diff --git a/content/v3.4.0/assets/android-chrome-192x192.png b/content/v3.4.0/assets/android-chrome-192x192.png new file mode 100644 index 0000000..9090756 Binary files /dev/null and b/content/v3.4.0/assets/android-chrome-192x192.png differ diff --git a/content/v3.4.0/assets/android-chrome-256x256.png b/content/v3.4.0/assets/android-chrome-256x256.png new file mode 100644 index 0000000..b8f1c85 Binary files /dev/null and b/content/v3.4.0/assets/android-chrome-256x256.png differ diff --git a/content/v3.4.0/assets/apple-touch-icon.png b/content/v3.4.0/assets/apple-touch-icon.png new file mode 100644 index 0000000..d69f9b3 Binary files /dev/null and b/content/v3.4.0/assets/apple-touch-icon.png differ diff --git a/content/v3.4.0/assets/browserconfig.xml b/content/v3.4.0/assets/browserconfig.xml new file mode 100644 index 0000000..b3930d0 --- /dev/null +++ b/content/v3.4.0/assets/browserconfig.xml @@ -0,0 +1,9 @@ + + + + + + #da532c + + + diff --git a/content/v3.4.0/assets/didcomm.png b/content/v3.4.0/assets/didcomm.png new file mode 100644 index 0000000..3925632 Binary files /dev/null and b/content/v3.4.0/assets/didcomm.png differ diff --git a/content/v3.4.0/assets/favicon-16x16.png b/content/v3.4.0/assets/favicon-16x16.png new file mode 100644 index 0000000..51ad91e Binary files /dev/null and b/content/v3.4.0/assets/favicon-16x16.png differ diff --git a/content/v3.4.0/assets/favicon-32x32.png b/content/v3.4.0/assets/favicon-32x32.png new file mode 100644 index 0000000..1431d4d Binary files /dev/null and b/content/v3.4.0/assets/favicon-32x32.png differ diff --git a/content/v3.4.0/assets/favicon.ico b/content/v3.4.0/assets/favicon.ico new file mode 100644 index 0000000..766ad56 Binary files /dev/null and b/content/v3.4.0/assets/favicon.ico differ diff --git a/content/v3.4.0/assets/mstile-150x150.png b/content/v3.4.0/assets/mstile-150x150.png new file mode 100644 index 0000000..d61c57c Binary files /dev/null and b/content/v3.4.0/assets/mstile-150x150.png differ diff --git a/content/v3.4.0/assets/oci-logo.png b/content/v3.4.0/assets/oci-logo.png new file mode 100644 index 0000000..1a1ea57 Binary files /dev/null and b/content/v3.4.0/assets/oci-logo.png differ diff --git a/content/v3.4.0/assets/safari-pinned-tab.svg b/content/v3.4.0/assets/safari-pinned-tab.svg new file mode 100644 index 0000000..11e381e --- /dev/null +++ b/content/v3.4.0/assets/safari-pinned-tab.svg @@ -0,0 +1,25 @@ + + + + +Created by potrace 1.14, written by Peter Selinger 2001-2017 + + + + + + diff --git a/content/v3.4.0/assets/site.webmanifest b/content/v3.4.0/assets/site.webmanifest new file mode 100644 index 0000000..de65106 --- /dev/null +++ b/content/v3.4.0/assets/site.webmanifest @@ -0,0 +1,19 @@ +{ + "name": "", + "short_name": "", + "icons": [ + { + "src": "/android-chrome-192x192.png", + "sizes": "192x192", + "type": "image/png" + }, + { + "src": "/android-chrome-256x256.png", + "sizes": "256x256", + "type": "image/png" + } + ], + "theme_color": "#ffffff", + "background_color": "#ffffff", + "display": "standalone" +} diff --git a/content/v3.4.0/assets/wallets.png b/content/v3.4.0/assets/wallets.png new file mode 100644 index 0000000..46d36fc Binary files /dev/null and b/content/v3.4.0/assets/wallets.png differ diff --git a/content/v3.4.0/index.html b/content/v3.4.0/index.html new file mode 100644 index 0000000..4e281fd --- /dev/null +++ b/content/v3.4.0/index.html @@ -0,0 +1,2404 @@ + + + + + + + + + + + + + + + Digital Wallet Conformance Criteria +

v3.4.0

+ + + + + + + + + +
+

Status of this Document

+

+ This section describes the status of this document at the time of its + publication. Other documents may supersede this document. +

+

+ This is a living document developed by OCl's Founding Members with input + from other OCI Charter Members, DSCSA Trading Partners, Authorities, Solution + Providers, Associations, Standards Bodies and others interested in + implementing and contributing to the betterment of the W3C Verifiable + Credentials architecture piloted by the DSCSA ATP Pilot. It is + anticipated that the contents of this document will be reviewed and + updated to address feedback related to compliance, business operations, + W3C and GS1 Standards, interoperability, changing legislation, + regulations, and policy. +

+
+ +
+

+ The purpose of this document is to clearly outline the conformance criteria for service providers who wish to be + recognized by the Open Credentialing Initiative (OCI) as Digital Wallet providers. +

+
+ +
+

Introduction

+
+

Intended Audience

+

+ The publication is intended for Digital Wallet implementers or service providers who wish to be recognized by + the Open Credentialing Initiative (OCI) as Digital Wallet Providers in the OCI interoperable environment. +

+ This document specifies the Conformance Criteria for a Digital Wallet Provider. It includes definitions + of key terms and concepts, W3C standards requirements, technical wallet implementation requirements, and requirements + for integration with VRS providers. For a general introduction to OCI, please refer to our Getting Started guide or the Open Credentialing Initiative website. +

+
+
+

Purpose of Digital Wallet

+

+ The dark side of the digital world is professionalizing its malicious activities at an amazing speed, launching + sophisticated cyberattacks to compromise endpoints and sell stolen access credentials through Initial Access + Brokers to others who then launch ransomware attacks on (supply chain) systems or steal, sell and manipulate + internal information. The biggest struggle for API security lies with the building blocks of authentication and + authorization. This thread has grown in importance with APIs' increased access to critical data in the US Pharma + supply chain. +

