From e6b0b22a35dee846931d04f9bd4418914b28e089 Mon Sep 17 00:00:00 2001 From: Oliver Terbu Date: Wed, 6 Mar 2024 17:18:53 +0100 Subject: [PATCH 01/10] fix: fixed mdoc/mdl sections --- openid-4-verifiable-presentations-1_0.md | 86 ++++++++++-------------- 1 file changed, 37 insertions(+), 49 deletions(-) diff --git a/openid-4-verifiable-presentations-1_0.md b/openid-4-verifiable-presentations-1_0.md index 2778b98a..deb574eb 100644 --- a/openid-4-verifiable-presentations-1_0.md +++ b/openid-4-verifiable-presentations-1_0.md @@ -1292,6 +1292,36 @@ issuers in Self-Sovereign Identity ecosystems using TRAIN + + + ISO/IEC DTS 18013-7 Personal identification — ISO-compliant driving license — Part 7: Mobile driving license (mDL) add-on functions + + ISO/IEC JTC 1/SC 17 Cards and security devices for personal identification + + + + + + + + ISO/IEC DTS 23220-2 Personal identification — Building blocks for identity management via mobile devices, Part 2: Data objects and encoding rules for generic eID systems + + ISO/IEC JTC 1/SC 17 Cards and security devices for personal identification + + + + + + + + ISO/IEC CD TS 23220-4 Personal identification — Building blocks for identity management via mobile devices, Part 4: Protocols and services for operational phase + + ISO/IEC JTC 1/SC 17 Cards and security devices for personal identification + + + + + BCP195 @@ -1514,59 +1544,15 @@ The following is the content of the `presentation_definition` parameter: <{{examples/response/ac_vp_sd.json}} -## ISO mobile Driving License (mDL) - -This section illustrates how a mobile driving license (mDL) Credential expressed using a data model and data sets defined in [@ISO.18013-5] encoded as CBOR can be presented from the End-User's device directly to the Verifier using this specification. - -The Credential format identifier is `mso_mdoc`. - -Cipher suites should use signature suites names defined in [@ISO.18013-5]. - -### Presentation Request - -A non-normative example of an Authorization Request would look the same as in the examples of other Credential formats in this Annex. The difference is in the content of the `presentation_definition` parameter. - -<{{examples/request/request.txt}} - -The following is a non-normative example of the content of the `presentation_definition` parameter: - -<{{examples/request/pd_mdl_iso_cbor.json}} - -To start with, the `format` parameter in the `input_descriptor` element is set to `mso_mdoc`, i.e., it requests presentation of an mDL in CBOR format. - -To request user claims in ISO/IEC 18013-5:2021 mDL, a `doctype` and `namespace` of the claim needs to be specified. Moreover, the Verifiers needs to indicate whether it intends to retain obtained user claims or not, using `intent_to_retain` property. - -Note: `intent_to_retain` is a property introduced in this example to meet requirements of [@ISO.18013-5]. - -Setting `limit_disclosure` property defined in [@!DIF.PresentationExchange] to `required` enables selective release by instructing the Wallet to submit only the data parameters specified in the fields array. Selective release of claims is a requirement built into an ISO/IEC 18013-5:2021 mDL data model. - -### Presentation Response - -A non-normative example of the Authorization Response would look the same as in the examples of other Credential formats in this Annex. - -The following is a non-normative example of the content of the `presentation_submission` parameter: - -<{{examples/response/ps_mdl_iso_cbor.json}} - -The `descriptor_map` refers to the `input_descriptor` element with an identifier `mDL` and tells the Verifier that there is an ISO/IEC 18013-5:2021 mDL (`format` is `mso_mdoc`) in CBOR encoding directly in the `vp_token` (path is the root designated by `$`). - -When ISO/IEC 18013-5:2021 mDL is expressed in CBOR the `path_nested` parameter cannot be used to