Credential Issuer Entity Configuration¶
The Credential Issuers, as Federation Entity, MUST adhere to the guidelines outlined in Section trust:Configuration of the Federation. Specifically, they MUST provide a well-known endpoint that hosts their Entity Configuration. The Entity Configuration of Credential Issuers MUST contain the parameters defined in the Sections trust:Entity Configuration Leaves and Intermediates and trust:Entity Configurations Common Parameters.
The Credential Issuers MUST provide, at least, the following metadata types:
federation_entity
oauth_authorization_server
openid_credential_issuer
In cases where the (Q)EAA Providers authenticate Users using their Wallet Instance, then the metadata for openid_credential_verifier MUST be provided in addition to the metadata above. In case a national eID scheme is used by the Credential Issuers for the User authentication, they MAY include a metadata for openid_relying_party within their Entity Configuration. The openid_relying_party metadata MUST be compliant with the Technical Specification SPID/CIE-OpenID-Connect-Specifications.
The federation_entity metadata MUST contain the parameters as defined in Section trust:Metadata of federation_entity Leaves.
The openid_credential_verifier metadata MUST contain the parameters as defined in Section Relying Party Entity Configuration.
Example of a (Q)EAA Provider Entity Configuration¶
Below is a non-normative example of an Entity Configuration of a (Q)EAA Provider containing a metadata for
federation_entity
oauth_authorization_server
openid_credential_issuer
openid_credential_verifier
{
"iat": 1718207217,
"exp": 1749743216,
"iss": "https://eaa-provider.example.org",
"sub": "https://eaa-provider.example.org",
"authority_hints": [
"https://trust-anchor.example.org"
],
"jwks": {
"keys": [
{
"kid": "FANFS3YnC9tjiCaivhWLVUJ3AxwGGz_98uRFaqMEEs",
"kty": "EC",
"crv": "P-256",
"x": "jE2RpcQbFQxKpMqehahgZv6smmXD0i/LTP2QRzMADk4",
"y": "qkMx5iqt5PhPu5tfctS6HsP+FmLgrxfrzUV2GwMQuh8"
}
]
},
"metadata": {
"federation_entity": {
"homepage_uri": "https://eaa-provider.example.org/",
"organization_name": "Organization Name",
"contacts": [
"informazioni@example.it",
"protocollo@pec.example.it"
],
"tos_uri": "https://eaa-provider.example.org/public/info_policy.html",
"policy_uri": "https://eaa-provider.example.org/public/privacy_policy.html",
"logo_uri": "https://eaa-provider.example.org/public/logo.svg"
},
"oauth_authorization_server": {
"issuer": "https://eaa-provider.example.org",
"pushed_authorization_request_endpoint": "https://eaa-provider.example.org/as/par",
"authorization_endpoint": "https://eaa-provider.example.org/authorize",
"token_endpoint": "https://eaa-provider.example.org/token",
"client_registration_types_supported": [
"automatic"
],
"code_challenge_methods_supported": [
"S256"
],
"acr_values_supported": [
"https://trust-registry.eid-wallet.example.it/loa/substantial",
"https://trust-registry.eid-wallet.example.it/loa/high"
],
"scopes_supported": [
"EuropeanDisabilityCard",
"mDL"
],
"response_modes_supported": [
"query"
],
"response_types_supported": [
"code"
],
"authorization_signing_alg_values_supported": [
"ES256",
"ES384",
"ES512"
],
"grant_types_supported": [
"authorization_code"
],
"token_endpoint_auth_methods_supported": [