+

+ OCI leverages decentralized public key infrastructure (PKI) and credentials to protect Product Identifier + (PI) + verification API calls by providing tools to sign PI verification request and response messages while + blending + these messages with Stakeholder credentials. With these tools in place, a responder API can check the + counterparty’s ATP + license status (or equivalent) prior to responding to a PI verification call. As a result, only authorized parties with + valid + Stakeholder credentials will receive a response. OCI applies the same mechanism for the verification of the + response + origin. +

+

+ Digital Wallet infrastructure is used to protect the private key, acquire, store and exchange credentials + of a + given supply chain actor. As these wallets are integrated with the GS1 Lightweight Messaging Standard for + Verification of Product Identifiers and VRS infrastructure, they allow a US DSCSA-compliant implementation of + the ATP and related regulatory requirements. Decentralized PKI mechanisms of the system are designed to mitigate + reuse of + API access credentials, which further contributes to improved security. +

+
+
+

Purpose of Conformance Criteria

+

+ The primary purpose of this publication is to communicate Conformance Criteria. Conformance Criteria establish + the trusted processes that are to be followed for an organization to be recognized and accepted by OCI as a + Digital Wallet provider. This ensures interoperability among all OCI-compliant service providers. +

+

Adherence is important for: +

+ +
+
+

Keywords

+

+ The following keywords indicate the precedence and general rigidity of + a given conformance criterion, and are to be interpreted as: +

+
  • + SHALL and SHALL NOT indicate strict requirements from which no + deviation is permitted. +
  • +
  • + SHOULD and SHOULD NOT indicate preferred approaches; among several + possibilities one is recommended as particularly suitable, without + mentioning or excluding others, but is not necessarily required, or + that (in the negative form) a certain course of action is discouraged + but not prohibited. +
  • +
  • + MAY and NEED NOT indicate possible and permissible approaches that are + not necessarily preferred. +
  • +
  • + CAN and CANNOT indicate a capability, whether material, physical or + causal or, in the negative, the absence of that capability. +
  • + Keywords appear in bold and ALL CAPS in the Conformance Criteria. The key words MAY, + RECOMMENDED, REQUIRED, + OPTIONAL, SHALL, SHALL NOT, SHOULD, and SHOULD NOT in this document are to be + interpreted as described in BCP 14 + [[RFC2119]] [[RFC8174]] when, and only when, they appear in all capitals. +
    +
    +

    Terms and Abbreviations

    +

    + The following terms and abbreviations appear throughout this Digital Wallet Conformance Criteria: +

    + +
    +
    + +
    +

    CONFORMANCE THROUGH RECOGNIZED STANDARDS

    +

    + Digital Wallet Providers desiring to participate in DSCSA initiatives that were designed, tested, and proven by + OCI can begin by understanding and embracing the underlying open standards for decentralized identifiers (W3C), Verifiable Credentials (W3C), well-known standards (IETF), protocol standards (Hyperledger, Decentralized Identity Foundation), and Lightweight Messaging Standard (GS1). These standards serve as anchoring points for OCI to + establish an identity ecosystem that is fit for purpose. +

    +
    +

    W3C Standards for Decentralized Identifier & Verifiable Credentials

    +

    + The World Wide Web Consortium (W3C) is an international community where member organizations, full-time staff, + and the public work together to develop Web standards. One of the many standards put forth by the consortium + establishes generally accepted specifications for decentralized identifiers (DIDs) for Verifiable Credentials + (VCs). +

    +

    + The abstract from the W3C website Verifiable Credentials Data Model page states: +

    +
    + “Decentralized identifiers (DIDs) are a new type of identifier that enables verifiable, decentralized digital + identity. A DID refers to any subject (e.g., a person, organization, thing, data model, abstract entity, etc.) + as determined by the controller of the DID. In contrast to typical, federated identifiers, DIDs have been + designed so that they may be decoupled from centralized registries, identity providers, and certificate + authorities. Specifically, while other parties might be used to help enable the discovery of information related + to a DID, the design enables the controller of a DID to prove control over it without requiring permission from + any other party. DIDs are URIs that associate a DID subject with a DID document allowing trustable interactions + associated with that subject.

    + Each DID document can express cryptographic material, verification methods, or services, which provide a set of + mechanisms enabling a DID controller to prove control of the DID. Services enable trusted interactions + associated with the DID subject. A DID might provide the means to return the DID subject itself, if the DID + subject is an information resource such as a data model. This document specifies the DID syntax, a common data + model, core properties, serialized representations, DID operations, and an explanation of the process of + resolving DIDs to the resources that they represent.” +
    +

    For more information, please visit the Decentralized Identifiers + page on the W3C website.

    +

    + The abstract from the W3C website Verifiable Credentials Data Model page states: +

    +
    + “Credentials are a part of our daily lives; driver's licenses are used to assert that we are capable of + operating a motor vehicle, university degrees can be used to assert our level of education, and + government-issued passports enable us to travel between countries. This specification provides a mechanism to + express these sorts of credentials on the Web in a way that is cryptographically secure, privacy respecting, and + machine-verifiable.” +
    +

    + For more information, please visit the Verifiable Credentials + page on the W3C website. +

    +
    +
    + +
    +

    TECHNOLOGY CONFORMANCE CRITERIA

    +

    + To establish trust, verifiability, and auditability among the trading partners involved in the OCI ecosystem, an + open, interoperable, portable, standards-based, decentralized identity framework is essential. +

    +

    + OCI uses decentralized public key infrastructure (PKI) technology for Digital Wallets and for + electronically + signed Verifiable Credentials about the enterprises involved in the ATP verification process. +

    +

    + The OCI conformance criteria are based on a set of identity standards (W3C standards, IETF standards, Hyperledger Aries), open API standards, and existing industry standards for PI message exchange (GS1 Lightweight + Messaging Standard for Verification of Product Identifiers). +

    +

    + It shall be noted that the OCI Digital Wallet Conformance Criteria distinguishes between Cloud- and Edge + wallets + as + illustrated below. +

    + +

    This diagram shows the basic differences between edge and Cloud wallet implementations. While public keys + and + other data are stored on the cloud, the private keys of Trading Partners and Credential Issuers may be located + either on a local edge device, or managed by a (Cloud wallet) provider. Interoperability occurs at the level of + Verifiable Presentations created and exchanged between wallets. Where potential interoperability between multiple + Wallet Providers and Credential Issuers is desired, the OCI Digital Wallet Conformance Criteria include specific + DIDcomm requirements. +

    +
    +

    Digital Wallet Standards

    +

    The following is a high-level overview of the technologies used by Digital Wallet providers as part of this specification:

    + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
    ComponentRealization and References
    IdentifiersW3C Decentralized Identifiers (DIDs) v1.0 (W3C DIDs)
    Endorsed DID MethodsUse of DID methods endorsed by OCI
    DID ResolutionDID resolution using means permissible by OCI
    Trusted Credential Issuer RegistryRegistry for vetted, trusted Credential Issuer maintained by OCI
    Credential StructureBased on W3C Verifiable Credentials Data Model 1.0 (W3C VCs)
    Credential Serialization & SchemasOCI Credential Schema Definition (OCI Credential Schemas)
    Proofs & VerificationsCryptographic primitives used for VC creation/verification, JWT creation/verification and wallet-to-wallet + communication.
    Credential Issuance & Exchange +

    Hyperledger Aries RFCs.

