16.4.1.3. Wallet Provider Test Matrix¶
This section provides the set of test cases for verifying conformance of a Wallet Solution and Wallet Instance implementation to the technical rules defined in the IT-Wallet ecosystem. The test plan is based on the requirements extracted from the following Sections:
Note
The test cases in this list vary in scope. Some are intentionally written at a high level to confirm the success of complete user flows and the conformance of core architectural and interoperability principles, while others are atomic, targeting single, detailed requirements and verifying specific functional behavior.
16.4.1.3.1. Test Cases for Wallet Provider Backend¶
This section lists the test cases from Sections:
Test Case ID |
Purpose |
Description |
Expected Result |
---|---|---|---|
WP_001 |
Trust, Security |
Entity Configuration publication |
An HTTP GET request to the |
WP_002 |
Trust, Security |
Entity Configuration cryptography |
The Wallet Provider Entity Configuration is a signed JWT that conforms to OID-FED. |
WP_002a |
Trust, Interoperability |
Entity Configuration JWT |
The Entity Configuration JWT header contains an |
WP_002b |
Trust, Interoperability |
Entity Configuration JWT key identifier header parameter |
The Entity Configuration JWT header contains a |
WP_002c |
Trust, Interoperability |
Entity Configuration JWT type header parameter |
The Entity Configuration JWT header contains |
WP_002d |
Trust, Interoperability |
Entity Configuration issuer and subject payload claims |
The Entity Configuration JWT payload contains |
WP_002e |
Trust, Interoperability |
Entity Configuration validity |
The Entity Configuration JWT payload contains |
WP_002f |
Trust, Interoperability |
Entity Configuration authority hints |
The Entity Configuration JWT payload contains |
WP_002g |
Trust, Interoperability |
Entity Configuration signing keys |
The Entity Configuration JWT payload contains |
WP_002h |
Trust, Interoperability |
Entity Configuration metadata |
The Entity Configuration JWT payload contains a |
WP_003 |
Trust, Interoperability |
Metadata key usage |
The public keys in the metadata JSON Object are designated exclusively for signing and/or encryption when the entity acts as a Wallet Provider (e.g., for Wallet Attestations). |
WP_004 |
Trust, Interoperability |
Metadata key reference |
To reference public keys, the metadata JSON Object contains exactly one of the following claims: |
WP_004a |
Trust, Interoperability |
JWKS by value |
If |
WP_004b |
Trust, Interoperability |
JWKS by reference |
If |
WP_004c |
Trust, Interoperability |
Signed JWKS URI |
If |
WP_005 |
Trust, UX |
Portal 2FA enforcement |
The Wallet Provider portal correctly enforces two-factor authentication ( |
WP_006 |
Wallet Revocation, Security |
Portal Wallet Instances status view |
The Wallet Provider portal correctly allows Users to view the current status of all Wallet Instances linked to their account. |
WP_007 |
Wallet Revocation, Security |
User-initiated revocation trigger |
Wallet Provider implements and supports revocation requests initiated by Users via its portal. |
WP_007a |
Wallet Revocation, Security |
Portal instance revocation |
The Wallet Provider portal correctly allows Users to revoke a specific Wallet Instance or all Wallet Instances. |
WP_008 |
Wallet Revocation, Security |
PID Provider-initiated revocation trigger |
Wallet Provider implements and supports revocation requests triggered by PID Providers via the PDND Endpoint. |
WP_009 |
Wallet Revocation, Security |
Legal Authorities-initiated revocation trigger |
Wallet Provider implements and supports revocation requests triggered by Legal Authorities or Supervisory Bodies (e.g., illegal activities). |
WP_010 |
Trust, Interoperability |
Wallet Instance revocation mechanism |
When Wallet Provider triggers the revocation for a specific Wallet Instance at any time, that instance is terminated and can no longer perform any functions. |
WP_011 |
Trust, Security |
Wallet Instance integrity verification |
Wallet Provider periodically evaluates Wallet Instance's integrity, authenticity, and genuineness using the Play Integrity API (Android) or App Attest (iOS). |
WP_012 |
Lifecycle, Interoperability |
Backend component architecture |
The Wallet Provider Backend supports all the components (Frontend, API Interface, Wallet Instance Lifecycle Management, and Trust & Security) as shown in Figure of Wallet Solution High Level Architecture. |
16.4.1.3.2. Test Cases for Wallet Instance¶
This section lists the test cases from Sections:
Test Case ID |
Purpose |
Description |
Expected Result |
---|---|---|---|
WP_013 |
Lifecycle, Interoperability |
Frontend component architecture |
