feat: added new lifecycle section #532
Open
+257
−88
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
peppelinux
reviewed
Jan 21, 2025
peppelinux
reviewed
Jan 21, 2025
peppelinux
reviewed
Jan 21, 2025
peppelinux
reviewed
Jan 21, 2025
peppelinux
reviewed
Jan 21, 2025
grausof
approved these changes
Jan 22, 2025
Co-authored-by: Giuseppe De Marco <demarcog83@gmail.com>
peppelinux
reviewed
Jan 23, 2025
|
|
||
| A Credential Issuer is responsible for creating and issuing Digital Credentials, as well as managing their lifecycle and validity status. | ||
|
|
||
| An Authentic Source is the entity responsible for the management and provisioning of User's attributes to Credential Issuers. |
There was a problem hiding this comment.
Suggested change
| An Authentic Source is the entity responsible for the management and provisioning of User's attributes to Credential Issuers. | |
| The Authentic Source is the entity responsible for the management and provisioning of User's attributes to Credential Issuers. |
peppelinux
reviewed
Jan 23, 2025
| Wallet Instance and Digital Credential Lifecycle | ||
| ++++++++++++++++++++++++++++++++++++++++++++++++ | ||
|
|
||
| A Credential Issuer is responsible for creating and issuing Digital Credentials, as well as managing their lifecycle and validity status. |
There was a problem hiding this comment.
Suggested change
| A Credential Issuer is responsible for creating and issuing Digital Credentials, as well as managing their lifecycle and validity status. | |
| The Credential Issuer is responsible for creating and issuing Digital Credentials, as well as managing their lifecycle and validity status. |
There was a problem hiding this comment.
this and the one below seems more redefinition of what already defined within the defined terms ... but, since they are so small, we can live with them anyway.
peppelinux
reviewed
Jan 23, 2025
| suspension of the attributes contained in the Digital Credential. In IT Wallet, the provisioning of User's attributes and the notification of | ||
| updates or changes in the state of the attributes are exchanged using the PDND infrastructure (see relative sections for more details). | ||
|
|
||
| Finally, a Wallet Provider is in charge of the implementation and provision of Wallet Instances also handling their entire lifecycle. |
There was a problem hiding this comment.
Suggested change
| Finally, a Wallet Provider is in charge of the implementation and provision of Wallet Instances also handling their entire lifecycle. | |
| The Wallet Provider is in charge of the implementation and provision of Wallet Instances also handling their entire lifecycle. |
peppelinux
reviewed
Jan 23, 2025
|
|
||
| .. note:: | ||
|
|
||
| We distinguish PID from (Q)EAA, as its issuance effects on the Wallet Instance's lifecycle, and additionally its revocation may have potential impacts on (Q)EAAs. |
There was a problem hiding this comment.
Suggested change
| We distinguish PID from (Q)EAA, as its issuance effects on the Wallet Instance's lifecycle, and additionally its revocation may have potential impacts on (Q)EAAs. | |
| PID is specialized Credential type that produces impacts on the Wallet Instance's lifecycle. The revocation of the PID MAY also have potential impacts on (Q)EAAs, if these was issued using the presentation of the PID. |
aridanghete con "we" :-)
peppelinux
reviewed
Jan 23, 2025
|
|
||
| .. note:: | ||
|
|
||
| In the current version of ARF v1.4.1, two types of attestations have been introduced: Wallet Trust Evidence (WTE) and Wallet Instance Attestation (WIA). The first to prove that the keys used for key |
There was a problem hiding this comment.
Suggested change
| In the current version of ARF v1.4.1, two types of attestations have been introduced: Wallet Trust Evidence (WTE) and Wallet Instance Attestation (WIA). The first to prove that the keys used for key | |
| In the current version of `ARF`_, two types of attestations have been introduced: Wallet Trust Evidence (WTE) and Wallet Instance Attestation (WIA). The first to prove that the keys used for key |
the version of the ARF in use and referenced in this documentation is the one defined in the referenced standards. We really do not have to disseminate weak or static references within the specs
There was a problem hiding this comment.
I would like to have the alignments with the IA terminology too- Otherwise we will use a separate PR within milestone 1.0 to have this alignment
peppelinux
reviewed
Jan 23, 2025
|
|
||
| .. note:: | ||
|
|
||
| The Wallet Provider MUST ensure the security and reliability of the Wallet Instances. To achieve this, the Wallet Provider MUST keep the Wallet Instances updated and compliant with security requirements. |
There was a problem hiding this comment.