    + +

    Decentralized Identity Foundation specs.

    + +
    Revocation + Directory Service (LDAP) based mechanism for revoking Verifiable Credentials (vc-status-2021-ldap) +
    +
    +

    Identifiers for Enterprise Identity

    +

    + A DID is a globally unique and location-independent identifier defined by the W3C DID + specification. DIDs enable interoperable decentralized self-sovereign identity management using standardized + Digital Wallets. +

    +

    + Digital Wallet Providers SHALL implement DIDs as cryptographic identifiers and SHALL follow the specification on how DID documents are created and used. +

    +

    DID documents have the following characteristics:

    +
      +
    • DID documents contain information associated with a DID.
    • +
    • They express verification methods, such as cryptographic public keys, and services relevant to + interactions with the DID subject (wallet-to-wallet communication). +
    • +
    • The properties present in a DID document and applicable operations to update these properties are + described in DID methods. +
    • +
    +

    + DID methods are the mechanism by which a particular type of DID and its associated DID + document are created, + resolved, updated, and deactivated. DID methods are defined using separate DID method + specifications as + described in the following chapter. +

    +
    +
    +

    Endorsed DID Methods

    +

    + To be resolvable to DID documents, DIDs are typically recorded on an underlying system or network of some kind. Regardless of the specific technology used, any such system that facilitates the creation, verification, + updating, and/or deactivation of decentralized identifiers and DID documents is called a verifiable + data registry (VDR). +

    +

    + There are multiple VDRs used in today’s DID implementations that support different security protocols, + discoverability, and linkage to existing trust networks. To avoid complexity and enable interoperability, OCI + endorses selected DID methods. +

    +

    + Digital Wallet Providers SHALL support the resolving of all DID methods endorsed by OCI, and SHALL implement + at least one such DID method, i.e. create and maintain the resulting DIDs. OCI endorses the following DID methods: +

    + + + + + + + + + + + + + + + + + + + +
    #DID MethodReferenceVDR
    1did:ethrdid:ethr + Method SpecificationEthereum Mainnet
    2did:webdid:web Method SpecificationSecure data store maintained by the implementer
    +
    +

    Securing did:web

    +

    + Implementers of the DID method SHALL implement measures to cover the security and privacy + considerations outlined in the + + did:web method specification. + This includes possible attack vectors for man-in-the-middle attacks, DNS record spoofing, DID + document integrity, and in-transit security. Providers of did:web VDRs SHALL not correlate usage + of another subjects DID during resolution for credential verification for privacy reasons. +

    +

    + Due to the centralized nature of this DID method, implementors SHALL make sure that the VDR + is highly available and resilient to availability attacks. If DID resolutions fails, digital wallets + are unable to verify credentials and trading partner ATP statuses. +

    +
    +
    +

    Securing did:ethr

    +

    + Implementers of the DID method SHALL implement measures to cover common security attacks. This + includes private key hijacking on the wallet, man-in-the-middle attacks, and in-transit security while + communicating with an Ethereum node. Self-hosted or OCI-owned Ethereum nodes SHOULD be used to mitigate + some of those attack vectors. Enterprise-grade blockchain infrastructure-as-a-service platforms MAY be used. +

    +

    Due to DID document related metadata being persisted on the Ethereum-blockchain, measures to make the + DID document generally available NEED NOT to be employed.

    +
    +
    +
    +

    DID Resolution

    +

    + Digital Wallet Providers SHALL integrate DID resolver functionality for resolving DID documents. The + DID resolver SHALL support all DID methods endorsed by OCI. It SHALL be a + trusted open source DID resolver with broad community participation (e.g. DIF Universal Resolver, Veramo, or + DIDKit) vetted against the non-functional conformance criteria outlined in this document. Wallet providers SHALL NOT use public instances of resolvers, instead using their own implementations. +

    +
    +
    +

    Trusted Credential Issuer Registry

    +

    + To enable Digital Wallet Providers to accept credentials issued from a vetted Credential Issuer only, OCI + maintains a Trusted Credential Issuer registry. Digital Wallet Providers SHALL be able to process and verify credentials issued by any vetted + Credential Issuer that is endorsed via the OCI registry. +

    +

    + The trust placed in Credential Issuers is a key aspect of the OCI ecosystem. In order to + ensure that this key role is not exploited, the trust is anchored + in a decentralized and cryptographically verifiable way. The crucial information of which issuers, who have satisfied OCI’s Credential Issuer Conformance Criteria, are to be trusted is stored in the Trusted Issuer Registry, which is managed through Ethereum Smart Contracts. +

    +

    + OCI maintains multiple versions of the Trusted Issuer Registry for production and demo/testing purposes. + You can find the deployed contracts at these addresses: +

    + +

    + The development environments are deployed on an Ethereum test network. STK-INT mirrors the production + environment and should only be used for testing purposes by approved OCI statekeepers. WLT-INT should be used + only by OCI digital wallets for testing purposes without voting processes. PBL-INT is generally open without + any restrictions to make quick testing easy. +

    +

    In addition to readily deployed versions of the contracts, OCI has also published the source code as well as + implementation guidelines on GitHub: Trusted Issuer Registry. +

    +
    +

    Verifying the Credential Issuer

    +

    + At each generation and verification of a Verifiable Presentation, a Digital Wallet SHALL check if the respective Verifiable + Credential has indeed been issued by a Trusted Issuer. To accomplish this, a wallet SHALL + call one of the following contract method signatures to verify the status of the Credential Issuer: +

