From 830780ae9a0e6aeba0bffd762d694a851488aaea Mon Sep 17 00:00:00 2001 From: Giuseppe De Marco Date: Wed, 13 Dec 2023 11:34:52 +0100 Subject: [PATCH 1/8] feat: section Metia Type Registration for wallet-attestation+jwt --- draft-oid4vc-haip-sd-jwt-vc.md | 30 ++++++++++++++++++++++++++++++ 1 file changed, 30 insertions(+) diff --git a/draft-oid4vc-haip-sd-jwt-vc.md b/draft-oid4vc-haip-sd-jwt-vc.md index 2a4d21f..12fafc8 100644 --- a/draft-oid4vc-haip-sd-jwt-vc.md +++ b/draft-oid4vc-haip-sd-jwt-vc.md @@ -374,6 +374,36 @@ Note: When using this profile with other cryptosuites, it is recommended to be e `iat` and `exp` JWT claims express both the validity period of both the signature and the claims about the subject, unless there is a separate claim used to express the validity of the claims. + +## Media Type Registration + +This section requests registration of the following media types [@RFC2046] in +the "Media Types" registry [@IANA.MediaTypes] in the manner described +in [@RFC6838]. + +To indicate that the content of a JWS is a Wallet Instance Attestation: + + * Type name: application + * Subtype name: wallet-attestation+jwt + * Required parameters: n/a + * Optional parameters: n/a + * Encoding considerations: binary; A JWT-based Wallet Instance Attestation object is a JWT; JWT values are encoded as a series of base64url-encoded values (some of which may be the empty string) separated by period ('.') characters. + * Security considerations: See (#Security) of [[ this specification ]] + * Interoperability considerations: n/a + * Published specification: [[ this specification ]] + * Applications that use this media type: Applications using [[ this specification ]] for issuing and validating Wallet Instance Attestations. + * Fragment identifier considerations: n/a + * Additional information: + * File extension(s): n/a + * Macintosh file type code(s): n/a + * Person & email address to contact for further information: Torsten Lodderstedt, torsten@lodderstedt.net + * Intended usage: COMMON + * Restrictions on usage: none + * Author: Torsten Lodderstedt + * Change controller: IETF + * Provisional registration? No + + {backmatter} From 51770ba553c477cc4d12e956a493f9e544d3ddb5 Mon Sep 17 00:00:00 2001 From: Giuseppe De Marco Date: Wed, 13 Dec 2023 11:41:22 +0100 Subject: [PATCH 2/8] fix: doc refs --- draft-oid4vc-haip-sd-jwt-vc.md | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/draft-oid4vc-haip-sd-jwt-vc.md b/draft-oid4vc-haip-sd-jwt-vc.md index 12fafc8..c10d4ea 100644 --- a/draft-oid4vc-haip-sd-jwt-vc.md +++ b/draft-oid4vc-haip-sd-jwt-vc.md @@ -377,9 +377,9 @@ Note: When using this profile with other cryptosuites, it is recommended to be e ## Media Type Registration -This section requests registration of the following media types [@RFC2046] in -the "Media Types" registry [@IANA.MediaTypes] in the manner described -in [@RFC6838]. +This section requests registration of the following media types [@!RFC2046] in +the "Media Types" registry [@!IANA.MediaTypes] in the manner described +in [@!RFC6838]. To indicate that the content of a JWS is a Wallet Instance Attestation: From 0ba9fbfbf1e5a7290ce73be3609bf1aff0c8560e Mon Sep 17 00:00:00 2001 From: Giuseppe De Marco Date: Wed, 13 Dec 2023 11:44:06 +0100 Subject: [PATCH 3/8] fix: doc refs - again --- draft-oid4vc-haip-sd-jwt-vc.md | 11 +++++++---- 1 file changed, 7 insertions(+), 4 deletions(-) diff --git a/draft-oid4vc-haip-sd-jwt-vc.md b/draft-oid4vc-haip-sd-jwt-vc.md index c10d4ea..e5b408e 100644 --- a/draft-oid4vc-haip-sd-jwt-vc.md +++ b/draft-oid4vc-haip-sd-jwt-vc.md @@ -374,12 +374,15 @@ Note: When using this profile with other cryptosuites, it is recommended to be e `iat` and `exp` JWT claims express both the validity period of both the signature and the claims about the subject, unless there is a separate claim used to express the validity of the claims. +# Security Considerations + +TBD. ## Media Type Registration -This section requests registration of the following media types [@!RFC2046] in -the "Media Types" registry [@!IANA.MediaTypes] in the manner described -in [@!RFC6838]. +This section requests registration of the following media