"attest_jwt_client_auth"
],
"token_endpoint_auth_signing_alg_values_supported": [
"ES256",
"ES384",
"ES512"
],
"request_object_signing_alg_values_supported": [
"ES256",
"ES384",
"ES512"
],
"dpop_signing_alg_values_supported": [
"ES256",
"ES384",
"ES512"
],
"jwks": {
"keys": [
{
"kid": "f10aca0992694b3581f6f699bfc8a2c6cc687725",
"kty": "EC",
"crv": "P-256",
"x": "jE2RpcQbFQxKpMqehahgZv6smmXD0i/LTP2QRzMADk4",
"y": "qkMx5iqt5PhPu5tfctS6HsP+FmLgrxfrzUV2GwMQuh8"
}
]
}
},
"openid_credential_issuer": {
"credential_issuer": "https://eaa-provider.example.org",
"logo_uri": "https://eaa-provider.example.org/public/compact-logo.svg",
"credential_endpoint": "https://eaa-provider.example.org/credential",
"nonce_endpoint": "https://eaa-provider.example.org/nonce-endpoint",
"deferred_credential_endpoint": "https://eaa-provider.example.org/deferred-credential",
"revocation_endpoint": "https://eaa-provider.example.org/revoke",
"status_assertion_endpoint": "https://eaa-provider.example.org/status",
"notification_endpoint": "https://eaa-provider.example.org/notification",
"credential_hash_alg_supported": "sha-256",
"display": [
{
"name": "EAA Provider",
"locale": "it-IT"
},
{
"name": "EAA Provider",
"locale": "en-US"
}
],
"credential_configurations_supported": {
"dc_sd_jwt_EuropeanDisabilityCard": {
"format": "dc+sd-jwt",
"scope": "EuropeanDisabilityCard",
"cryptographic_binding_methods_supported": [
"jwk"
],
"credential_signing_alg_values_supported": [
"ES256",
"ES384",
"ES512"
],
"proof_types_supported": {
"jwt": {
"proof_signing_alg_values_supported": [
"ES256",
"ES384",
"ES512"
]
}
},
"vct": "urn:eudi:EuropeanDisabilityCard:it:1",
"schema_uri": "https://trust-registry.eid-wallet.example.it/.well-known/schemas/sd-jwt/EuropeanDisabilityCard",
"schema_uri#integrity": "sha256-c0d841be52cfc75b8da3295593eced2b9fca8197ee7e340199cd881a7bf61029",
"credential_metadata": {
"display": [
{
"name": "Carta della disabilità europea",
"locale": "it-IT"
},
{
"name": "European Disability Card",
"locale": "en-US"
}
],
"claims": [
{
"path": ["document_number"],
"display": [
{
"name": "Numero Documento",
"locale": "it-IT"
},
{
"name": "Document Number",
"locale": "en-US"
}
]
},
{
"path": ["given_name"],
"display": [
{
"name": "Nome",
"locale": "it-IT"
},
{
"name": "Name",
"locale": "en-US"
}
]
},
{
"path": ["family_name"],
"display": [
{
"name": "Cognome",
"locale": "it-IT"
},
{
"name": "Family Name",
"locale": "en-US"
}
]
},
{
"path": ["birth_date"],
"display": [
{
"name": "Data di Nascita (YYYY-MM-GG)",
"locale": "it-IT"
},
{
"name": "Date of Birth (YYYY-MM-GG)",
"locale": "en-US"
}
]
},
{
"path": ["personal_administrative_number"],
"display": [
{
"name": "Codice Fiscale",
"locale": "it-IT"
},
{
"name": "Tax Identification Number",
"locale": "en-US"
}
]
},
{
"path": ["expiry_date"],
"display": [
{
"name": "Data di Scadenza (YYYY-MM-GG)",
"locale": "it-IT"
},
{
"name": "Expiration Date (YYYY-MM-GG)",
"locale": "en-US"
}
]
},
{
"path": ["constant_attendance_allowance"],
"display": [
{
"name": "Diritto accompagnatore",
"locale": "it-IT"
},
{
"name": "Constant attendance allowance",
"locale": "en-US"
}
]
},
{
"path": ["portrait"],
"display": [
{
"name": "Foto codificata in base64",
"locale": "it-IT"
},
{
"name": "Portrait base64 encoded",
"locale": "en-US"
}
]
},
{
"path": ["link_qr_code"],
"display": [
{
"name": "Link QR Code",
"locale": "it-IT"
},
{
"name": "Link QR Code",
"locale": "en-US"
}
]
}
]
}
},
"dc_sd_jwt_mDL": {
"format": "dc+sd-jwt",
"scope": "mDL",
"cryptographic_binding_methods_supported": [
"jwk"
],
"credential_signing_alg_values_supported": [
"ES256",
"ES384",
"ES512"
],
"proof_types_supported": {
"jwt": {
"proof_signing_alg_values_supported": [
"ES256",
"ES384",
"ES512"
]
}
},
"vct": "urn:eudi:mDL:it:1",
"schema_uri": "https://trust-registry.eid-wallet.example.it/.well-known/schemas/sd-jwt/mDL",
"schema_uri#integrity": "sha256-0a03d9ffe11e39fd748585e433a962f223d7d14b0a49068ad52452bd0b021f63",
"credential_metadata": {
"display": [
{
"name": "Patente di guida",
"locale": "it-IT"
},
{
"name": "Mobile Driver's License",
"locale": "en-US"
}
],
"claims": [
{
"path": ["given_name"],
"display": [
{
"name": "Nome",
"locale": "it-IT"
},
{
"name": "First Name",
"locale": "en-US"
}
]
},
{
"path": ["family_name"],
"display": [
{
"name": "Cognome",
"locale": "it-IT"
},
{
"name": "Family Name",
"locale": "en-US"
}
]
},
{
"path": ["birth_date"],
"display": [
{
"name": "Data di nascita (YYYY-MM-GG)",
"locale": "it-IT"
},
{
"name": "Date of Birth (YYYY-MM-GG)",
"locale": "en-US"
}
]
},
{
"path": ["place_of_birth"],
"display": [
{
"name": "Luogo di Nascita",
"locale": "it-IT"
},
{
"name": "Place of Birth",
"locale": "en-US"
}
]
},
{
"path": ["issue_date"],
"display": [
{
"name": "Data di rilascio (YYYY-MM-GG)",
"locale": "it-IT"
},
{
"name": "Issue Date (YYYY-MM-GG)",
"locale": "en-US"
}
]
},
{
"path": ["expiry_date"],
"display": [
{
"name": "Data di scadenza (YYYY-MM-GG)",
"locale": "it-IT"
},
{
"name": "Expiry Date (YYYY-MM-GG)",
"locale": "en-US"
}
]
},
{
"path": ["issuing_country"],
"display": [
{
"name": "Paese di rilascio",
"locale": "it-IT"
},
{
"name": "Issuing Country",
"locale": "en-US"
}
]
},
{
"path": ["issuing_authority"],
"display": [
{
"name": "Autorità di rilascio",
"locale": "it-IT"
},
{
"name": "Issuing Authority",
"locale": "en-US"
}
]
},
{
"path": ["document_number"],
"display": [
{
"name": "Numero di documento",
"locale": "it-IT"
},
{
"name": "Document Number",
"locale": "en-US"
}
]
},
{
"path": ["portrait"],
"display": [
{
"name": "Foto codificata in base64",
"locale": "it-IT"
},
{
"name": "Portrait base64 encoded",
"locale": "en-US"
}
]
},
{
"path": ["driving_privileges"],
"display": [
{
"name": "Elenco delle categorie di abilitazione separate da spazio",
"locale": "it-IT"
},
{
"name": "Driving Privileges separated by space",
"locale": "en-US"
}
]
},
{
"path": ["restrictions_conditions"],
"display": [
{
"name": "Annotazioni/Restrizioni valide per tutte le categorie separate da spazio",
"locale": "it-IT"
},
{
"name": "Restriction/Condition for all driving privileges separated by space ",
"locale": "en-US"
}
]
},
{
"path": ["driving_privileges_details"],
"display": [
{
"name": "Dettagli delle categorie di abilitazione",
"locale": "it-IT"
},
{
"name": "Driving privilege details",
"locale": "en-US"
}
]
}
]
}
},
"mso_mdoc_mDL": {
"format": "mso_mdoc",
"scope": "mDL",
"doctype": "org.iso.18013.5.1.mDL",
"schema_uri": "https://trust-registry.eid-wallet.example.it/.well-known/schemas/mdoc/EuropeanDisabilityCard",
"schema_uri#integrity": "sha256-a3ab8478290565ccb9418c5a53d8a5fbcfb44545c3fa595425da594bf8391511",
"cryptographic_binding_methods_supported": [
"cose_key"
],
"credential_signing_alg_values_supported": [
"ES256",
"ES384",
"ES512"
],
"credential_metadata": {
"display": [
{
"name": "Patente di guida",
"locale": "it-IT"
},
{
"name": "Mobile Driver's License",
"locale": "en-US"
}
],
"claims": [
{
"path": ["org.iso.18013.5.1", "given_name"],
"display": [
{
"name": "Nome",
"locale": "it-IT"
},
{
"name": "First Name",
"locale": "en-US"
}
]
},
{
"path": ["org.iso.18013.5.1", "family_name"],
"display": [
{
"name": "Cognome",
"locale": "it-IT"
},
{
"name": "Family Name",
"locale": "en-US"
}
]
},
{
"path": ["org.iso.18013.5.1", "birth_date"],
"display": [
{
"name": "Data di nascita (YYYY-MM-GG)",
"locale": "it-IT"
},
{
"name": "Date of Birth (YYYY-MM-GG)",
"locale": "en-US"
}
]
},
{
"path": ["org.iso.18013.5.1", "birth_place"],
"display": [
{
"name": "Luogo di Nascita",
"locale": "it-IT"
},
{
"name": "Place of Birth",
"locale": "en-US"
}
]
},
{
"path": ["org.iso.18013.5.1", "issue_date"],
"display": [
{
"name": "Data di rilascio (YYYY-MM-GG)",
"locale": "it-IT"
},
{
"name": "Issue Date (YYYY-MM-GG)",
"locale": "en-US"
}
]
},
{
"path": ["org.iso.18013.5.1", "expiry_date"],
"display": [
{
"name": "Data di scadenza (YYYY-MM-GG)",
"locale": "it-IT"
},
{
"name": "Expiry Date (YYYY-MM-GG)",
"locale": "en-US"
}
]
},
{
"path": ["org.iso.18013.5.1", "issuing_country"],
"display": [
{
"name": "Paese di rilascio",
"locale": "it-IT"
},
{
"name": "Issuing Country",
"locale": "en-US"
}
]
},
{
"path": ["org.iso.18013.5.1", "issuing_authority"],
"display": [
{
"name": "Autorità di rilascio",
"locale": "it-IT"
},
{
"name": "Issuing Authority",
"locale": "en-US"
}
]
},
{
"path": ["org.iso.18013.5.1", "document_number"],
"display": [
{
"name": "Numero di documento",
"locale": "it-IT"
},
{
"name": "Document Number",
"locale": "en-US"
}
]
},
{
"path": ["org.iso.18013.5.1", "portrait"],
"display": [
{
"name": "Foto codificata in base64",
"locale": "it-IT"
},
{
"name": "Portrait base64 encoded",
"locale": "en-US"
}
]
},
{
"path": ["org.iso.18013.5.1", "driving_privileges"],
"display": [
{
"name": "Elenco delle categorie di abilitazione e relativi dettagli su restrizioni/condizioni",
"locale": "it-IT"
},
{
"name": "Driving Privileges and related restrictions/conditions details",
"locale": "en-US"
}
]
},
{
"path": ["org.iso.18013.5.1", "un_distinguishing_sign"],
"display": [
{
"name": "Codice identificativo della Nazione",
"locale": "it-IT"
},
{
"name": "Distinguishing sign of the issuing country",
"locale": "en-US"
}
]
}
]
}
}
},
"jwks": {
"keys": [
{
"kid": "f10aca0992694b3581f6f699bfc8a2c6cc687725",
"kty": "EC",
"crv": "P-256",
"x": "jE2RpcQbFQxKpMqehahgZv6smmXD0i/LTP2QRzMADk4",
"y": "qkMx5iqt5PhPu5tfctS6HsP+FmLgrxfrzUV2GwMQuh8"
}
]
},
"trust_frameworks_supported": [
"it_cie",
"it_wallet",
"eudi_wallet"
],
"evidence_supported": [
"vouch"
]
},
"openid_credential_verifier": {
## see relying party metadata section and endpoints
},
"jwks": {
"keys": [
{
"kid": "f10aca0992694b3581f6f699bfc8a2c6cc687725",
"kty": "EC",
"crv": "P-256",
"x": "jE2RpcQbFQxKpMqehahgZv6smmXD0i/LTP2QRzMADk4",
"y": "qkMx5iqt5PhPu5tfctS6HsP+FmLgrxfrzUV2GwMQuh8"
}
]
}
}
}
}