Suggested change
| The Wallet Provider MUST ensure the security and reliability of the Wallet Instances. To achieve this, the Wallet Provider MUST keep the Wallet Instances updated and compliant with security requirements. | |
| The Wallet Provider MUST ensure the security and reliability of the Wallet Instances. To achieve this, the Wallet Provider MUST periodically checks the Wallet Instances security and compliance status. |
only the user can update the WI
peppelinux
reviewed
Jan 23, 2025
| .. note:: | ||
|
|
||
| As a result of the User account creation, an authentication mechanism MUST be set for the User to interact with the Wallet Provider portal. | ||
| This specification mandates the use of at least a second-factor User authentication. |
There was a problem hiding this comment.
Suggested change
| This specification mandates the use of at least a second-factor User authentication. | |
| This specification mandates the use of at least a second-factor for User authentication. |
we should mention an internional LoA threshold, such those defined in NIST ...
There was a problem hiding this comment.
AFAIK, this is not defined in EUDI yet. I suggest to wait for an update from EU before define more details here. What do you think?
peppelinux
reviewed
Jan 23, 2025
|
|
||
| As part of the activation, the Wallet Provider MUST evaluate the operating system and general technical capabilities of the device to check compliance | ||
| with the technical and security requirements, and the authenticity and integrity of the installed Wallet Instance. | ||
| Upon successful verification, a Wallet Attestation MUST be issued and the Wallet Instance enters the **Operational** state. |
There was a problem hiding this comment.
Suggested change
| Upon successful verification, a Wallet Attestation MUST be issued and the Wallet Instance enters the **Operational** state. | |
| Upon successful verification, the Wallet Provider MUST issue at least one valid Wallet Attestation to the Wallet Instance, therefore the Wallet Instance enters the **Operational** state. |
peppelinux
reviewed
Jan 23, 2025
Comment on lines
+90
to
+91
| In addition, if not already done, Users MUST set their preferred method of unlocking their Wallet Instance; this can be accomplished by entering a | ||
| personal identification number (PIN) or by utilizing biometric authentication, such as fingerprint or facial recognition, according to their personal |
There was a problem hiding this comment.
Suggested change
| In addition, if not already done, Users MUST set their preferred method of unlocking their Wallet Instance; this can be accomplished by entering a | |
| personal identification number (PIN) or by utilizing biometric authentication, such as fingerprint or facial recognition, according to their personal | |
| In addition, if not already done, Users MUST set their preferred method of unlocking their Wallet Instance; this MAY be accomplished by entering a | |
| personal identification number (PIN) or by utilizing biometric authentication, such as fingerprint or facial recognition, according to personal |
peppelinux
reviewed
Jan 23, 2025
| personal identification number (PIN) or by utilizing biometric authentication, such as fingerprint or facial recognition, according to their personal | ||
| preferences and device's capabilities. Please refer to the relevant sections for further information about Wallet Instance activation. | ||
|
|
||
| In this state, Users can request the issuance of a PID (**PID ISS** transition) or of (Q)EAAs if the PID is not required in the issuance phase |
There was a problem hiding this comment.
Suggested change
| In this state, Users can request the issuance of a PID (**PID ISS** transition) or of (Q)EAAs if the PID is not required in the issuance phase | |
| In the Operational state, Users can request the issuance of PID (**PID ISS**) or (Q)EAAs if the PID is not required in the issuance |
remember to put the subject to make the sentence always linear and clear
peppelinux
reviewed
Jan 23, 2025
| preferences and device's capabilities. Please refer to the relevant sections for further information about Wallet Instance activation. | ||
|
|
||
| In this state, Users can request the issuance of a PID (**PID ISS** transition) or of (Q)EAAs if the PID is not required in the issuance phase | ||
| (**(Q)EEA ISS** transitions). In addition, if the credentials are (Q)EEAs and for the presentation they do not require the PID, they can be presented |
There was a problem hiding this comment.
Suggested change
| (**(Q)EEA ISS** transitions). In addition, if the credentials are (Q)EEAs and for the presentation they do not require the PID, they can be presented | |
| (**(Q)EEA ISS**). In addition, if the Credentials are (Q)EEAs and for the presentation they do not require the PID, they can be presented |
peppelinux
reviewed
Jan 23, 2025
Comment on lines
+98
to
+99
| A **Valid** Wallet Instance MUST transition back to the **Operational** state due to **PID EXP/REV/DEL** transition, when the associated PID expires, or | ||
| revoked by its Provider or either deleted by the User. |
There was a problem hiding this comment.