types [@RFC2046] in +the "Media Types" registry [@IANA.MediaTypes] in the manner described +in [@RFC6838]. To indicate that the content of a JWS is a Wallet Instance Attestation: @@ -388,7 +391,7 @@ To indicate that the content of a JWS is a Wallet Instance Attestation: * Required parameters: n/a * Optional parameters: n/a * Encoding considerations: binary; A JWT-based Wallet Instance Attestation object is a JWT; JWT values are encoded as a series of base64url-encoded values (some of which may be the empty string) separated by period ('.') characters. - * Security considerations: See (#Security) of [[ this specification ]] + * Security considerations: See (#security-considerations) of [[ this specification ]] * Interoperability considerations: n/a * Published specification: [[ this specification ]] * Applications that use this media type: Applications using [[ this specification ]] for issuing and validating Wallet Instance Attestations. From 29861250a62ce38acca427c427a177a2776c03b9 Mon Sep 17 00:00:00 2001 From: Giuseppe De Marco Date: Wed, 13 Dec 2023 11:47:49 +0100 Subject: [PATCH 4/8] fix: doc refs - again and again --- draft-oid4vc-haip-sd-jwt-vc.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/draft-oid4vc-haip-sd-jwt-vc.md b/draft-oid4vc-haip-sd-jwt-vc.md index e5b408e..1a20085 100644 --- a/draft-oid4vc-haip-sd-jwt-vc.md +++ b/draft-oid4vc-haip-sd-jwt-vc.md @@ -287,7 +287,7 @@ The following additional Credential Issuer metadata are defined for this Credent * `vct`: REQUIRED. JSON string designating the type of a credential as defined in [@!I-D.ietf-oauth-sd-jwt-vc], Section 4.2.2.1. * `claims`: OPTIONAL. A JSON object containing a list of name/value pairs, where each name identifies a claim offered in the Credential. The value can be another such object (nested data structures), or an array of such objects. To express the specifics about the claim, the most deeply nested value MAY be a JSON object that includes a following non-exhaustive list of parameters defined by this specification: * `mandatory`: OPTIONAL. Boolean which when set to `true` indicates the claim MUST be present in the issued Credential. If the `mandatory` property is omitted its default should be assumed to be `false`. - * `value_type`: OPTIONAL. String value determining type of value of the claim. A non-exhaustive list of valid values defined by this specification are `string`, `number`, and image media types such as `image/jpeg` as defined in IANA media type registry for images (https://www.iana.org/assignments/media-types/media-types.xhtml#image). + * `value_type`: OPTIONAL. String value determining type of value of the claim. A non-exhaustive list of valid values defined by this specification are `string`, `number`, and image media types such as `image/jpeg` as defined in [IANA media type registry for images](https://www.iana.org/assignments/media-types/media-types.xhtml#image). * `display`: OPTIONAL. An array of objects, where each object contains display properties of a certain claim in the Credential for a certain language. Below is a non-exhaustive list of valid parameters that MAY be included: * `name`: OPTIONAL. String value of a display name for the claim. * `locale`: OPTIONAL. String value that identifies language of this object represented as language tag values defined in BCP47 [@!RFC5646]. There MUST be only one object for each language identifier. @@ -381,7 +381,7 @@ TBD. ## Media Type Registration This section requests registration of the following media types [@RFC2046] in -the "Media Types" registry [@IANA.MediaTypes] in the manner described +the ["Media Types" registry](https://www.iana.org/assignments/media-types/media-types.xhtml#application) in the manner described in [@RFC6838]. To indicate that the content of a JWS is a Wallet Instance Attestation: From 6ca552fc66a0576eb9e41cc3b7baa0d99afdda95 Mon Sep 17 00:00:00 2001 From: Giuseppe De Marco Date: Sat, 6 Jan 2024 17:10:02 +0100 Subject: [PATCH 5/8] Apply suggestions from code review - Torsten's Co-authored-by: Torsten Lodderstedt --- draft-oid4vc-haip-sd-jwt-vc.md | 9 +++------ 1 file changed, 3 insertions(+), 6 deletions(-) diff --git a/draft-oid4vc-haip-sd-jwt-vc.md b/draft-oid4vc-haip-sd-jwt-vc.md index 1a20085..d00918d 100644 --- a/draft-oid4vc-haip-sd-jwt-vc.md +++ b/draft-oid4vc-haip-sd-jwt-vc.md @@ -287,7 +287,7 @@ The following additional Credential Issuer metadata are defined for this Credent * `vct`: REQUIRED. JSON string designating the type of a credential as defined in [@!I-D.ietf-oauth-sd-jwt-vc], Section 4.2.2.1. * `claims`: OPTIONAL. A JSON object containing a list of name/value pairs, where each name identifies a claim offered in the Credential. The value can be another such object (nested data structures), or an array of such objects. To express the specifics about the claim, the most deeply nested value MAY be a JSON object that includes a following non-exhaustive list of parameters defined by this specification: * `mandatory`: OPTIONAL. Boolean which when set to `true` indicates the claim MUST be present in the issued Credential. If the `mandatory` property is omitted its default should be assumed to be `false`. - * `value_type`: OPTIONAL. String value determining type of value of the claim. A non-exhaustive list of valid values defined by this specification are `string`, `number`, and image media types such as `image/jpeg` as defined in [IANA media type registry for images](https://www.iana.org/assignments/media-types/media-types.xhtml#image). + *`value_type`: OPTIONAL. String value determining type of value of the claim. A non-exhaustive list of valid values defined by this specification are `string`, `number`, and image media types such as `image/jpeg` as defined in IANA media type registry for images (https://www.iana.org/assignments/media-types/media-types.xhtml#image). * `display`: OPTIONAL. An array of objects, where each object contains display properties of a certain claim in the Credential for a certain language. Below is a non-exhaustive list of valid parameters that MAY be included: * `name`: OPTIONAL. String value of a display name for the claim. * `locale`: OPTIONAL. String value that identifies language of this object represented as language tag values defined in BCP47 [@!RFC5646]. There MUST be only one object for each language identifier. @@ -374,9 +374,6 @@ Note: When using this profile with other cryptosuites, it is recommended to be e `iat` and `exp` JWT claims express both the validity period of both the signature and the claims about the subject, unless there is a separate claim used to express the validity of the claims. -# Security Considerations - -TBD. ## Media Type Registration @@ -384,13 +381,13 @@ This section requests registration of the following media types [@RFC2046] in the ["Media Types" registry](https://www.iana.org/assignments/media-types/media-types.xhtml#application) in the manner described in [@RFC6838]. -To indicate that the content of a JWS is a Wallet Instance Attestation: +To indicate that the content of a JWS is a Wallet Attestation: * Type name: application * Subtype name: wallet-attestation+jwt * Required parameters: n/a * Optional parameters: n/a - * Encoding considerations: binary; A JWT-based Wallet Instance Attestation object is a JWT; JWT values are encoded as a series of base64url-encoded values (some of which may be the empty string) separated by period ('.') characters. + * Encoding considerations: binary; A JWT-based Wallet Attestation object is a JWT; JWT values are encoded as a series of base64url-encoded values (some of which may be the empty string) separated by period ('.') characters. * Security considerations: See (#security-considerations) of [[ this specification ]] * Interoperability considerations: n/a * Published specification: [[ this specification ]] From e9c664cb5904099bd1cb3cc4ce99c7921512cc26 Mon Sep 17 00:00:00 2001 From: Giuseppe De Marco Date: Sat, 6 Jan 2024 17:10:21 +0100 Subject: [PATCH 6/8] Apply suggestions from code review --- draft-oid4vc-haip-sd-jwt-vc.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/draft-oid4vc-haip-sd-jwt-vc.md b/draft-oid4vc-haip-sd-jwt-vc.md index d00918d..6778221 100644 --- a/draft-oid4vc-haip-sd-jwt-vc.md +++ b/draft-oid4vc-haip-sd-jwt-vc.md @@ -287,7 +287,7 @@ The following additional Credential Issuer metadata are defined for this Credent * `vct`: REQUIRED. JSON string designating the type of a credential as defined in [@!I-D.ietf-oauth-sd-jwt-vc], Section 4.2.2.1. * `claims`: OPTIONAL. A JSON object containing a list of name/value pairs, where each name identifies a claim offered in the Credential. The value can be another such object (nested data structures), or an array of such objects. To express the specifics about the claim, the most deeply nested value MAY be a JSON object that includes a following non-exhaustive list of parameters defined by this specification: * `mandatory`: OPTIONAL. Boolean which when set to `true` indicates the claim MUST be present in the issued Credential. If the `mandatory` property is omitted its default should be assumed to be `false`. - *`value_type`: OPTIONAL. String value determining type of value of the claim. A non-exhaustive list of valid values defined by this specification are `string`, `number`, and image media types such as `image/jpeg` as defined in IANA media type registry for images (https://www.iana.org/assignments/media-types/media-types.xhtml#image). + * `value_type`: OPTIONAL. String value determining type of value of the claim. A non-exhaustive list of valid values defined by this specification are `string`, `number`, and image media types such as `image/jpeg` as defined in IANA media type registry for images (https://www.iana.org/assignments/media-types/media-types.xhtml#image). * `display`: OPTIONAL. An array of objects, where each object contains display properties of a certain claim in the Credential for a certain language. Below is a non-exhaustive list of valid parameters that MAY be included: * `name`: OPTIONAL. String value of a display name for the claim. * `locale`: OPTIONAL. String value that identifies language of this object represented as language tag values defined in BCP47 [@!RFC5646]. There MUST be only one object for each language identifier. From c51613a469e8fa85c2e000eebe0ae5499cad7990 Mon Sep 17 00:00:00 2001 From: Giuseppe De Marco Date: Sat, 6 Jan 2024 17:11:24 +0100 Subject: [PATCH 7/8] Apply suggestions from code review --- draft-oid4vc-haip-sd-jwt-vc.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/draft-oid4vc-haip-sd-jwt-vc.md b/draft-oid4vc-haip-sd-jwt-vc.md index 6778221..8457120 100644 --- a/draft-oid4vc-haip-sd-jwt-vc.md +++ b/draft-oid4vc-haip-sd-jwt-vc.md @@ -388,7 +388,7 @@ To indicate that the content of a JWS is a Wallet Attestation: * Required parameters: n/a * Optional parameters: n/a * Encoding considerations: binary; A JWT-based Wallet Attestation object is a JWT; JWT values are encoded as a series of base64url-encoded values (some of which may be the empty string) separated by period ('.') characters. - * Security considerations: See (#security-considerations) of [[ this specification ]] + * Security considerations: See (#wallet-attestation-schema) of [[ this specification ]] * Interoperability considerations: n/a * Published specification: [[ this specification ]] * Applications that use this media type: Applications using [[ this specification ]] for issuing and validating Wallet Instance Attestations. From 96a3b80243921d7adbe6a3f72160d9333f28584e Mon Sep 17 00:00:00 2001 From: Giuseppe De Marco Date: Thu, 1 Feb 2024 11:18:13 +0100 Subject: [PATCH 8/8] kristina proposed to move & with & Co-authored-by: Kristina <52878547+Sakurann@users.noreply.github.com> --- draft-oid4vc-haip-sd-jwt-vc.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/draft-oid4vc-haip-sd-jwt-vc.md b/draft-oid4vc-haip-sd-jwt-vc.md index 8457120..34b66d9 100644 --- a/draft-oid4vc-haip-sd-jwt-vc.md +++ b/draft-oid4vc-haip-sd-jwt-vc.md @@ -396,7 +396,7 @@ To indicate that the content of a JWS is a Wallet Attestation: * Additional information: * File extension(s): n/a * Macintosh file type code(s): n/a - * Person & email address to contact for further information: Torsten Lodderstedt, torsten@lodderstedt.net + * Person & email address to contact for further information: Torsten Lodderstedt, torsten@lodderstedt.net * Intended usage: COMMON * Restrictions on usage: none * Author: Torsten Lodderstedt