenticates the End-User with LoA High, acting as an IAM Proxy to the National eID system.