Suggested change
| A **Valid** Wallet Instance MUST transition back to the **Operational** state due to **PID EXP/REV/DEL** transition, when the associated PID expires, or | |
| revoked by its Provider or either deleted by the User. | |
| A **Valid** Wallet Instance MUST transition back to the **Operational** state due to **PID EXP/REV/DEL** transition, when the associated PID expires, or is revoked by its Provider or either deleted by the User. |
peppelinux
reviewed
Jan 23, 2025
| .. note:: | ||
|
|
||
| Users can have only one Wallet Instance in **Valid** state for the same Wallet Solution. Thus, when a User installs and obtains a PID on a new Wallet | ||
| Instance of the same Wallet Solution from the same Wallet Provider, the PID in the previous Wallet Instance MUST be revoked and the Wallet Instance goes |
There was a problem hiding this comment.
Suggested change
| Instance of the same Wallet Solution from the same Wallet Provider, the PID in the previous Wallet Instance MUST be revoked and the Wallet Instance goes | |
| Instance of the same Wallet Solution from the same Wallet Provider, the PID in the previous Wallet Instance MUST be revoked and the Wallet Instance became |
peppelinux
reviewed
Jan 23, 2025
|
|
||
| Users can have only one Wallet Instance in **Valid** state for the same Wallet Solution. Thus, when a User installs and obtains a PID on a new Wallet | ||
| Instance of the same Wallet Solution from the same Wallet Provider, the PID in the previous Wallet Instance MUST be revoked and the Wallet Instance goes | ||
| into **Operational** state. |
There was a problem hiding this comment.
Suggested change
| into **Operational** state. | |
| **Operational**. |
peppelinux
reviewed
Jan 23, 2025
|
|
||
| Transition to Uninstalled | ||
| ^^^^^^^^^^^^^^^^^^^^^^^^^ | ||
| Across all states — **Installed**, **Actived**, **Operational**, or **Valid** — the Wallet Instance may be removed entirely through the Wallet Instance |
There was a problem hiding this comment.
Suggested change
| Across all states — **Installed**, **Actived**, **Operational**, or **Valid** — the Wallet Instance may be removed entirely through the Wallet Instance | |
| Across all states, **Installed**, **Actived**, **Operational**, or **Valid**, the Wallet Instance can be removed entirely through the Wallet Instance |
peppelinux
reviewed
Jan 23, 2025
| .. note:: | ||
|
|
||
| While **Issued**, **Valid**, **Expired**, **Revoked** are explicitly mentioned in the ARF (see Figure 5 of ARF v1.4), | ||
| **Suspended** is implicitly present in the text. For clarity and completeness, in this specification we explicitly consider it. |
There was a problem hiding this comment.
Suggested change
| **Suspended** is implicitly present in the text. For clarity and completeness, in this specification we explicitly consider it. | |
| **Suspended** is implicitly present in `ARF`_. This specification explicitly considers it. |
peppelinux
reviewed
Jan 23, 2025
|
|
||
| Transition to Issued | ||
| ^^^^^^^^^^^^^^^^^^^^ | ||
| For the state machine to start, the Wallet Instance MUST be in either the **Operational** or **Valid** state, enabling credentials to be issued to it. |
There was a problem hiding this comment.
Suggested change
| For the state machine to start, the Wallet Instance MUST be in either the **Operational** or **Valid** state, enabling credentials to be issued to it. | |
| For the state machine to start, the Wallet Instance MUST be in either the **Operational** or **Valid** state, enabling Credentials to be issued to it. |
peppelinux
reviewed
Jan 23, 2025
| ^^^^^^^^^^^^^^^^^^^^ | ||
| For the state machine to start, the Wallet Instance MUST be in either the **Operational** or **Valid** state, enabling credentials to be issued to it. | ||
| The state machine begins with the **Issued** state, when an issuance process is triggered and, as a result, a Digital Credential is issued to the | ||
| Wallet Instance (**PID/(Q)EAA ISS**). Please refer to the relevant sections for further information about PID and (Q)EAAs issuance process. |
There was a problem hiding this comment.
Suggested change
| Wallet Instance (**PID/(Q)EAA ISS**). Please refer to the relevant sections for further information about PID and (Q)EAAs issuance process. | |
| Wallet Instance (**PID/(Q)EAA ISS**). Please refer to the relevant sections for further information about PID and (Q)EAAs issuance process. |
I admit to get tired to read so many times the statement Please refer to the relevant sections for further information about. I ask to use a shorter sentece with a href reference to the relevant section, or delete the entire statement.
peppelinux
reviewed
Jan 23, 2025
Comment on lines
+194
to
+196
| A Digital Credential changes from **Issued**, **Valid** or **Suspended** states to **Revoked** state when it is actively revoked by the Credential Issuer | ||
| by a revocation process (**PID/(Q)EAA REV**), declaring that Relying Parties SHOULD no longer trust a particular Digital Credential, even though it is | ||
| still valid temporally and contains a valid Credential Issuer signature. Revocation can occur in the following cases: |
There was a problem hiding this comment.