    +
      +
    • + Retrieve the full list of all Trusted Issuer DIDs. +
        +
      • + Signature: + + function getTrustedIssuers() public view returns (string[] memory) + +
      • +
      • + Returns a string array: + + ["did:ethr:0xf3beac30c498d9e26865f34fcaa57dbb935b0d74", "did:web:example.com", "did:key:0c498d9e26865f34fcaa50c498d9e26865f34fcaa5"] + +
      • +
      +
    • +
    • + Retrieve the Trusted Issuer status of given a supplied DID. +
        +
      • + Signature: + + function isTrustedIssuer(string memory _DID) public view returns (bool) + +
      • +
      • + Returns a boolean: + + true/false + +
      • +
      +
    • +
    +

    + A Digital Wallet MAY also subscribe to changes on the Trusted Issuer Registry by listening to events emitted + by the contract. This way, the wallet can be notified of changes to the Trusted Issuer Registry and update + its local state accordingly. +

    +

    + By deriving this information from the contract, the Digital Wallet SHALL check that the issuer stated within the claims of the respective + Stakeholder credential matches one of those trusted issuers recorded in the Trusted Issuer Registry. +

    +

    + The Digital Wallet SHALL have measures in place to request other Ethereum nodes in case the requested node is down or does + not respond in a reasonable amount of time. +

    +
    +
    +
    +

    Credential Structure

    +

    + Working groups at the W3C author, host, and maintain the W3C + Verifiable Credential Data Model specification. + The structure of a VC is an important component of interoperability. +

    +

    + OCI relies on an implementation of a common standard for the credential structure. Digital Wallet Providers + SHALL implement Verifiable Credential Data Model 1.0. +

    +
    +
    +

    Credential Serialization & Schemas

    +

    + Credentials that are issued by the Credential Issuer are created in accordance with the W3C JSON-LD format for + schema serialization. To ensure processing, validation, and interpretation of Verifiable Credentials by + different implementers, JSON-LD schemas for identity and Stakeholder credentials are introduced. Digital + Wallet + Providers SHALL support the JSON-LD format and SHALL support JSON-LD schema validation. +

    +

    + The Digital Wallet provider SHALL have mechanisms in place to support multiple valid versions of + credential + schemas endorsed and published by OCI. Such a mechanism will allow handling transition periods when new + credential schema versions are released and the industry has to adopt changes to schemas. It shall be + understood that there can be multiple schema versions active, decommissioned, and revised versions can have an + expiration date. Decommissioned schema versions SHALL return an error by the ATP credential + verification API. +

    +

    + OCI documents and publishes approved (active), revised, and decommissioned versions of the + Identity and Stakeholder credential schemas on https://open-credentialing-initiative.github.io/schemas/. +

    +

    + Digital Wallet Providers SHALL support the OCI approved credential schema for processing, validation, and interpretation that are published on the OCI + Github for: +

    + +

    + Digital Wallet Providers SHALL be capable of managing the Identity Credential, and of managing at least one of the three Stakeholder Credential types indicated above. +

    +
    +
    +

    Proofs & Verifications

    +

    + Electronic signatures are captured in three places during a digital transaction to verify its authorization. + The Digital Wallet Provider SHALL implement the following signature suites and algorithms for signing + and + verification: +

    + + + + + + + + + + + + + + + + + + + + + + + + + +
    #Signing EntityUse CasesProof and Verification
    1Credential Issuer: Credential Issuance +

    + Issuance of a Verifiable Credential from Credential Issuer’s wallet to a Trading Partner’s wallet via + DIDComm protocol. +

    +
      +
    1. + Verifiable Credential of “Identity Credential” type +
    2. +
    3. + Verifiable Credential of one of the three DSCSA Stakeholder types +
    4. +
    +
    +

    + Verifiable Credential’s proof SHALL be generated and verified in conformance with + Ed25519Signature2018 + or + + EcdsaSecp256k1RecoverySignature2020. +

    +
    2Trading Partner: ATP PI Verify Workflow + Generation and Verification of a Verifiable Presentation that proves the possession of “DSCSA ATP + Credential” in the context of the GS1 Lightweight Messaging Standard. + + Verifiable Presentations SHALL be encoded as JSON Web Tokens [[RFC7519]] per vc-data-model and signed using + JSON Web Algorithm ES256K and verified accordingly. See [[RFC7518]] Section 3 for more information + on the + ES256K Digital Signature. +
    3Trading Partner: Direct Presentation Exchange +

    + Presentation of a Verifiable Presentation between Stakeholder wallets or from Stakeholder’s + wallet to Credential Issuer’s wallet via DIDComm protocol. +

    +
      +
    1. + Verifiable Presentation that holds “Identity Credential” +
    2. +
    3. + Verifiable Presentation that holds one of the three Stakeholder credential types +
    4. +
    +
    + Verifiable Presentation’s proof SHALL be generated and verified in conformance with JSON Web Signature 2020 Linked-Data Signature Suite. +
    +
    +
    +

    Credential Issuance & Exchange

    +

    + Communication between Credential Issuer’s Digital Wallet and Stakeholder’s Digital Wallet or + between trading parties for the exchange of credentials may be required to issue and exchange credentials. +

    +
    +

    DIDComm

    +

    + The DIDComm Messaging Specification is a secure method for credential issuance based on a set of + interoperable and DID method-agnostic Aries RFCs are working items of the Hyperledger and + Decentralized + Identity Foundation (DIF) that define technical standards specifications. It may be used to support + wallet-to-wallet communication between organizations (e.g. Credential Issuer and Digital Wallet + Provider), + or facilitate secure message exchange within an organization. +

    +

    + Digital Wallet Providers SHALL implement DIDComm capabilities to meet the functional requirements outlined + in the OCI Digital Wallet Conformance Criteria. +

    +

    + This high-level chart may be used as guidance for the subject workflow for credential issuance and exchange. +

    + +

    + Beyond this, the DSCSA Stakeholder SHOULD be able to exchange Verifiable Presentations of their Identity + Credentials with other Stakeholders using DIDComm. This is important when a trading partner receives a + Stakeholder Credential from a previously unknown trading partner and wishes to request the + corresponding Identity + Credential. Having established a trusted communication channel between Stakeholder wallets, + future use + cases that require exchanging credentials can be facilitated more easily. +

    + + + + + + + + + + + + + + + + +
    #Specification SourceSpecifications
    1Hyperledger Aries RFCs + +
    2Decentralized Identity Foundation Specifications + +
    +
    +

    + Note: OCI has not yet standardized direct wallet-to-wallet communication. This is an overview of + technologies OCI expects to be used for direct wallet-to-wallet communication in the near future. + Refer to the OCI Conformance Program + for more details. +

    +
    +
    +
    +
    +

    Credential Revocation

    +

    + OCI supports a revocation management method based on LDAP Credential Revocation Lists. Consequently, Digital Wallet Providers SHALL implement API calls to the LDAP server(s) of the Credential Issuer(s) to check the revocation status for determining whether a Verifiable Credential has been revoked. +

    +

    + A Digital Wallet Provider MAY implement a caching mechanism for Credential revocation data to + cache LDAP data for up to 24 hours. +

    +

    + It shall be understood that existing cached data can be used when the Revocation List is not available + for an update of the local cache due to a technical downtime. A Digital Wallet Provider SHALL store + communication request data when the Revocation List is not available to establish an audit trail. Revocation + data older than 24 hours SHALL be considered invalid and result in a failed credential verification. +

    +

    + To mitigate man-in-the-middle attack vectors, Digital Wallet Providers SHALL implement + LDAPS, which is LDAP secured by communication over Transport Layer Security (TLS) protocol. +

    +
    +
    +
    +

    Cloud Wallet Interfaces and OpenAPI Integration

    +

    + OCI wallet providers that provide a cloud wallet SHALL implement the interfaces and Open API integration defined + below. +

    + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
    IDSpecification SourceBidirectional Communication
    IF001Interface for Human UsersDigital Wallet Solution ⬄ Wallet Administrator
    IF002API Integration with VRS ProviderDigital Wallet Solution ⬄ VRS Provider
    IF003API Integration with Revocation DBDigital Wallet Solution ⬄ Revocation DB of Credential Issuer
    IF004API Integration with VDRDigital Wallet Solution ⬄ Verifiable Data Registry (VDR)
    IF005API Integration with Credential IssuerDigital Wallet Solution ⬄ Credential Issuer
    + +
    +
    + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
    IDIF001
    DescriptionInterface for Human Users
    TypeManual interface, Connection: HTTPS
    Information Flow DirectionBidirectional: Human User ⬄ Enterprise Digital Wallet
    Input DataEnterprise Digital Wallet Administration Data, User and Role Management Data, Onboarding Data for + Credential acquisition +
    Output DataStakeholder Monitoring Data (list of connections with Stakeholder counterparties, identity credentials of Stakeholder + counterparties, status of VPs, Stakeholder validation of individual PI verify requests), Wallet + Administration Data + (users and roles, my company/organization identity and Stakeholder credentials).
    + +
    +
    + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
    IDIF002
    DescriptionAPI Integration with VRS Provider, API Interface for creating and verifying Stakeholder Credential Presentations +
    OpenAPI Specificationhttps://open-credentialing-initiative.github.io/api-specifications/v2.0.0/#/VerifiablePresentation/postVerfiablePresentationVerification> +
    TypeREST API, authentication via OAuth2.0 bearer token, Encryption: SSL TLS v1.2+, Connection: REST on HTTPS +
    Information Flow DirectionBidirectional, VRS ⬄ Enterprise Digital Wallet
    Input DataRequest creation of Stakeholder Credential Presentation, Verify Stakeholder Credential Presentation
    Output DataStakeholder Credential Presentation (JWT), Stakeholder credential presentation verification response.
    + +
    +
    + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
    IDIF003
    DescriptionAPI Integration with Credential Issuer Revocation Database
    Specificationhttps://spherity.github.io/vc-status-2021-ldap/ +
    TypeREST API, public API with no authentication, Encryption: SSL TLS v1.2+, Connection: REST on HTTPS
    Information Flow DirectionBidirectional, Credential Issuer Revocation DB ⬄ Enterprise Digital Wallet
    Input DataRequest VC revocation status
    Output DataResponse VC revocation status
    + +
    +
    + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
    IDIF004
    DescriptionDID Transactions with DID Registry on Public Ledger, DID document read transactions + via a universal + resolver
    TypeDLT RPC calls, VDR , no authentication required
    Information Flow DirectionBidirectional, VDR ⬄ Enterprise Digital Wallet
    Input DataDID transactions: creation, revocation, update
    Output DataDID transaction (creation, revocation, update) confirmations or DID documents
    + +
    +
    + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
    IDIF005
    DescriptionRequesting Verifiable Credential issuance from Credential Issuer
    TypeREST API, wallet-to-wallet communication
    Information Flow Direction + Bidirectional, Credential Issuer Wallet ⬄ Enterprise Digital Wallet, Encryption: SSL TLS v1.2+, Connection: + Issuance of Credentials via DIDcomm with Encrypted Messaging Envelope as specified in the DIDComm Messaging Specification based on Aries Protocols. +
    Input DataRequest identity or Stakeholder credential issuance
    Output DataIdentity or Stakeholder Credential
    + +

    + APIs implemented for IF002 SHALL follow the OCI OpenAPI specification for + Digital Wallet Providers. See OpenAPI specification for further details. +

    +

    + The Digital Wallet Provider SHALL provide API concepts for: +

    +
      +
    1. + Authentication: Endpoints of the Digital Wallets require authentication that is secured via a + JWT. To + obtain a + token and start making requests, the implementer SHALL provide an authentication provider that can process + requests to obtain authentication token. +
    2. +
    3. + Status Codes: Digital Wallets SHALL use HTTP status codes to indicate the success or failure of + API + requests. + If a request fails, it returns an error using the appropriate status code. +
    4. +
    +

    + Implementers MUST conform to [[RFC7231]] and [[RFC2616]] when processing and returning HTTP Status Codes to a + requesting client. From RFC7231 Section 6 + - Response Status Codes: +

    +
    +
      +
    • + 1xx (Informational): The request was received, continuing process +
    • +
    • + 2xx (Successful): The request was successfully received, understood, and accepted +
    • +
    • + 3xx (Redirection): Further action needs to be taken in order to complete the request +
    • +
    • + 4xx (Client Error): The request contains bad syntax or cannot be fulfilled +
    • +
    • + 5xx (Server Error): The server failed to fulfill an apparently valid request +
    • +
    +
    +
    +
    +