Wallet Instance supports all the components (User Interface, Lifecycle Management, Issuer, Presentation, Backup/Restore, and Secure Storage) as shown in Figure of Wallet Solution High Level Architecture. |
WP_014 |
Trust, Security |
WSCD implementation |
Wallet Instance exclusively uses the Local Internal WSCD for all required cryptographic operations, such as generating signatures and performing key management, to conform with the profile. |
WP_015 |
Lifecycle, UX |
Android/iOS compatibility |
Wallet Instance installs and operates with full functionality on both Android and iOS devices and is available on the Play Store and App Store. |
WP_016 |
Trust, Issuance, Interoperability |
Retrieve and maintain Trust Anchor metadata |
Wallet Instance fetches and refreshes the Trust Anchor’s Entity Configuration before use and keeps it up-to-date. |
WP_017 |
Trust, Issuance, Interoperability |
Validate Trust Anchor authenticity |
Wallet Instance compares out-of-band public keys to those in the Trust Anchor’s Entity Configuration and discards non-matching keys, logs discrepancies, and uses only matches. |
WP_018 |
Lifecycle, Trust, Security |
Periodic trust reestablishment |
Wallet Instance periodically and successfully obtains a fresh Wallet Attestation from its Wallet Provider. |
WP_019 |
Trust, Security |
Wallet Attestation content |
The Wallet Attestation contains all required claims and data points that attest to the device's integrity and security status. |
WP_019a |
Trust, Security |
No attestation for unverified Wallet Instances |
Wallet Provider rejects an attestation request from a Wallet Instance that fails authenticity, integrity, or genuineness checks. |
WP_019b |
Trust, Security |
Attestation-ephemeral key binding |
The Wallet Attestation contains a cryptographic binding to Wallet Instance’s ephemeral public key that is successfully verified. |
WP_020 |
Trust, Security |
Wallet Attestation signing |
The Wallet Attestation is signed by its authorized Wallet Provider, as officially listed by the overseeing Registration Authority. |
WP_021 |
Wallet Initialization / Registration, Lifecycle, Security |
Device security verification |
Wallet Instance prevents activation on a device that does not meet the Wallet Provider's defined minimum security requirements. |
WP_022 |
Wallet Initialization / Registration, Lifecycle, Security |
Key Attestation API availability |
Wallet Instance checks and confirms the availability of the platform's Key Attestation APIs (StrongBox/TEE or Secure Enclave/DeviceCheck). |
WP_023 |
Wallet Initialization / Registration, Wallet Attestation Issuance, Lifecycle, Trust |
Wallet Provider federation discovery |
Wallet Instance successfully uses Federation API endpoints ( |
WP_024 |
Wallet Initialization / Activation, Lifecycle, Security |
User consent |
During the Wallet initialization, Wallet Provider explicitly obtains the User’s consent before creating a User account. |
WP_025 |
Wallet Activation, Lifecycle, UX |
Wallet unlock method setup |
Wallet Instance prompts the User to set their preferred unlock method (PIN or biometric), and then successfully configures the chosen method. |
WP_026 |
Wallet Attestation Issuance, Lifecycle, Security |
Ephemeral key pair for attestation |
To perform a Wallet Attestation request, Wallet Instance successfully generates a new ephemeral asymmetric key pair. |
WP_027 |
Wallet Attestation Issuance, Lifecycle, Security |
Device security flaw verification |
Wallet Provider verifies the device meets its minimum security requirements and is free of known security flaws; if not, the Wallet Attestation Request is rejected. |
WP_028 |
Wallet Attestation Issuance, Lifecycle, Security |
Time-limited Wallet Attestation |
When no revocation check methods are supported, the Wallet Provider issues a Wallet Attestation with a defined expiration time and a short validity period. |
WP_029 |
Wallet Attestation Issuance, Data Model and Lifecycle, Interoperability |
HTTP 200 / JSON response envelope |
Upon successful validation of the Wallet Attestation Issuance Request, the Wallet Provider returns 200 OK with Content-Type: application/json, containing the Wallet Attestation as its structure defined in Wallet Attestation JWT. |
WP_029a |
Wallet Attestation Issuance, Data Model and Lifecycle, Security |
Multi-format Wallet Attestation |
Wallet Provider provides the Wallet Attestation in at least three formats (JWT, SD-JWT, and mdoc), each signed by the Wallet Provider, and confirming the structures defined in Wallet Attestation JWT, Wallet Attestation SD-JWT, and Wallet Attestation mdoc. |
WP_029b |
Wallet Attestation Issuance, Data Model and Lifecycle, Security |
No PII in Wallet Attestation |
The Wallet Attestation payload contains no personally identifiable information (PII) about the User. |
WP_030 |
Wallet Attestation Issuance, Lifecycle, Security |
