Wallet Instance Attestation¶
The Wallet Instance Attestation is data containing details about the Wallet Provider, the Wallet Solution, the Wallet Instance, and the device's security level where the Wallet Instance is installed. It generally attests the authenticity, integrity, security, privacy, and trust of a specific Wallet Instance. The Wallet Instance Attestation MUST contain the Wallet Instance public key.
General Properties¶
The objectives include:
Ensuring that the Wallet Instance maintains a level of integrity that is capable of preventing any manipulation or forgery attempts by unauthorized third parties.
Having the Wallet Provider issue a certificate of conformity to assure that the previously mentioned security and trust objectives are fulfilled.
To meet these requirements, it is necessary for each Wallet Instance to issue an attestation of conformity, guaranteeing its security and compliance with the Trust Model.
This verifiable attestation, called Wallet Instance Attestation, must be electronically signed by its issuer.
Hint
Given that the Wallet Instance does not represent an accredited entity and does not belong to an organization but resides on the User's device, the Trust Model, based on sustainability and scalability criteria, must delegate the task of issuing the Wallet Instance Attestation to the Wallet Provider.
Requirements¶
The following requirements are assumed for the Wallet Instance Attestation:
Efficiency: The Wallet Instance Attestation should use an efficient format like JSON Web Token (JWT) for light and fast data management, and compliance with various formats used for eudiw solutions.
Simplicity: The Wallet Provider should be based on a REST architecture for issuing Wallet Instance Attestations.
Public key holder binding: The Wallet Instance Attestation must be securely linked to the Wallet Instance public key.
Issued and signed by an accredited Wallet Provider: The Wallet Instance Attestation must be issued and signed by an accredited and reliable Wallet Provider, thereby providing integrity and authenticity to the attestation.
Authenticity/Genuineness of the Wallet Instance: The Wallet Instance Attestation must ensure the integrity and authenticity of the Wallet Instance, verifying that it was accurately created and provided by the Wallet Provider. ⚠️
Ability to request multiple claims for several public keys: Each Wallet Instance should be able to request multiple attestations for different public keys associated with it. This requirement provides a privacy-preserving measure, as the public key could be used as a tracking tool in the credentials’ disclosure phase (also see point 10 below).
Reusability: The Wallet Instance Attestation should be usable multiple times during the validity period of the attestation, allowing for repeated authentication and authorization without the need to request new attestations with each interaction.
Expiration: The Wallet Instance Attestation should have a well-defined expiration date, after which it will no longer be considered valid, thereby ensuring the security and updating of attestations over time.
Revocation in case of loss/deletion of the private key: If the private key associated with the Wallet Instance is lost or deleted, the attestation automatically becomes invalid to prevent unauthorized use of the Wallet Instance. ⚠️
Pseudonymisation: The attestations are designed to be pseudonymised (i.e., they do not contain direct references to the person, making it impossible to identify them in the absence of additional information - see art. 4(5) GDPR for a comprehensive definition). Without such a measure, the use of the attestation on multiple RPs would pose a significant risk, as it would theoretically allow the RPs to merge databases and track Users. This requirement enhances the measures adopted according to
art. 32 GDPR.
Attention
⚠️ Implementation of points no. 5 and 9 is still under discussion. This version assumes the authenticity and non-revocability of the Wallet Instance.
High-end design¶
Static view of the components¶
Dynamic view of the components¶
This section describes the format of the Wallet Instance Attestation and how it is issued by the Wallet Provider.
Message 1: The User initializes the Wallet Instance. In particular, this process happens after the Wallet Instance installation and after the expiration of the Wallet Instance Attestation is launched and every time the User wants to request or present a credential.
Message 2-3: The Wallet Instance obtains metadata about its Wallet Provider. Among these, we also find the list of supported algorithms, public keys, endpoints.
Message 4: The Wallet Instance verifies that the Wallet Provider is trustworthy by resolving the provider's trust chain up to the Trust Anchor.
Message 5-7: The Wallet Instance creates a new key pair and requests a
noncefrom the Wallet Provider (as a measure against replay attacks).Message 8: The Wallet Instance generates a Wallet Instance Attestation Request, in JWS format, signed with the private key associated with the public key for which it wants to obtain the attestation.