    + Functional Wallet Features +

    +
    +

    Wallet User Management

    +

    + A solution SHALL integrate an Identity and Access Management (IAM) solution for User and Role + Management into + the Digital Wallet infrastructure. A solution SHALL support user on-boarding, off-boarding and user + Credential + management features and workflows. +

    +
      +
    • + On-boarding includes a secure process to assign a role to a verified user. This process SHOULD include secure + provisioning of 2FA or multi-factor authentication access credentials to a given user. +
    • +
    • + Off-boarding includes an authorized process where an existing user's access to the Digital Wallet is + removed. +
    • +
    • + User Credential management includes a secure process to reset and/or rescind access credentials and + change + user roles (where multiple user roles exist). +
    • +
    +

    + The wallet MAY be integrated with existing trading partner identity and access management (IAM) + solutions. + Implementers of solutions for smaller trading partners MAY simplify the user management solution by merging + administrator and user roles, as users and administrators can be the same person. +

    +
    +
    +

    Identity & DSCSA Stakeholder Credential Management

    +

    + A solution SHALL provide a process workflow for acquiring identity and at least one of the three Stakeholder credential types from a vetted + Credential Issuer. +

    +

    + A solution SHOULD provide a feature for users of the Stakeholder to request and log identity credentials + from another counterparty. +

    +

    + A solution SHALL provide a data store for storing identity and Stakeholder credentials and transaction log data + to + support analysis, archive and auditing requirements for DSCSA. +

    +
    +
    +
    +

    Non-functional Wallet Features

    +
    +
    + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
    IDNFR001
    NFR TypeAuthentication & Authorization
    Description + Only an authorized user can manually access the Digital Wallet application. +
    Rationale +
      +
    • + Authentication should be configurable in accordance with enterprise ISRM (Information Security and Risk + management) requirements as well as policy rules. +
    • +
    • + Authorization: Access to the system features must be based on privileges and roles of the user. +
    • +
    +
    Conformance Criteria + Two-Factor Authentication (2FA) SHOULD be implemented. For operational systems, single sign-on with + enterprise IAMs or identity providers MAY be integrated. Role-based access control MAY be configured for + user role-based access. +
    Measurement + Above-mentioned authentication mechanisms when users access the application +
    + +
    +
    + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
    IDNFR002
    NFR TypeSecurity - Data Authorization & Encryption
    Description + Data at rest and in transit shall be protected +
    Rationale + Any sensitive data must be encrypted and protected +
    Conformance Criteria +
      +
    • + Data at rest SHALL be secured using multiple methods as applicable to use cases such as encryption, + authorization, and Role Based Access Control (RBAC). +
    • +
    • + All customer data and metadata at rest SHALL be encrypted using the industry standard AES-256 encryption + algorithm (256 bits key length)
    • +
    • + Connection to the solution for data in transit SHALL be encrypted using TLS 1.2+ +
    • +
    +
    Measurement + Functional testing +
    + +
    +
    + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
    IDNFR003
    NFR TypeSecurity - Non-repudiation
    Description + The system collects evidence of user actions to prove the origin and authenticity of data in the event of a future dispute. +
    Rationale + Common compliance requirement that supports accountability and data integrity +
    Conformance Criteria + The wallet solution SHALL record user authentication and actions by registered users. + The solution SHOULD record the entity for each credential-related transaction, + including non-repudiable digital signatures for all ATP Credential transactions. + The Wallet Provider SHALL be capable of transferring or making available such auditable records to + the Trading Partner or another party with legitimate interest and right to obtain such data. +
    Measurement + Activity logs and, if applicable, archives can be retrieved, made accessible, and can be processed. +
    + +
    +
    + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
    IDNFR004
    NFR TypeSecurity - Key Management & Rotation
    Description + Key rotation best practices applied to regularly change signing and encryption keys. +
    Rationale + Protect application against theft and misuse of signing keys +
    Conformance Criteria +
      +
    • + Solution SHALL provide secure key management for encryption and signing keys. +
    • +
    • + Solution SHALL provide features to update DID documents and to rotate encryption and signing keys no + less often than once every 12 months. At a minimum this SHOULD involve key retirement, + meaning that the old key is no longer used but discoverable via the DID doucment. + For any future signing operations a newly generated key SHOULD be used and discoverable via the DID doucment alongside the old key(s). +
    • +
    • + Solution SHALL provide rotation features for encryption keys (e.g. database encryption, certificate + renewal). +
    • +
    • + At a minimum key rotation SHALL be implemented in production environments. +
    • +
    +
    Measurement + Application security testing against these features +
    + +
    +
    + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
    IDNFR005
    NFR TypeSecurity – Platform & Network Security
    Description + The system must adhere to platform security requirements. +
    Rationale + Cloud architecture should ensure VRS and Stakeholder systems are secured from attack. Since the system + handles business critical data, the measures taken to protect data need to be defined. Privileged access to + system components is minimized and strictly controlled. +
    Conformance Criteria +

    + Security is critical to a solution deployed as Cloud Service. Implementers SHALL focus on security + features: +

