Skip to content

Commit

Permalink
Script updating gh-pages from d9e263c. [ci skip]
Browse files Browse the repository at this point in the history
  • Loading branch information
ID Bot committed Sep 25, 2023
1 parent b0d9ded commit d5f309c
Show file tree
Hide file tree
Showing 2 changed files with 29 additions and 51 deletions.
54 changes: 16 additions & 38 deletions wallet-attestation/draft-oid4vc-haip-sd-jwt-vc.html
View file
Original file line number Diff line number Diff line change
Expand Up @@ -652,7 +652,7 @@
}
#toc nav li {
line-height: 1.3em;
margin: 0.75em 0;
margin: 2px 0;
padding-left: 1.2em;
text-indent: -1.2em;
}
Expand Down Expand Up @@ -745,7 +745,7 @@
z-index: 2;
top: 0;
right: 0;
padding: 0;
padding: 1px 0 0 0;
margin: 0;
border-bottom: 1px solid #ccc;
opacity: 0.6;
Expand Down Expand Up @@ -869,16 +869,13 @@
border-top: none;
padding-top: 0;
}
figure, pre {
figure, pre, .vcard {
page-break-inside: avoid;
}
figure {
overflow: scroll;
}
h1, h2, h3, h4, h5, h6 {
page-break-after: avoid;
}
h2+*, h3+*, h4+*, h5+*, h6+* {
:is(h2, h3, h4, h5, h6)+*, dd {
page-break-before: avoid;
}
pre {
Expand All @@ -892,6 +889,9 @@
td {
border-top: 1px solid #ddd;
}
.toplink {
display: none;
}
}

@page :first {
Expand Down Expand Up @@ -992,28 +992,6 @@
text-align: right;
}

/* Give the table caption label the same styling as the figcaption */

@media print {
.toplink {
display: none;
}

/* avoid overwriting the top border line with the ToC header */
#toc {
padding-top: 1px;
}

/* Avoid page breaks inside dl and author address entries */
dd {
page-break-before: avoid;
}
.vcard {
page-break-inside: avoid;
}