point to the location of the requested claims. The user claims will always be included in the `issuerSigned` item. `path_nested` parameter can be used, however, when a JSON-encoded ISO/IEC 18013-5:2021 mDL is returned. - -The following is a non-normative example of an ISO/IEC 18013-5:2021 mDL encoded as CBOR in diagnostic notation (line wraps within values are for display purposes only) as conveyed in the `vp_token` parameter. - -<{{examples/response/mdl_iso_cbor.json}} - -In the `deviceSigned` item, the `deviceAuth` item includes a signature by the deviceKey that belongs to the End-User. It is used to prove legitimate possession of the Credential, since the Issuer has signed over the deviceKey during the issuance of the Credential. - -Note: The deviceKey does not have to be HW-bound. +## mdoc (ISO/IEC 18013 and ISO/IEC 23220) -In the `issueSigned` item, `issuerAuth` item includes Issuer's signature over the hashes of the user claims, and `namespaces` items include user claims within each namespace that the End-User agreed to reveal to the Verifier in that transaction. +Refer to the latest version of ISO/IEC TR 18013-7 [@ISO.18013-7] for an OID4VP profile definition and examples of Credentials in the ISO/IEC 18013-5 mdoc format using the document type `org.iso.18013.5.1.mdl` as defined in ISO/IEC 18013-5:2021 [@ISO.18013-5]. -Note: The user claims in the `deviceSigned` item correspond to self-attested claims inside a Self-Issued ID Token [@!SIOPv2] (none in the example below), and user claims in the `issuerSigned` item correspond to the user claims included in a VP Token signed by a trusted third party. +Also, see the latest version of ISO/IEC TR 23220-4 [@ISO.23220-4] for an OID4VP profile definition and examples for Credentials in the ISO/IEC TR 23220-2 [@ISO.23220-2] mdoc format using any document type. -Note: The reason hashes of the user claims are included in the `issuerAuth` item lies in the selective release mechanism. Selective release of the user claims in an ISO/IEC 18013-5:2021 mDL is performed by the Issuer signing over the hashes of all the user claims during the issuance, and only the actual values of the claims that the End-User has agreed to reveal to the Verifier being included during the presentation. +Note that ISO/IEC 18013-5:2021 is a profile of ISO/IEC TR 23220-2, and ISO/IEC TR 18013-7 is a profile of ISO/IEC 23220-4. -The example in this section is also applicable to the electronic identification Verifiable Credentials expressed using data models defined in ISO/IEC TR 23220-2. +The Credential format identifier for Credentials in the mdoc format is `mso_mdoc`. ## Combining this specification with SIOPv2 @@ -1694,6 +1680,8 @@ The technology described in this specification was made available from contribut # Document History [[ To be removed from the final specification ]] + -21 + * added references to ISO/IEC 23220 and 18013 documents -20 From 46aafc8d33b6c9075ce7a934fd14212b3e816c1d Mon Sep 17 00:00:00 2001 From: Oliver Terbu Date: Wed, 6 Mar 2024 17:24:26 +0100 Subject: [PATCH 02/10] fix: fixed reference --- openid-4-verifiable-presentations-1_0.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/openid-4-verifiable-presentations-1_0.md b/openid-4-verifiable-presentations-1_0.md index deb574eb..7e0dbc11 100644 --- a/openid-4-verifiable-presentations-1_0.md +++ b/openid-4-verifiable-presentations-1_0.md @@ -1546,11 +1546,11 @@ The following is the content of the `presentation_definition` parameter: ## mdoc (ISO/IEC 18013 and ISO/IEC 23220) -Refer to the latest version of ISO/IEC TR 18013-7 [@ISO.18013-7] for an OID4VP profile definition and examples of Credentials in the ISO/IEC 18013-5 mdoc format using the document type `org.iso.18013.5.1.mdl` as defined in ISO/IEC 18013-5:2021 [@ISO.18013-5]. +Refer to the latest version of ISO/IEC TR 18013-7 [@ISO.18013-7] for an OID4VP profile definition and examples of Credentials in the ISO/IEC 18013-5:2021 mdoc format using the document type `org.iso.18013.5.1.mdl` as defined in ISO/IEC 18013-5:2021 [@ISO.18013-5]. Also, see the latest version of ISO/IEC TR 23220-4 [@ISO.23220-4] for an OID4VP profile definition and examples for Credentials in the ISO/IEC TR 23220-2 [@ISO.23220-2] mdoc format using any document type. -Note that ISO/IEC 18013-5:2021 is a profile of ISO/IEC TR 23220-2, and ISO/IEC TR 18013-7 is a profile of ISO/IEC 23220-4. +Note that ISO/IEC 18013-5:2021 is a profile of ISO/IEC TR 23220-2, and ISO/IEC TR 18013-7 is a profile of ISO/IEC TR 23220-4. The Credential format identifier for Credentials in the mdoc format is `mso_mdoc`. From 4056a2517c0de217592d66dba626b94fe068f0d9 Mon Sep 17 00:00:00 2001 From: Oliver Terbu Date: Mon, 25 Mar 2024 13:58:09 +0100 Subject: [PATCH 03/10] fix: added more language --- openid-4-verifiable-presentations-1_0.md | 25 ++++++++++++++++++++---- 1 file changed, 21 insertions(+), 4 deletions(-) diff --git a/openid-4-verifiable-presentations-1_0.md b/openid-4-verifiable-presentations-1_0.md index 7e0dbc11..1679a303 100644 --- a/openid-4-verifiable-presentations-1_0.md +++ b/openid-4-verifiable-presentations-1_0.md @@ -1546,13 +1546,30 @@ The following is the content of the `presentation_definition` parameter: ## mdoc (ISO/IEC 18013 and ISO/IEC 23220) -Refer to the latest version of ISO/IEC TR 18013-7 [@ISO.18013-7] for an OID4VP profile definition and examples of Credentials in the ISO/IEC 18013-5:2021 mdoc format using the document type `org.iso.18013.5.1.mdl` as defined in ISO/IEC 18013-5:2021 [@ISO.18013-5]. +ISO/IEC 18013-5:2021 defines a mobile driving license (mDL) Credential in the mobile document (mdoc) format. Although ISO/IEC 18013-5:2021 is specific to mobile driving licenses (mDLs), the Credential format can be utilized with any type of Credential (or mdoc document types). The ISO/IEC 23220 series has extracted components from ISO/IEC 18013-5:2021 and ISO/IEC TS 18013-7 that are common across document types to facilitate the profiling of the specification for other document types. The core data structures are shared between ISO/IEC 18013-5:2021 and ISO/IEC 23220, which are encoded in CBOR and secured using COSE_Sign1. -Also, see the latest version of ISO/IEC TR 23220-4 [@ISO.23220-4] for an OID4VP profile definition and examples for Credentials in the ISO/IEC TR 23220-2 [@ISO.23220-2] mdoc format using any document type. +The Credential format identifier for Credentials in the mdoc format is `mso_mdoc`. -Note that ISO/IEC 18013-5:2021 is a profile of ISO/IEC TR 23220-2, and ISO/IEC TR 18013-7 is a profile of ISO/IEC TR 23220-4. +ISO/IEC TS 18013-7 Annex B and ISO/IEC 23220-4 Annex C define a profile of OID4VP for requesting and presenting Credentials in the mdoc format. -The Credential format identifier for Credentials in the mdoc format is `mso_mdoc`. +The profile includes the following elements: + +* Rules for the `presentation_definition` Authorization Request parameter. +* Rules for the `presentation_submission` Authorization Response parameter. +* Wallet invocation using the `mdoc-openid4vp://` custom URI scheme. +* Rules for the `SessionTranscript` CBOR structure (i.e., the `OID4VPHandover` CBOR structure) and guidelines on using OID4VP Authorization Request and Request Object parameters with the `SessionTranscript` CBOR structure as specified in ISO/IEC TS 18013-7 and ISO/IEC 23220-4. +* Required Wallet and Verifier Metadata parameters and their values. +* Additional restrictions on Authorization Request and Authorization Response parameters to ensure compliance with ISO/IEC TS 18013-7 and ISO/IEC 23220-4. For instance, to comply with ISO/IEC TS 18013-7, only the same-device flow is supported, the `request_uri` Authorization Request parameter is required, and the Authorization Response has to be encrypted. + +### Presentation Request + +See ISO/IEC TS 18013-7 or ISO/IEC 23220-4 for the latest examples on how to use the `presentation_definition` parameter for requesting Credentials in the mdoc format. + +### Presentation Response + +The VP Token contains a `DeviceResponse` CBOR structure as defined in ISO/IEC 18013-5:2021 or ISO/IEC 23220-4. `DeviceResponse` is included in the resulting VP Token and signs over the `SessionTranscript` profile defined in ISO/IEC TS 18013-7 and ISO/IEC 23220-4. + +See ISO/IEC TS 18013-7 or ISO/IEC 23220-4 for the latest examples on how to use the `presentation_submission` parameter for presenting Credentials in the mdoc format. ## Combining this specification with SIOPv2 From d6047180cf3e0bf2efcf2f208a23f9ffd1c408c6 Mon Sep 17 00:00:00 2001 From: Oliver Terbu Date: Mon, 25 Mar 2024 14:05:22 +0100 Subject: [PATCH 04/10] fix: added iso references --- openid-4-verifiable-presentations-1_0.md | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/openid-4-verifiable-presentations-1_0.md b/openid-4-verifiable-presentations-1_0.md index 1679a303..9d74b416 100644 --- a/openid-4-verifiable-presentations-1_0.md +++ b/openid-4-verifiable-presentations-1_0.md @@ -1546,11 +1546,11 @@ The following is the content of the `presentation_definition` parameter: ## mdoc (ISO/IEC 18013 and ISO/IEC 23220) -ISO/IEC 18013-5:2021 defines a mobile driving license (mDL) Credential in the mobile document (mdoc) format. Although ISO/IEC 18013-5:2021 is specific to mobile driving licenses (mDLs), the Credential format can be utilized with any type of Credential (or mdoc document types). The ISO/IEC 23220 series has extracted components from ISO/IEC 18013-5:2021 and ISO/IEC TS 18013-7 that are common across document types to facilitate the profiling of the specification for other document types. The core data structures are shared between ISO/IEC 18013-5:2021 and ISO/IEC 23220, which are encoded in CBOR and secured using COSE_Sign1. +ISO/IEC 18013-5:2021 [@ISO.18013-5] defines a mobile driving license (mDL) Credential in the mobile document (mdoc) format. Although ISO/IEC 18013-5:2021 [@ISO.18013-5] is specific to mobile driving licenses (mDLs), the Credential format can be utilized with any type of Credential (or mdoc document types). The ISO/IEC 23220 series has extracted components from ISO/IEC 18013-5:2021 [@ISO.18013-5] and ISO/IEC TS 18013-7 [@ISO.18013-7] that are common across document types to facilitate the profiling of the specification for other document types. The core data structures are shared between ISO/IEC 18013-5:2021 [@ISO.18013-5], ISO/IEC 23220-2 [@ISO.23220-2], ISO/IEC 23220-4 [@ISO.23220-4] which are encoded in CBOR and secured using COSE_Sign1. The Credential format identifier for Credentials in the mdoc format is `mso_mdoc`. -ISO/IEC TS 18013-7 Annex B and ISO/IEC 23220-4 Annex C define a profile of OID4VP for requesting and presenting Credentials in the mdoc format. +ISO/IEC TS 18013-7 Annex B [@ISO.18013-7] and ISO/IEC 23220-4 [@ISO.23220-4] Annex C define a profile of OID4VP for requesting and presenting Credentials in the mdoc format. The profile includes the following elements: @@ -1559,17 +1559,17 @@ The profile includes the following elements: * Wallet invocation using the `mdoc-openid4vp://` custom URI scheme. * Rules for the `SessionTranscript` CBOR structure (i.e., the `OID4VPHandover` CBOR structure) and guidelines on using OID4VP Authorization Request and Request Object parameters with the `SessionTranscript` CBOR structure as specified in ISO/IEC TS 18013-7 and ISO/IEC 23220-4. * Required Wallet and Verifier Metadata parameters and their values. -* Additional restrictions on Authorization Request and Authorization Response parameters to ensure compliance with ISO/IEC TS 18013-7 and ISO/IEC 23220-4. For instance, to comply with ISO/IEC TS 18013-7, only the same-device flow is supported, the `request_uri` Authorization Request parameter is required, and the Authorization Response has to be encrypted. +* Additional restrictions on Authorization Request and Authorization Response parameters to ensure compliance with ISO/IEC TS 18013-7 [@ISO.18013-7] and ISO/IEC 23220-4 [@ISO.23220-4]. For instance, to comply with ISO/IEC TS 18013-7 [@ISO.18013-7], only the same-device flow is supported, the `request_uri` Authorization Request parameter is required, and the Authorization Response has to be encrypted. ### Presentation Request -See ISO/IEC TS 18013-7 or ISO/IEC 23220-4 for the latest examples on how to use the `presentation_definition` parameter for requesting Credentials in the mdoc format. +See ISO/IEC TS 18013-7 Annex B [@ISO.18013-7] and ISO/IEC 23220-4 Annex C [@ISO.23220-4] for the latest examples on how to use the `presentation_definition` parameter for requesting Credentials in the mdoc format. ### Presentation Response -The VP Token contains a `DeviceResponse` CBOR structure as defined in ISO/IEC 18013-5:2021 or ISO/IEC 23220-4. `DeviceResponse` is included in the resulting VP Token and signs over the `SessionTranscript` profile defined in ISO/IEC TS 18013-7 and ISO/IEC 23220-4. +The VP Token contains a `DeviceResponse` CBOR structure as defined in ISO/IEC 18013-5:2021 or ISO/IEC 23220-4. `DeviceResponse` is included in the resulting VP Token and signs over the `SessionTranscript` profile defined in ISO/IEC TS 18013-7 [@ISO.18013-7] and ISO/IEC 23220-4 [@ISO.23220-4]. -See ISO/IEC TS 18013-7 or ISO/IEC 23220-4 for the latest examples on how to use the `presentation_submission` parameter for presenting Credentials in the mdoc format. +See ISO/IEC TS 18013-7 Annex B [@ISO.18013-7] and ISO/IEC 23220-4 Annex C [@ISO.23220-4] for the latest examples on how to use the `presentation_submission` parameter for presenting Credentials in the mdoc format. ## Combining this specification with SIOPv2 From ff0b20874e182fec1941c66abc0875ef1811e18d Mon Sep 17 00:00:00 2001 From: Oliver Terbu Date: Mon, 25 Mar 2024 14:06:23 +0100 Subject: [PATCH 05/10] fix: fixed title --- openid-4-verifiable-presentations-1_0.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/openid-4-verifiable-presentations-1_0.md b/openid-4-verifiable-presentations-1_0.md index 9d74b416..f6c8a839 100644 --- a/openid-4-verifiable-presentations-1_0.md +++ b/openid-4-verifiable-presentations-1_0.md @@ -1544,7 +1544,7 @@ The following is the content of the `presentation_definition` parameter: <{{examples/response/ac_vp_sd.json}} -## mdoc (ISO/IEC 18013 and ISO/IEC 23220) +## Mobile Documents or mdocs (ISO/IEC 18013 and ISO/IEC 23220) ISO/IEC 18013-5:2021 [@ISO.18013-5] defines a mobile driving license (mDL) Credential in the mobile document (mdoc) format. Although ISO/IEC 18013-5:2021 [@ISO.18013-5] is specific to mobile driving licenses (mDLs), the Credential format can be utilized with any type of Credential (or mdoc document types). The ISO/IEC 23220 series has extracted components from ISO/IEC 18013-5:2021 [@ISO.18013-5] and ISO/IEC TS 18013-7 [@ISO.18013-7] that are common across document types to facilitate the profiling of the specification for other document types. The core data structures are shared between ISO/IEC 18013-5:2021 [@ISO.18013-5], ISO/IEC 23220-2 [@ISO.23220-2], ISO/IEC 23220-4 [@ISO.23220-4] which are encoded in CBOR and secured using COSE_Sign1. From c00db376dcca917e0ee67f60c47392c9e7c776f8 Mon Sep 17 00:00:00 2001 From: Oliver Terbu Date: Mon, 25 Mar 2024 14:07:27 +0100 Subject: [PATCH 06/10] fix: minor nit --- openid-4-verifiable-presentations-1_0.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/openid-4-verifiable-presentations-1_0.md b/openid-4-verifiable-presentations-1_0.md index f6c8a839..6db3ce1d 100644 --- a/openid-4-verifiable-presentations-1_0.md +++ b/openid-4-verifiable-presentations-1_0.md @@ -1569,7 +1569,7 @@ See ISO/IEC TS 18013-7 Annex B [@ISO.18013-7] and ISO/IEC 23220-4 Annex C [@ISO. The VP Token contains a `DeviceResponse` CBOR structure as defined in ISO/IEC 18013-5:2021 or ISO/IEC 23220-4. `DeviceResponse` is included in the resulting VP Token and signs over the `SessionTranscript` profile defined in ISO/IEC TS 18013-7 [@ISO.18013-7] and ISO/IEC 23220-4 [@ISO.23220-4]. -See ISO/IEC TS 18013-7 Annex B [@ISO.18013-7] and ISO/IEC 23220-4 Annex C [@ISO.23220-4] for the latest examples on how to use the `presentation_submission` parameter for presenting Credentials in the mdoc format. +See ISO/IEC TS 18013-7 Annex B [@ISO.18013-7] and ISO/IEC 23220-4 Annex C [@ISO.23220-4] for the latest examples on how to use the `presentation_submission` parameter and how to generate the Authorizaton Response for presenting Credentials in the mdoc format. ## Combining this specification with SIOPv2 From 4106a1eba677b70cbd57117c99c5ccf19d7caa44 Mon Sep 17 00:00:00 2001 From: Oliver Terbu Date: Mon, 25 Mar 2024 16:27:26 +0100 Subject: [PATCH 07/10] fix: added b64url encoded language --- openid-4-verifiable-presentations-1_0.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/openid-4-verifiable-presentations-1_0.md b/openid-4-verifiable-presentations-1_0.md index 6db3ce1d..04db98c1 100644 --- a/openid-4-verifiable-presentations-1_0.md +++ b/openid-4-verifiable-presentations-1_0.md @@ -1567,7 +1567,7 @@ See ISO/IEC TS 18013-7 Annex B [@ISO.18013-7] and ISO/IEC 23220-4 Annex C [@ISO. ### Presentation Response -The VP Token contains a `DeviceResponse` CBOR structure as defined in ISO/IEC 18013-5:2021 or ISO/IEC 23220-4. `DeviceResponse` is included in the resulting VP Token and signs over the `SessionTranscript` profile defined in ISO/IEC TS 18013-7 [@ISO.18013-7] and ISO/IEC 23220-4 [@ISO.23220-4]. +The VP Token contains the base64url encoded `DeviceResponse` CBOR structure as defined in ISO/IEC 18013-5:2021 or ISO/IEC 23220-4. `DeviceResponse` signs over the `SessionTranscript` profile defined in ISO/IEC TS 18013-7 [@ISO.18013-7] and ISO/IEC 23220-4 [@ISO.23220-4]. See ISO/IEC TS 18013-7 Annex B [@ISO.18013-7] and ISO/IEC 23220-4 Annex C [@ISO.23220-4] for the latest examples on how to use the `presentation_submission` parameter and how to generate the Authorizaton Response for presenting Credentials in the mdoc format. From 3017024efda47681e74c3929125dc7b702742bdb Mon Sep 17 00:00:00 2001 From: Oliver Terbu Date: Thu, 28 Mar 2024 14:06:34 +0100 Subject: [PATCH 08/10] Applied Kristina's suggestion Co-authored-by: Kristina <52878547+Sakurann@users.noreply.github.com> --- openid-4-verifiable-presentations-1_0.md | 1 + 1 file changed, 1 insertion(+) diff --git a/openid-4-verifiable-presentations-1_0.md b/openid-4-verifiable-presentations-1_0.md index 04db98c1..a3742a14 100644 --- a/openid-4-verifiable-presentations-1_0.md +++ b/openid-4-verifiable-presentations-1_0.md @@ -1697,6 +1697,7 @@ The technology described in this specification was made available from contribut # Document History [[ To be removed from the final specification ]] + -21 * added references to ISO/IEC 23220 and 18013 documents From 44b734e94ee377d23b08d24310dcfdd86aac4e55 Mon Sep 17 00:00:00 2001 From: Oliver Terbu Date: Thu, 28 Mar 2024 14:06:40 +0100 Subject: [PATCH 09/10] Applied Kristina's suggestion Co-authored-by: Kristina <52878547+Sakurann@users.noreply.github.com> --- openid-4-verifiable-presentations-1_0.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/openid-4-verifiable-presentations-1_0.md b/openid-4-verifiable-presentations-1_0.md index a3742a14..a6db79ee 100644 --- a/openid-4-verifiable-presentations-1_0.md +++ b/openid-4-verifiable-presentations-1_0.md @@ -1544,7 +1544,7 @@ The following is the content of the `presentation_definition` parameter: <{{examples/response/ac_vp_sd.json}} -## Mobile Documents or mdocs (ISO/IEC 18013 and ISO/IEC 23220) +## Mobile Documents or mdocs (ISO/IEC 18013 and ISO/IEC 23220 series) ISO/IEC 18013-5:2021 [@ISO.18013-5] defines a mobile driving license (mDL) Credential in the mobile document (mdoc) format. Although ISO/IEC 18013-5:2021 [@ISO.18013-5] is specific to mobile driving licenses (mDLs), the Credential format can be utilized with any type of Credential (or mdoc document types). The ISO/IEC 23220 series has extracted components from ISO/IEC 18013-5:2021 [@ISO.18013-5] and ISO/IEC TS 18013-7 [@ISO.18013-7] that are common across document types to facilitate the profiling of the specification for other document types. The core data structures are shared between ISO/IEC 18013-5:2021 [@ISO.18013-5], ISO/IEC 23220-2 [@ISO.23220-2], ISO/IEC 23220-4 [@ISO.23220-4] which are encoded in CBOR and secured using COSE_Sign1. From 33db78d4e5dc1a334cdc9fcc4afcbd5ab6c0b432 Mon Sep 17 00:00:00 2001 From: Oliver Terbu Date: Thu, 28 Mar 2024 15:35:15 +0100 Subject: [PATCH 10/10] fix: fixes references; editorial changes --- openid-4-verifiable-presentations-1_0.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/openid-4-verifiable-presentations-1_0.md b/openid-4-verifiable-presentations-1_0.md index a6db79ee..f29a1e32 100644 --- a/openid-4-verifiable-presentations-1_0.md +++ b/openid-4-verifiable-presentations-1_0.md @@ -1557,7 +1557,7 @@ The profile includes the following elements: * Rules for the `presentation_definition` Authorization Request parameter. * Rules for the `presentation_submission` Authorization Response parameter. * Wallet invocation using the `mdoc-openid4vp://` custom URI scheme. -* Rules for the `SessionTranscript` CBOR structure (i.e., the `OID4VPHandover` CBOR structure) and guidelines on using OID4VP Authorization Request and Request Object parameters with the `SessionTranscript` CBOR structure as specified in ISO/IEC TS 18013-7 and ISO/IEC 23220-4. +* Defines the OID4VP-specific `Handover` CBOR structure and how OID4VP Authorization Request and Request Object parameters apply to the `SessionTranscript` CBOR structure and `DeviceResponse` CBOR structure as specified in ISO/IEC 18013-5 [@ISO.18013-5] and ISO/IEC 23220-4 [@ISO.23220-4]. * Required Wallet and Verifier Metadata parameters and their values. * Additional restrictions on Authorization Request and Authorization Response parameters to ensure compliance with ISO/IEC TS 18013-7 [@ISO.18013-7] and ISO/IEC 23220-4 [@ISO.23220-4]. For instance, to comply with ISO/IEC TS 18013-7 [@ISO.18013-7], only the same-device flow is supported, the `request_uri` Authorization Request parameter is required, and the Authorization Response has to be encrypted. @@ -1567,7 +1567,7 @@ See ISO/IEC TS 18013-7 Annex B [@ISO.18013-7] and ISO/IEC 23220-4 Annex C [@ISO. ### Presentation Response -The VP Token contains the base64url encoded `DeviceResponse` CBOR structure as defined in ISO/IEC 18013-5:2021 or ISO/IEC 23220-4. `DeviceResponse` signs over the `SessionTranscript` profile defined in ISO/IEC TS 18013-7 [@ISO.18013-7] and ISO/IEC 23220-4 [@ISO.23220-4]. +The VP Token contains the base64url encoded `DeviceResponse` CBOR structure as defined in ISO/IEC 18013-5 [@ISO.18013-5] or ISO/IEC 23220-4 [@ISO.23220-4]. Essentially, the `DeviceResponse` CBOR structure contains a signature or MAC over the `SessionTranscript` CBOR structure including the OID4VP-specific `Handover` CBOR structure. See ISO/IEC TS 18013-7 Annex B [@ISO.18013-7] and ISO/IEC 23220-4 Annex C [@ISO.23220-4] for the latest examples on how to use the `presentation_submission` parameter and how to generate the Authorizaton Response for presenting Credentials in the mdoc format.