    +
      +
    • + Platform Security: Relevant security procedures provided by the cloud platform shall be enabled +
    • +
    • + PAM: Privileged Accounts must be managed securely. +
    • +
    • + Logging & Monitoring: Logs should be maintained and reviewed +
    • +
    • + Network Security: Infrastructure components must be protected by implementing relevant network security + features including +
        +
      • Web Application Firewall
      • +
      • Secure DNS
      • +
      • DDOS Protection
      • +
      • VPC infrastructure
      • +
      +
    • +
    +
    Measurement + Application security testing against these features +
    + +
    +
    + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
    IDNFR006
    NFR TypeHigh Availability
    Description + Digital Wallet and credentialing solution systems must be resilient to single points of failure or + outages +
    Rationale + When integrated into operations, Stakeholder credentialing is a critical business system +
    Conformance Criteria + DevOps infrastructure and cloud services SHALL + be designed in a redundant manner so that the system will continue to + work in production mode (i.e., no degraded performance) if one + component fails. Digital Wallet Providers SHOULD aim for 99.5% + availability +
    Measurement + Infrastructure designed for high availability, + resilience and failover with ability to monitor and report on availability +
    + +
    +
    + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
    IDNFR007
    NFR TypeMaximum system response time
    Description + The maximum time taken by the system as a whole to send any information back to the end user who triggered a + query (and out of the transit/transmission overhead). +
    Rationale + Solution should be easily scalable to handle high volumes of Product Identifier Verification Requests and + Responses as well as a high number of trading partners without making changes to the overall architecture. +
    Conformance Criteria + Solution SHALL provide low-latency APIs so that the average time for performing the two API calls to + generate and verify ATP VPs is in total less than 1500 ms and the maximum time for both calls is + in total less than 3000 ms. Solution MAY apply caching methods (e.g., revocation lists, DID + documents, credential verification events) where technically and legally possible to reduce throughput times + of processing the APIs. Cached data SHALL be valid no longer than 48 hours. Note that other parts of these + Conformance Criteria may set shorter validity times for particular types of cached data. +
    Measurement + Average and maximum duration of API calls +
    + +
    +
    + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
    IDNFR008
    NFR TypeDisaster recovery
    Description + The solution must survive a critical data center incident and large scale outage events. +
    Rationale + ISMS Standards dictate disaster recovery solution +
    Conformance Criteria + The solution SHOULD be replicated in an alternative datacenter. It SHOULD provide back-up and restore + mechanisms. +
    Measurement + Recurring disaster recovery tests +
    + +
    +
    + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
    IDNFR009
    NFR TypeAudit Support
    Description + The solution provides auditable granular transaction logs +
    Rationale + Data and industry regulations require support for investigations and compliance. +
    Conformance Criteria + The Wallet solution SHALL be capable of providing detailed records of all verifiable presentation (VP) generation and + verification events for each Trading Partner. These records SHALL include the corrUUID so that transactions are correlatable across + systems. +
    Measurement + Detail of transaction logs and, if applicable, archive. +
    + +
    +
    + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
    IDNFR010
    NFR TypeArchiving
    Description + The solution can archive auditable transaction logs +
    Rationale + Data and industry regulations require support for investigations and compliance of current and historical transactions data. + Transaction logs constitute an audit trail to be used, for example, in the event of an investigation into + credential-related activities. +
    Conformance Criteria + The Wallet solution SHALL have the capability of keeping detailed records of all VP generation and verification events + to enable the Trading Partner to comply with regulatory data storage requirements. + The Wallet Provider SHALL be capable of transferring or making available such auditable records to + the Trading Partner or another party with legitimate interest and right to obtain such data. +
    Measurement + Archived data can be retrieved, are accessible and can be processed. +
    + +
    +
    +
    +

    INTEGRATION WITH VRS PROVIDERS

    +

    At time of publication, the use of Authority and ATP Equivalent credentials within the VRS is being discussed among relevant stakeholder groups. It should be noted that the OpenAPI specification accommodates any OCI-compliant credential type.

    + +
    +

    API to generate a Verifiable Presentation of Stakeholder Credential

    + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
    API NameGenerate Stakeholder Verifiable Presentation of Stakeholder Credential
    DescriptionThe HTTP endpoint used to generate a Verifiable Presentation (VP) of a DSCSA ATP Credential.
    OpenAPI Specificationhttps://open-credentialing-initiative.github.io/api-specifications/v2.0.0/#/VerifiablePresentation/postVerfiablePresentationGeneration +
    Request Body +

    The Digital Wallet SHALL provide an API consuming a JSON request body with the following values: +

    +
      +
    • + corrUUID | string | required +
        +
      • + Correlation UUID which is obtained from the PI Message +
      • +
      +
    • +
    • + holderDID | string | required + +
    • +
    • + credentialType | string (enum) | required +
        +
      • + IdentityCredential, DSCSAATPCredential, DSCSAATPEquivalentCredential, or DSCSAAuthorityCredential + The type of Credential that should be requested +
      • +
      +
    • +
    +

    + Note: It shall be understood that a counterparty VRS can be unavailable at any given time. If this + is the + case, the first VRS provider needs to regenerate a JWT token for resending the PI verify request to + the + counterparty VRS at a later time to retry the PI verification request. +

    +
    Request Parameters +

    + Optional checks may be completed by the party generating the VP to ensure that the presentation generation is working + properly and the underlying credentials are valid. However, they are not mandatory at VP generation because checks will + always be performed by the recipient anyway. Skipping these checks reduces overall latency. +

    +

    + It is RECOMMENDED for the Digital Wallet provider to disable the use of any such parameters by default + with the option for the user to enable these if so desired. +

    +

    + The Digital Wallet SHALL provide the following query request parameters for optional use during the + generation of a VP: +

    +
      +
    • + vc-expirationDate | boolean | optional | default 'false' +
        +
      • + Parameter to check the expiration date of the Stakeholder Credential +
      • +
      +
    • +
    • + vc-proof | boolean | optional | default 'false' +
        +
      • + Parameter to check the cryptographic proof of the Stakeholder Credential +
      • +
      +
    • +
    • + vc-issuanceDate | boolean | optional | default 'false' +
        +
      • + Parameter to check the issuance date of the Stakeholder Credential +
      • +
      +
    • + vc-credentialStatus | boolean | optional | default 'false' +
        +
      • + Parameter to check the revocation and expiration status of the Stakeholder Credential +
      • +
      + +
    +
    Response Body +

    + Depending on whether the VP generation is successful or not, The Digital Wallet SHALL either return + a + response body representing positive or negative generation. +

    +

    + For Positive Generation Response, the response body SHALL contain the following fields: +

    +
      +
    • + success | boolean | required with value true +
        +
      • + Indicating whether or not the request has been successful or not. +
      • +
      +
    • +
    • + verifiablePresentation | string | format base64 | required +
        +
      • + The JWT formatted and base64 encoded Verifiable Presentation. +
      • +
      +
    • +
    • + holderDID | string | optional +
        +
      • + The holderDID that was used to generate the Verifiable Presentation. +
      • +
      +
    • +
    • + corrUUID | string | optional +
        +
      • + The corrUUID that was used to generate the Verifiable Presentation. +
      • +
      +
    • +
    • + credentialType | string | enum | optional +
        +
      • + The credentialType that was used to generate the Verifiable Presentation. Any of type + IdentityCredential, DSCSAATPCredential, DSCSAATPEquivalentCredential, or DSCSAAuthorityCredential. +
      • +
      +
    • +
    • + message | string | optional +
        +
      • + Additional message to be included +
      • +
      +
    • +
    +

    + For Negative Generation Response, the response body SHALL contain the following fields: +

    +
      +
    • + success | boolean | required with value false +
        +
      • + Indicating whether or not the request has been successfull or not. +
      • +
      +
    • +
    • + errors | array | required +
        +
      • + a list of error messages describing the error code(s) as specified in section 4.2.1 encountered + while attempting to generate VP +
      • +
      +
    • +
    • + errorCodes | array | required +
        +
      • + a list of error code(s) as specified in section 5.3 encountered while attempting + to generate VP +
      • +
      +
    • +
    +
    HTTP Status Codes +

    + The Digital Wallet SHALL return the following HTTP status codes and descriptions in accordance to + section 4.2 + Cloud Wallet Interfaces and Open API Integration: +

    +
      +
    • + 1xx (Informational): The request was received, continuing process +
    • +
    • + 2xx (Successful): The request was successfully received, understood, and accepted +
    • +
    • + 3xx (Redirection): Further action needs to be taken in order to complete the request +
    • +
    • + 4xx (Client Error): The request contains bad syntax or cannot be fulfilled +
    • +
    • + 5xx (Server Error): The server failed to fulfill an apparently valid request +
    • +
    +
    +
    + + +
    +

    API to Verify Verifiable Presentation of Stakeholder Credential

    + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
    API NameVerify Stakeholder Verifiable Presentation of Stakeholder Credential
    DescriptionTo check the authenticity, integrity, revocation & expiration status of a Verifiable Presentation of an + Stakeholder Credential.
    OpenAPI Specificationhttps://open-credentialing-initiative.github.io/api-specifications/v2.0.0/#/VerifiablePresentation/postVerfiablePresentationVerification +
    Request Body +

    The Digital Wallet SHALL provide an API accepting a request body with the following values:

    +
      +
    • + VerifiablePresentation | string | format base64 | required +
        +
      • + The Verifiable Presentation to verify in JWT base64 encoded format. +
      • +
      +
    • +
    • + verifierDID | string | required +
        +
      • + The DID that requests a verification of the provided Verifiable Presentation. +
      • +
      +
    • +
    +
    Request Parameters +

    None.

    +
    Response Body +

    + Depending on whether the verification is successful or not, the Digital Wallet SHALL either return + a + response body representing positive verification or negative verification. +

    +

    + For Positive Verification Response, the response body SHALL contain the following fields: +

    +
      +
    • + success | boolean | required with value true +
        +
      • + Indicating wheter or not the request has been successfull or not. +
      • +
      +
    • +
    • + verifiablePresentation | string | format base64 | optional +
        +
      • + The JWT formatted and base64 encoded Verifiable Presentation which has been verified +
      • +
      +
    • +
    • + verifierDID | string | optional +
        +
      • + The DID that requested a verification of the provided Verifiable Presentation. +
      • +
      +
    • +
    • + message | string | optional +
        +
      • + Additional message to be included +
      • +
      +
    • +
    +

    + For Negative Verification Response, the response body SHALL contain the following fields: +

    +
      +
    • + success | boolean | required with value false +
        +
      • + Indicating whether or not the request has been successfull or not. +
      • +
      +
    • +
    • + errors | array | required +
        +
      • + a list of error messages describing the error code(s) as specified in section 4.2.1 encountered + while attempting to generate VP +
      • +
      +
    • +
    • + errorCodes | array | required +
        +
      • + a list of error code(s) as specified in section 5.3 encountered while attempting + to generate VP +
      • +
      +
    • +
    +
    HTTP Status Codes +

    + The Digital Wallet SHALL return the following HTTP status codes and descriptions in accordance to + 4.2 + Cloud Wallet Interfaces and Open API Integration: +

    +
      +
    • + 1xx (Informational): The request was received, continuing process +
    • +
    • + 2xx (Successful): The request was successfully received, understood, and accepted +
    • +
    • + 3xx (Redirection): Further action needs to be taken in order to complete the request +
    • +
    • + 4xx (Client Error): The request contains bad syntax or cannot be fulfilled +
    • +
    • + 5xx (Server Error): The server failed to fulfill an apparently valid request +
    • +
    +
    +
    +
    +

    API-Specific Error Codes

    +

    + Digital Wallet Providers SHALL return the following error codes if a verification (or if applicable in the + generation) fails due to + certain scenarios. The above defined response data structure SHALL be used to transport the code to a requesting + client. + An implementer SHALL use the field ‘errorCodes’ for transporting one (1) or multiple codes. + It is RECOMMENDED to use the field ‘errors’ for transporting human readable error messages further explaining + the reason why a verification has failed. +

    +

    + Given these scenarios, the following error codes MUST be included in the ‘errorCodes’ field in the verification + (or if applicable in the generation) + response. It is RECOMMENDED to include multiple errors in the response as applicable. +

    + +
    +
    +

    Protection against Credential Replay Attacks and VP Lifetime

    +

    + The JWT VP SHALL have a lifetime (or time to live) attribute. The lifetime for JWT VPs used in PI + verifications + SHALL not be longer than 5 minutes or 300,000 ms. The JWT VP verification API will use this VP lifetime + threshold to check if a VP is expired. This VP lifetime threshold will be added to the issuance date of the VP, + iat attribute of VP, to determine whether the VP verification time is within the acceptable time window for + using the generated VP. +

    +
    +
    +
    +

    ORGANIZATION CONTROLS

    +
    +

    Documentation

    +

    It is RECOMMENDED that the Digital Wallet provider offers the following documentation to support any + validation process:

    + +

    + Digital Wallet Providers SHALL provide any applicable technical documentation, e.g. Installation Qualification documentation, to trading partners or integrating solution providers. + This should instruct about how the Digital Wallet components are installed or integrated correctly. This + includes documentation of the software deployment process, installed system components and host environments. +

    +
    +
    +

    Information technology controls and security

    +

    + The Digital Wallet provider SHOULD enable independent assurance over business and information technology + controls. This MAY be in the form of acquiring a Service Organization Controls (SOC) Report based on the American Institute of Certified + Public Accountants (AICPA) Statement on Standards for Attestation Engagements No. 18 (SSAE 18) (“SOC + Report”). Such SOC Report generally covers all controls and comes in the form of a SOC 1 Type II and SOC 2 + Type II report. A further option is to have a certified Information Security Management System according to + International Standard Organization (ISO) 27001 in place. +

    +
    +
    + + +