Message 9-13: The Wallet Instance sends the Wallet Instance Attestation Request to the Wallet Provider which verifies its validity and issues the signed attestation.
Message 13-14:The Wallet Instance receives the Wallet Instance Attestation signed by the Wallet Provider and proceeds with a formal verification.
Message 15:The Wallet Instance Attestation is ready to be consumed.
Detail design¶
We will go into the detail design below.
Format of the Wallet Provider Entity Configuration¶
The Wallet Provider Entity Configuration is a JWS containing the public keys and the supported algorithms within the Wallet Provider metadata definition. It is defined according to OpenID Connect Federation and Section Trust Model of this specification.
Header¶
key |
value |
alg |
Algorithm to verify the token signature (es. ES256). |
kid |
Thumbprint of the public key used for signing. |
typ |
Media type, in this case, we use the entity-statement+jwt value. |
Payload¶
key |
value |
iss |
The public url of the Wallet Provider. |
sub |
The public url of the Wallet Provider. |
iat |
Configuration release timestamp. |
exp |
Configuration expiration timestamp. |
jwks |
Containing the keys attribute which is an array of all the public keys associated with the domain (they could also match those of the Wallet Provider). |
metadata |
This attribute will contain for
each entity its own
metadata. In this case we
will have the Wallet
Provider metadata contained within
the |
Payload eudi_wallet_provider¶
key |
value |
jwks
|
Containing the keys attribute
which is an array of all the
Wallet Provider's public keys.
|
token_endpoint
|
Endpoint for obtaining the Wallet
Instance Attestation.
|
asc_values_supported
|
List of supported values for
the certified security context.
These values define a level of
assurance about the security of
the app. In particular we will
mainly have 3 values associated
with low, medium and high
security. An attested security
context is defined according to
the proof that the Wallet
Instance is able to send to the
Wallet Provider.
⚠️ This parameter is not standard
and is still under discussion.
|
grant_types_supported
|
The type of grants supported by
the endpoint token. Therefore,
for the Wallet Provider the token
is equivalent only to the Wallet
Instance attestation, therefore
this attribute will contain an
array with only one element.
|
token_endpoint_auth_methods_suppo
rted
|
Supported authentication method
for the endpoint token.
|
token_endpoint_auth_signing_alg_v
alues_supported
|
List of supported signature
algorithms.
|
Note
The parameter asc_values_supported is experimental and still under discussion.
Payload federation_entity¶
key |
value |
organization_name |
Organization name. |
homepage_uri |
Organization website. |
tos_uri |
Url to the terms of use. |
policy_uri |
Url to the privacy policy. |
logo_uri |
URL of the organization logo. |
Below a non-normative example of the Entity Configuration.
{
"alg": "ES256",
"kid": "5t5YYpBhN-EgIEEI5iUzr6r0MR02LnVQ0OmekmNKcjY",
"typ": "entity-statement+jwt"
}
.