Suggested change
| A Digital Credential changes from **Issued**, **Valid** or **Suspended** states to **Revoked** state when it is actively revoked by the Credential Issuer | |
| by a revocation process (**PID/(Q)EAA REV**), declaring that Relying Parties SHOULD no longer trust a particular Digital Credential, even though it is | |
| still valid temporally and contains a valid Credential Issuer signature. Revocation can occur in the following cases: | |
| A Digital Credential changes from **Issued**, **Valid** or **Suspended** states to **Revoked** state when it is actively revoked by the Credential Issuer | |
| by a revocation process (**PID/(Q)EAA REV**). The Relying Parties SHOULD no longer consider usable a particular Digital Credential when it is **Revoked**, even though it is | |
| still valid temporally and contains a valid Credential Issuer signature. Revocation can occur in the following cases: |
peppelinux
reviewed
Jan 23, 2025
| In the case of PID only, the following cases are in addition to those listed above: | ||
|
|
||
| * detection of a breach of the digital identity issued by an Identity Provider and used to authenticate the User during the PID Issuance; | ||
| * as a result of obtaining a new PID on a new Wallet Instance from the same Wallet Provider that provided the Wallet Instance containing the previous PID. |
There was a problem hiding this comment.
Suggested change
| * as a result of obtaining a new PID on a new Wallet Instance from the same Wallet Provider that provided the Wallet Instance containing the previous PID. | |
| * as a result of obtaining a new PID on a new Wallet Instance from the same Wallet Provider that has provided the Wallet Instance containing a PID previously issued. |
peppelinux
reviewed
Jan 23, 2025
Comment on lines
+222
to
+224
| A (Q)EAA changes from **Issued** or **Valid** states to **Suspended** state when it is suspended by the Credential Issuer (**(Q)EAA SUSP**), | ||
| it stays in this state until it is restored to the **Issued** or **Valid** state (**(Q)EAA UNSUSP**) depending on the previous state, i.e. | ||
| the conditions leading to its suspension are resolved, or it changes in **Revoked**, **Expired** or it is deleted. The suspension of a (Q)EAA MAY be: |
There was a problem hiding this comment.
Suggested change
| A (Q)EAA changes from **Issued** or **Valid** states to **Suspended** state when it is suspended by the Credential Issuer (**(Q)EAA SUSP**), | |
| it stays in this state until it is restored to the **Issued** or **Valid** state (**(Q)EAA UNSUSP**) depending on the previous state, i.e. | |
| the conditions leading to its suspension are resolved, or it changes in **Revoked**, **Expired** or it is deleted. The suspension of a (Q)EAA MAY be: | |
| A (Q)EAA changes from **Issued** or **Valid** states to **Suspended** state when it is suspended by the Credential Issuer (**(Q)EAA SUSP**). | |
| The (Q)EAA remains **Suspended** until it is restored to the **Issued** or **Valid** state (**(Q)EAA UNSUSP**) depending on the previous state, i.e. | |
| the conditions leading to its suspension are resolved, or it changes in **Revoked**, **Expired** or it is deleted. The suspension of a (Q)EAA MAY be: |
peppelinux
reviewed
Jan 23, 2025
| A Credential Issuer instead is responsible for: | ||
|
|
||
| * **Digital Credential Generation**: the Digital Credential is generated as a consequence of an issuance request and MUST be added to the local storage of the Credential Issuer after the successful issuance. | ||
| * **Digital Credential Revocation/Suspension/Unsuspension** (**PID/(Q)EAA REV** and **(Q)EAA SUSP/UNSUSP**): for technical security reasons or triggered by external entities (e.g., Users and Authentic Sources) the Digital Credential state MUST be locally updated. |
There was a problem hiding this comment.
Suggested change
| * **Digital Credential Revocation/Suspension/Unsuspension** (**PID/(Q)EAA REV** and **(Q)EAA SUSP/UNSUSP**): for technical security reasons or triggered by external entities (e.g., Users and Authentic Sources) the Digital Credential state MUST be locally updated. | |
| * **Digital Credential Revocation/Suspension/Unsuspension** (**PID/(Q)EAA REV** and **(Q)EAA SUSP/UNSUSP**): for technical security reasons or triggered by external entities (e.g., Users and Authentic Sources) the Digital Credential state MUST be locally updated. |
peppelinux
requested changes
Jan 23, 2025
fmarino-ipzs
approved these changes
Jan 24, 2025
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This PR:
We have: