IT-Wallet System Technical Specifications

This document provides the technical architecture, implementation framework and design requirements to be adopted by the IT-Wallet System Technical Solutions.

Index of content

• Introduction
  • Scope
• Normative References
• Defined Terms and Acronyms
  • Acronyms
• Normative Language and Conventions
• The Digital Identity Wallet Paradigm
• Design Principles
• IT-Wallet System Brand Identity
  • Naming
  • Visual Identity
    • Logo
    • Trust Mark
    • Components
    • Authentication Button
• Functionalities
  • Activation of the Wallet Instance
  • Issuance of Electronic Attestations of Attributes
    • Layout of Electronic Attestations
  • Presentation of Electronic Attestations
    • Proximity Presentation
    • Remote Presentation
  • Management of Electronic Attestations
    • Status of Electronic Attestations
    • History of Electronic Attestations
    • Backup and Restore of Electronic Attestation of Attributes
  • Deactivation of the Wallet Instance
  • Error Management
  • Activation of the Wallet Instance Errors
  • Issuance of Electronic Attestations of Attributes Errors
  • Presentation of Electronic Attestations Errors
  • Management of Electronic Attestations Errors
  • Deactivation of the Wallet Instance Errors
  • User Assistance
  • User Feedback
• The Infrastructure of Trust
  • Federation Roles
  • General Properties
  • Trust Infrastructure Requirements
  • Federation API endpoints
  • Configuration of the Federation
  • Entity Configuration
    • Entity Configurations Common Parameters
    • Entity Configuration Trust Anchor
    • Entity Configuration Leaves and Intermediates
    • Metadata Types
  • Metadata of federation_entity Leaves
  • Subordinate Statements
    • Subordinate Statement
  • Trust Evaluation Mechanism
    • Establishing Trust with Credential Issuers
    • Establishing Trust with Relying Party
    • Evaluating Trust with Wallets
    • Trust Chain
    • Offline Trust Attestation Mechanisms
  • Trust Chain Fast Renewal
  • Non-repudiability of the Long Lived Attestations
  • X.509 PKI
    • Federation Trust Anchor and X.509 CA
    • X.509 Certificates Issuance
    • X.509 Certificate Revocation
  • Privacy Remarks
  • Considerations about Decentralization
• Wallet Solution
  • Wallet Solution Requirements
    • Wallet Attestation Requirements
    • WSCD Requirements
  • Wallet Instance
    • Wallet Instance Lifecycle
    • Wallet Instance Lifecycle Management
  • Wallet Instance Functionalities
    • Wallet Instance Initialization and Registration
    • Wallet Attestation Issuance
    • Wallet Instance Revocation
    • User's Attributes Deletion
  • Wallet Provider Endpoints
    • Federation Endpoint
    • Nonce Endpoint
    • Wallet Instance Management Endpoint
    • Wallet Attestation Issuance Endpoint
• Issuer Solution
  • Requirements
  • Component Details
    • Frontend Component
    • Credential Issuer Component
    • Authorization Server
    • Relying Party Component
    • API Interface
    • Credential Lifecycle Management
    • Trust & Security Component
  • Interaction Patterns
  • Exposed Endpoints
    • Federation Endpoints
    • Credential Issuer Component Endpoints
• Relying Party Solution
  • Relying Party Solution Requirements
  • Relying Party Instance
    • Mobile Relying Party Instance
    • Web Relying Party Instance
  • Relying Party Endpoints
    • Relying Party Federation Endpoint
    • Relying Party Nonce Endpoint
    • Relying Party Instance Initialization Endpoint
    • Relying Party Key Binding Endpoint
    • Relying Party Access Certificate Endpoint
    • Relying Party Erasure Endpoint
• PID/(Q)EAA Data Model
  • SD-JWT-VC Credential Format
    • PID/(Q)EAA SD-JWT Parameters
    • Digital Credential Metadata Type
    • PID Claims
    • PID Non-Normative Examples
    • (Q)EAA non-normative Examples
  • mdoc-CBOR Credential Format
    • Attribute Namespaces
    • Attributes
    • Mobile Security Object
    • mdoc-CBOR Examples
    • CBOR Acronyms
  • Cross-Format Credential Parameters Mapping
• Digital Credentials Catalogue
  • Digital Credentials Categories
  • Digital Credentials Catalogue Structure
  • Claims Taxonomy
  • Digital Credentials Catalogue Endpoint
    • Digital Credentials Catalogue Request
    • Digital Credentials Catalogue Response
• PID/(Q)EAA Issuance
  • High-Level PID flow
  • High-Level (Q)EAA flow
  • Low-Level Issuance Flow
  • Refresh Token Flow
    • Security Considerations
  • Re-Issuance Flow
    • Security Considerations
  • Credential Offer Endpoint
    • Credential Offer
    • Credential Offer Response
  • Pushed Authorization Request Endpoint
    • Pushed Authorization Request (PAR) Request
    • Pushed Authorization Request (PAR) Response
  • Authorization endpoint
    • Authorization Request
    • Authorization Response
  • Token endpoint
    • Token Request
    • Token Response
    • Access Token
    • Refresh Token
  • Nonce endpoint
    • Nonce Request
    • Nonce Response
  • Credential endpoint
    • Credential Request
    • Credential Response
  • Deferred Endpoint
    • Deferred Request
    • Deferred Response
  • Notification endpoint
    • Notification Request
    • Notification Response
• PID/(Q)EAA Presentation
  • Remote Flow
    • Authorization Request
    • Request URI Request
    • Request URI Response
    • Authorization Response
    • Relying Party Response
    • Status Endpoint
    • Redirect URI
  • Proximity Flow
    • Device Engagement
    • mdoc Request
    • mdoc Response
    • Session Termination
• Digital Credential Lifecycle
  • Credential Transitions
    • Credential Transition to Issued
    • Credential Transition to Valid
    • Credential Transition to Expired
    • Credential Transition to Revoked
    • Credential Transition to Suspended
  • Credential Lifecycle Management
  • Digital Credential Revocation and Suspension
    • Entities Involved
    • Status Update Flows
  • Validity Verification Mechanisms
    • OAuth Status Assertions
    • OAuth Status Lists
• Authentic Sources
  • e-Service PDND
    • Requirements and Security Patterns
  • PDND Voucher Issuance
    • PDND Voucher for e-Service
    • PDND Voucher for Interoperability API
    • PDND Authorization Server Endpoint
  • Key Retrieval
    • PDND Authorization Server Keys
    • PDND Authorization Server .well-known Endpoint
    • Participants' Keys
    • PDND Interoperability API Endpoint
  • e-Service Usage
    • e-Service Usage Prerequisites
    • e-Service Usage Flow
    • e-Service Endpoint
  • e-Service PDND Catalogue
    • Credential Issuer Catalogue
    • Authentic Source Catalogue
    • Wallet Provider Catalogue
• Backup and Restore
  • Backup Flow
  • Restore flow for Hardware Binding Credential
• Cryptographic Algorithms
• Security and Privacy Considerations
  • Security Requirements
    • SR-CF-10 and SR-E-10
    • SR-CF-20
    • SR-CF-21
    • SR-E-20
    • SR-E-30
    • SR-E-40
    • SR-I-10
    • SR-I-20
    • SR-I-30
    • SR-I-40
    • SR-I-50
    • SR-P-20
    • SR-P-30
    • SR-P-40
    • SR-P-41
    • SR-P-50
    • SR-V-10
    • SR-V-20
    • SR-W-20
    • SR-W-30
  • Privacy Requirements
    • PR-CF-30
    • PR-CF-40
    • PR-E-60
    • PR-E-70
    • PR-W-40
    • PR-W-60
    • PR-W-70
  • Security and Privacy Requirements
    • SPR-E-50
    • SPR-P-10
    • SPR-P-60
    • SPR-P-70
    • SPR-P-80
    • SPR-W-50
• General Log Retention Policies
  • ISO/IEC 27001 Logging General Requirements
    • Wallet Provider Log Retention Policy
    • Credential Issuer Log Retention Policy
    • Relying Party Log Retention Policy
    • Wallet Instances Logging Features
• Technical References
  • Wallet Paradigm Frameworks
  • Infrastructure of Trust
  • Digital Credential Data Format
  • Digital Credential Issuance
  • Digital Credential Presentation
  • Digital Credential Revocation Check Mechanisms
  • National Data Interoperability Platform Specifications
  • National Digital Identity Platform Specifications
  • Security and Protection Profiles
• Test Plans
  • Structure of the Test Matrix
  • Signed Statements Evaluation Test Matrix
  • Trust Evaluation Test Matrix
  • Wallet Solution Test Matrix
  • Credential Issuance Test Matrix
  • Credential Presentation Test Matrix
    • Remote Credential Presentation Test Matrix
    • Proximity Credential Presentation Test Matrix
• How to contribute
  • Acknowledgements
• Open Source Releases for IT-Wallet Solutions
  • Wallet Providers
  • Credential Issuers
  • Relying Parties
  • Responsible Disclosure