{
"iss": "https://wallet-provider.example.org",
"sub": "https://wallet-provider.example.org",
"jwks": {
"keys": [
{
"crv": "P-256",
"kty": "EC",
"x": "qrJrj3Af_B57sbOIRrcBM7br7wOc8ynj7lHFPTeffUk",
"y": "1H0cWDyGgvU8w-kPKU_xycOCUNT2o0bwslIQtnPU6iM",
"kid": "5t5YYpBhN-EgIEEI5iUzr6r0MR02LnVQ0OmekmNKcjY"
}
]
},
"metadata": {
"eudi_wallet_provider": {
"jwks": {
"keys": [
{
"crv": "P-256",
"kty": "EC",
"x": "qrJrj3Af_B57sbOIRrcBM7br7wOc8ynj7lHFPTeffUk",
"y": "1H0cWDyGgvU8w-kPKU_xycOCUNT2o0bwslIQtnPU6iM",
"kid": "5t5YYpBhN-EgIEEI5iUzr6r0MR02LnVQ0OmekmNKcjY"
}
]
},
"token_endpoint": "https://wallet-provider.example.org/token",
"asc_values_supported": [
"https://wallet-provider.example.org/LoA/basic",
"https://wallet-provider.example.org/LoA/medium",
"https://wallet-provider.example.org/LoA/high"
],
"grant_types_supported": [
"urn:ietf:params:oauth:client-assertion-type:jwt-key-attestation"
],
"token_endpoint_auth_methods_supported": [
"private_key_jwt"
],
"token_endpoint_auth_signing_alg_values_supported": [
"ES256",
"ES384",
"ES512"
]
},
"federation_entity": {
"organization_name": "PagoPa S.p.A.",
"homepage_uri": "https://wallet-provider.example.org",
"policy_uri": "https://wallet-provider.example.org/privacy_policy",
"tos_uri": "https://wallet-provider.example.org/info_policy",
"logo_uri": "https://wallet-provider.example.org/logo.svg"
}
},
"iat": 1687171759,
"exp": 1709290159
}
Format of the Wallet Instance Attestation Request¶
To obtain a Wallet Instance Attestation from the Wallet
Provider it is necessary to send a Wallet Instance Attestation
Request from the Wallet Instance containing the associated public key
and a nonce previously requested to avoid replay attacks.
Header¶
key |
value |
alg |
Algorithm to verify the token signature (es. ES256) |
kid |
Key id of the Wallet Instance |
typ |
Media type, in this case we use the value var+jwt (Verifiable Assertion Request JWT) |
Payload¶
key |
value |
iss
|
The thumbprint
of the JWK of the Wallet Instance
for which the attestation is
being requested.
|
sub
|
The public url of the Wallet
Provider
|
jti
|
Unique identifier of the request.
This parameter will be used to
avoid replay attacks.
|
type
|
String. It must be set to
WalletInstanceAttestationRequest |
cnf
|
This parameter will contain the
configuration of the Wallet
Instance in JSON format. Among
the mandatory attributes there
will be the jwk parameter
containing the public key of the
Wallet Instance. It will also
contain all the information
useful for the Wallet Provider
to verify that the app is genuine.
|
Below a non-normative example of the Wallet Instance Attestation request where the decoded JWS headers and payload are separated by a comma:
{
"alg": "ES256",
"kid": "vbeXJksM45xphtANnCiG6mCyuU4jfGNzopGuKvogg9c",
"typ": "var+jwt"
}
.
{
"iss": "vbeXJksM45xphtANnCiG6mCyuU4jfGNzopGuKvogg9c",
"sub": "https://wallet-provider.example.org",
"jti": "6ec69324-60a8-4e5b-a697-a766d85790ea",
"type": "WalletInstanceAttestationRequest",
"cnf": {
"jwk": {
"crv": "P-256",
"kty": "EC",
"x": "4HNptI-xr2pjyRJKGMnz4WmdnQD_uJSq4R95Nj98b44",
"y": "LIZnSB39vFJhYgS3k7jXE4r3-CoGFQwZtPBIRqpNlrg",
"kid": "vbeXJksM45xphtANnCiG6mCyuU4jfGNzopGuKvogg9c"
}
},
"iat": 1686645115,
"exp": 1686652315
}
Whose corresponding JWS is verifiable through the public key of the Wallet Instance present.
Format of the Wallet Instance Attestation¶
A JWT was chosen as the format for the Wallet Instance Attestation. Let's see below the various fields that compose it.
Header¶
key |
value |
alg |
Algorithm to verify the token signature (es. ES256). |
kid |
Key id used by the Wallet Provider to sign the attestation. |
typ |
Media type, in this case we use the value va+jwt (Verifiable Assertion JWT). This parameter is currently non-standard as it is not yet registered as IANA Media Types. |
x5c |
Array containing the X.509 certificate (and the entire chain of certificates) used to certify the public key of the issuer. |
trust_chain |
Array containing the JWS of the trust chain relating to its issuer (Wallet Provider). |
Payload¶
key |
value |
iss
|
The public url of the Wallet
Instance attestation issuer. See
the example below in this section.
|
sub
|
The public url of the issuer
concatenated with the thumbprint
of the JWK of the Wallet Instance
for which the attestation is
being issued.
|
iat
|
Unix timestamp of attestation
issuance time.
|
exp
|
Unix timestamp regarding the
expiration date time.
A good practice to avoid security
problems is to have a limited
duration of the attestation.
|
type
|
String:
"WalletInstanceAttestation".
|
policy_uri
|
Url to the privacy policy
of the wallet.
|
tos_uri
|
Url to the terms
of use of the Wallet Provider.
|
logo_uri
|
Logo url of the Wallet Provider.
|
asc
|
Attested security context:
Represents a level of "trust" of
the service containing a Level Of
Agreement defined in the metadata
of the Wallet Provider.
|
cnf
|
This parameter contains the
jwkparameter
with the public key of the Wallet
necessary for the holder binding.
|
authorization_endpoint
|
URL of the OP's OAuth 2.0
Authorization Endpoint.
|
response_types_supported
|
JSON array containing a list of
the OAuth 2.0 response_type values
that this OP supports.
|
vp_formats_supported
|
JSON object containing
jwt_vp_json and jwt_vc_jsonsupported algorithms array.
|
request_object_signing
_alg_values_supported
|
JSON array containing a list of the
JWS signing algorithms (alg values)
supported by the OP for Request Objects.
|
presentation_definition
_uri_supported
|
Boolean value specifying whether the
Wallet Instance supports the transfer of
presentation_definition by
reference, with true indicating support.
|
Note
The claim asc (Attested Security Context) is under discussion
and must be intended as experimental.
Signature¶
The Wallet Instance Attestation JWS is signed using the private key of the Wallet Provider.
Below is an example of Wallet Instance Attestation:
{
"alg": "ES256",
"kid": "5t5YYpBhN-EgIEEI5iUzr6r0MR02LnVQ0OmekmNKcjY",
"trust_chain": [
"eyJhbGciOiJFUz...6S0A",
"eyJhbGciOiJFUz...jJLA",
"eyJhbGciOiJFUz...H9gw",
],
"typ": "va+jwt",
"x5c": ["MIIBjDCC ... XFehgKQA=="]
}
.
{
"iss": "https://wallet-provider.example.org",
"sub": "vbeXJksM45xphtANnCiG6mCyuU4jfGNzopGuKvogg9c",
"type": "WalletInstanceAttestation",
"policy_uri": "https://wallet-provider.example.org/privacy_policy",
"tos_uri": "https://wallet-provider.example.org/info_policy",
"logo_uri": "https://wallet-provider.example.org/logo.svg",
"asc": "https://wallet-provider.example.org/LoA/basic",
"cnf":
{
"jwk":
{
"crv": "P-256",
"kty": "EC",
"x": "4HNptI-xr2pjyRJKGMnz4WmdnQD_uJSq4R95Nj98b44",
"y": "LIZnSB39vFJhYgS3k7jXE4r3-CoGFQwZtPBIRqpNlrg",
"kid": "vbeXJksM45xphtANnCiG6mCyuU4jfGNzopGuKvogg9c"
}
},
"authorization_endpoint": "eudiw:",
"response_types_supported": [
"vp_token"
],
"vp_formats_supported": {
"jwt_vp_json": {
"alg_values_supported": ["ES256"]
},
"jwt_vc_json": {
"alg_values_supported": ["ES256"]
}
},
"request_object_signing_alg_values_supported": [
"ES256"
],
"presentation_definition_uri_supported": false,
"iat": 1687281195,
"exp": 1687288395
}
Endpoints¶
The Wallet Provider that issues the Wallet Instance Attestations must make available a series of APIs in REST format that follow the OpenID Federation standard.
Metadata¶
A GET /.well-known/openid-federation endpoint for retrieving the Wallet Provider Entity Configuration.
Wallet Instance Attestation¶
A second POST /token endpoint that takes two parameters as input:
grant_type which in our case is a string:
urn:ietf:params:oauth:client-assertion-type:jwt-key-attestation
assertion which contains the signed JWT of the Wallet Instance Attestation
Request.
The response will then contain the Wallet Instance Attestation.