}

/* Dark mode. */
@media (prefers-color-scheme: dark) {
:root {
Expand Down Expand Up @@ -1065,7 +1043,7 @@
<dd class="workgroup">OpenID Connect</dd>
<dt class="label-published">Published:</dt>
<dd class="published">
<time datetime="2023-09-20" class="published">20 September 2023</time>
<time datetime="2023-09-25" class="published">25 September 2023</time>
</dd>
<dt class="label-authors">Authors:</dt>
<dd class="authors">
Expand Down Expand Up @@ -1393,7 +1371,7 @@ <h3 id="name-token-endpoint">
</li>
<li class="normal" id="section-4.3-1.3">Wallets MUST support deferred authorization by being able to process the Token error response parameters <code>authorization_pending</code> and <code>slow_down</code>, and the credential offer parameter <code>interval</code>.<a href="#section-4.3-1.3" class="pilcrow"></a>
</li>
<li class="normal" id="section-4.3-1.4">The wallet attestation JWT scheme is defined in <a href="#wallet-attestation-schema" class="auto internal xref">Section 4.3.1</a>.<a href="#section-4.3-1.4" class="pilcrow"></a>
<li class="normal" id="section-4.3-1.4">The Wallet Attestation JWT scheme is defined in <a href="#wallet-attestation-schema" class="auto internal xref">Section 4.3.1</a>.<a href="#section-4.3-1.4" class="pilcrow"></a>
</li>
</ul>
<p id="section-4.3-2">Note: It is RECOMMENDED to use ephemeral client attestation JWTs for client authentication in order to prevent linkability across Credential Issuers.<a href="#section-4.3-2" class="pilcrow"></a></p>
Expand All @@ -1407,16 +1385,16 @@ <h4 id="name-wallet-attestation-schema">
<p id="section-4.3.1-2">In addition to this definition, the Wallet Attestation MAY contain the following claims in the <code>cnf</code> element:<a href="#section-4.3.1-2" class="pilcrow"></a></p>
<ul class="normal">
<li class="normal" id="section-4.3.1-3.1">
<p id="section-4.3.1-3.1.1"><code>key_type</code>: OPTIONAL. JSON String that asserts the security mechanism the wallet uses to manage the private key associated with the public key given in the <code>cnf</code> claim. This mechanism is based on the capabilities of the execution environent of the wallet, this might be a secure element (in case of a wallet residing on a smartphone) or a Cloud-HSM (in case of a cloud wallet). This specification defines the following values for <code>key_type</code>:<a href="#section-4.3.1-3.1.1" class="pilcrow"></a></p>
<p id="section-4.3.1-3.1.1"><code>key_type</code>: OPTIONAL. JSON String that asserts the security mechanism the Wallet uses to manage the private key associated with the public key given in the <code>cnf</code> claim. This mechanism is based on the capabilities of the execution environent of the Wallet, this might be a secure element (in case of a wallet residing on a smartphone) or a Cloud-HSM (in case of a cloud Wallet). This specification defines the following values for <code>key_type</code>:<a href="#section-4.3.1-3.1.1" class="pilcrow"></a></p>
<ul class="normal">
<li class="normal" id="section-4.3.1-3.1.2.1">
<code>software</code>: It MUST be used when the wallet uses software-based key management.<a href="#section-4.3.1-3.1.2.1" class="pilcrow"></a>
<code>software</code>: It MUST be used when the Wallet uses software-based key management.<a href="#section-4.3.1-3.1.2.1" class="pilcrow"></a>
</li>
<li class="normal" id="section-4.3.1-3.1.2.2">
<code>hardware</code>: It MUST be used when the wallet uses hardware-based key management.<a href="#section-4.3.1-3.1.2.2" class="pilcrow"></a>
</li>
<li class="normal" id="section-4.3.1-3.1.2.3">
<code>tee</code>: It SHOULD be used when the wallet uses the Trusted Execution Environment for key management.<a href="#section-4.3.1-3.1.2.3" class="pilcrow"></a>
<code>tee</code>: It SHOULD be used when the Wallet uses the Trusted Execution Environment for key management.<a href="#section-4.3.1-3.1.2.3" class="pilcrow"></a>
</li>
<li class="normal" id="section-4.3.1-3.1.2.4">
<code>secure_enclave</code>: It SHOULD be used when the Wallet uses the Secure Enclave for key management.<a href="#section-4.3.1-3.1.2.4" class="pilcrow"></a>
Expand All @@ -1428,22 +1406,22 @@ <h4 id="name-wallet-attestation-schema">
<code>secure_element</code>: It SHOULD be used when the Wallet uses a Secure Element for key management.<a href="#section-4.3.1-3.1.2.6" class="pilcrow"></a>
</li>
<li class="normal" id="section-4.3.1-3.1.2.7">
<code>hsm</code>: It SHOULD be used when the wallet uses Hardware Security Module (HSM).<a href="#section-4.3.1-3.1.2.7" class="pilcrow"></a>
<code>hsm</code>: It SHOULD be used when the Wallet uses Hardware Security Module (HSM).<a href="#section-4.3.1-3.1.2.7" class="pilcrow"></a>
</li>
</ul>
</li>
<li class="normal" id="section-4.3.1-3.2">
<code>user_authentication</code>: OPTIONAL. JSON String that asserts the security mechanism the wallet uses to authenticate access to the private key associated with the public key given in the <code>cnf</code> claim. This specification defines the following values for <code>user_authentication</code>: <code>System-Biometry</code>, <code>System-PIN</code>, <code>Internal-Biometry</code>, <code>Internal-PIN</code>, and <code>SecureElement-PIN</code>.<a href="#section-4.3.1-3.2" class="pilcrow"></a>
<code>user_authentication</code>: OPTIONAL. JSON String that asserts the security mechanism the Wallet uses to authenticate access to the private key associated with the public key given in the <code>cnf</code> claim. This specification defines the following values for <code>user_authentication</code>: <code>system_biometry</code>, <code>system_pin</code>, <code>internal_biometry</code>, <code>internal_pin</code>, and <code>secureelement_pin</code>.<a href="#section-4.3.1-3.2" class="pilcrow"></a>
</li>
</ul>
<p id="section-4.3.1-4">The Wallet Attestation MAY also contain the following claim:<a href="#section-4.3.1-4" class="pilcrow"></a></p>
<ul class="normal">
<li class="normal" id="section-4.3.1-5.1">
<code>aal</code>: OPTIONAL. JSON String asserting the authentication level of the wallet and the key as asserted in the <code>cnf</code> claim.<a href="#section-4.3.1-5.1" class="pilcrow"></a>
<code>aal</code>: OPTIONAL. JSON String asserting the authentication level of the Wallet and the key as asserted in the <code>cnf</code> claim.<a href="#section-4.3.1-5.1" class="pilcrow"></a>
</li>
</ul>
<p id="section-4.3.1-6">To obtain the issuer's Public key for verification, wallet attestions MUST support web-based key resolution as defined in Section 5 of <span>[<a href="#I-D.terbu-sd-jwt-vc" class="cite xref">I-D.terbu-sd-jwt-vc</a>]</span>. The JOSE header <code>kid</code> MUST be used to identify the respective key.<a href="#section-4.3.1-6" class="pilcrow"></a></p>
<p id="section-4.3.1-7">This is an example of a wallet attestation:<a href="#section-4.3.1-7" class="pilcrow"></a></p>
<p id="section-4.3.1-7">This is an example of a Wallet Instance Attestation:<a href="#section-4.3.1-7" class="pilcrow"></a></p>
<div class="lang-json sourcecode" id="section-4.3.1-8">
<pre>{
"typ": "wallet-attestation+jwt",
Expand Down
26 changes: 13 additions & 13 deletions wallet-attestation/draft-oid4vc-haip-sd-jwt-vc.txt
View file
Original file line number Diff line number Diff line change
Expand Up @@ -6,7 +6,7 @@ OpenID Connect K. Yasuda
Microsoft
T. Lodderstedt
yes.com
20 September 2023
25 September 2023


OpenID4VC High Assurance Interoperability Profile with SD-JWT VC
Expand Down Expand Up @@ -245,7 +245,7 @@ Table of Contents
process the Token error response parameters authorization_pending
and slow_down, and the credential offer parameter interval.

* The wallet attestation JWT scheme is defined in Section 4.3.1.
* The Wallet Attestation JWT scheme is defined in Section 4.3.1.

Note: It is RECOMMENDED to use ephemeral client attestation JWTs for
client authentication in order to prevent linkability across
Expand All @@ -266,21 +266,21 @@ Table of Contents
the following claims in the cnf element:

* key_type: OPTIONAL. JSON String that asserts the security
mechanism the wallet uses to manage the private key associated
mechanism the Wallet uses to manage the private key associated
with the public key given in the cnf claim. This mechanism is
based on the capabilities of the execution environent of the
wallet, this might be a secure element (in case of a wallet
Wallet, this might be a secure element (in case of a wallet
residing on a smartphone) or a Cloud-HSM (in case of a cloud
wallet). This specification defines the following values for
Wallet). This specification defines the following values for
key_type:

- software: It MUST be used when the wallet uses software-based
- software: It MUST be used when the Wallet uses software-based
key management.

- hardware: It MUST be used when the wallet uses hardware-based
key management.

- tee: It SHOULD be used when the wallet uses the Trusted
- tee: It SHOULD be used when the Wallet uses the Trusted
Execution Environment for key management.

- secure_enclave: It SHOULD be used when the Wallet uses the
Expand All @@ -292,27 +292,27 @@ Table of Contents
- secure_element: It SHOULD be used when the Wallet uses a Secure
Element for key management.

- hsm: It SHOULD be used when the wallet uses Hardware Security
- hsm: It SHOULD be used when the Wallet uses Hardware Security
Module (HSM).

* user_authentication: OPTIONAL. JSON String that asserts the
security mechanism the wallet uses to authenticate access to the
security mechanism the Wallet uses to authenticate access to the
private key associated with the public key given in the cnf claim.
This specification defines the following values for
user_authentication: System-Biometry, System-PIN, Internal-
Biometry, Internal-PIN, and SecureElement-PIN.
user_authentication: system_biometry, system_pin,
internal_biometry, internal_pin, and secureelement_pin.

The Wallet Attestation MAY also contain the following claim:

* aal: OPTIONAL. JSON String asserting the authentication level of
the wallet and the key as asserted in the cnf claim.
the Wallet and the key as asserted in the cnf claim.

To obtain the issuer's Public key for verification, wallet attestions
MUST support web-based key resolution as defined in Section 5 of
[I-D.terbu-sd-jwt-vc]. The JOSE header kid MUST be used to identify
the respective key.

This is an example of a wallet attestation:
This is an example of a Wallet Instance Attestation:

{
"typ": "wallet-attestation+jwt",
Expand Down

0 comments on commit d5f309c

Please sign in to comment.