Wallet Attestation integrity verification |
Wallet Instance verifies the signature of the received Wallet Attestation. |
WP_031 |
Wallet Attestation Issuance, Trust, Security |
Wallet Attestation trust verification |
Wallet Instance verifies and confirms that the Wallet Attestation issuer (i.e., Wallet Provider) is a trusted member of the Federation, before accepting the Wallet Attestation. |
WP_032 |
Wallet Revocation, Lifecycle, Security |
User-initiated revocation |
The User successfully initiates a revocation either through the Wallet Instance built-in revocation function or via an external user agent. |
WP_032a |
Wallet Revocation, Lifecycle, Interoperability |
User login to portal with 2FA |
To perform a Wallet Instance revocation, the User successfully logs into the Wallet Provider web portal with |
WP_032b |
Wallet Revocation, Lifecycle, UX |
User selection of a Wallet Instance to revoke |
The User views the status of all their linked Wallet Instances, and chooses one to be revoked. |
WP_033 |
Wallet Revocation, Lifecycle, Interoperability |
Wallet Instance Revocation Request |
Wallet Instance requests revocation of a specified instance by sending a Wallet Instance Revocation Request to the Wallet Instance Management Endpoint. |
WP_034 |
Wallet Revocation, Lifecycle, Security |
Timely revocation alerts |
Wallet Provider informs the User within 24 hours of a Wallet Instance revocation. |
WP_034a |
Wallet Revocation, Lifecycle, Security |
Out-of-band revocation alerts |
Wallet Provider notifies the User of a Wallet Instance revocation through an out-of-band channel (e.g., email or SMS). |
WP_034b |
Wallet Revocation, Lifecycle, Security |
Clear revocation notification with re-activation guidance |
The revocation notification clearly explains the reason for revocation and provides actionable steps for re-activation, if applicable. |
WP_035 |
Lifecycle, Security |
Error handling for Wallet Instance management |
When any error occurs during Wallet Instance Registration/Initialization flow, or during Status Retrieval and Revocation requests, Wallet Provider returns an error response to Wallet Instance that conforms to the standards defined in RFC 7231 (for HTTP status code) and RFC 7807 (for problem details). |
WP_035a |
Lifecycle, Interoperability |
Standard error response format |
The error response returned by the Wallet Provider includes a |
WP_036 |
Lifecycle, Interoperability |
Handling malformed requests (400) |
When a request is malformed or missing required parameters, Wallet Provider returns a response with the HTTP status code ( |
WP_037 |
Lifecycle, Interoperability |
Semantic validation error (422) |
When a request is well-formed but fails semantic validation, Wallet Provider returns an optional response with the HTTP status code ( |
WP_038 |
Lifecycle, Interoperability |
Internal server error (500) |
In the event of an unhandled internal failure, Wallet Provider returns a response with the HTTP status code ( |
WP_039 |
Lifecycle, Interoperability |
Service unavailable (503) |
When the service is temporarily offline or unable to handle requests, Wallet Provider returns a response with the HTTP status code ( |
WP_040 |
Wallet Initialization / Registration, Lifecycle, Interoperability |
Initialization failure (device integrity) |
When a Wallet Instance Initialization request comes from a device that does not meet the provider's security requirements, the provider returns a |
WP_041 |
Wallet Revocation, Lifecycle, Interoperability |
Unauthorized retrieval request (401) |
When a Wallet Instance status retrieval request is made without valid authentication credentials, Wallet Provider returns a response with the HTTP status code ( |
WP_042 |
Wallet Revocation, Lifecycle, Interoperability |
Forbidden retrieval request (403) |
When a User attempts to retrieve a Wallet Instance status they do not have permission for, Wallet Provider returns a response with the HTTP status code ( |
WP_043 |
Wallet Revocation, Lifecycle, Interoperability |
Unauthorized revocation request (401) |
When a Wallet Instance Revocation request is made without valid authentication credentials, Wallet Provider returns a response with the HTTP status code ( |
WP_044 |
Wallet Revocation, Lifecycle, Interoperability |
Forbidden revocation request (403) |
When a User attempts to revoke a Wallet Instance they do not have permission for, Wallet Provider returns a response with the HTTP status code ( |
16.4.1.3.3. Test Cases for Issuance Phase¶
This section lists the test cases from Sections:
Test Case ID |
Purpose |
Description |
Expected Result |
---|---|---|---|
WP_045 |
Issuance, Interoperability |
Credential Issuer Discovery |
Wallet Instance successfully discovers trusted Digital Credential Issuers using the Credential Catalogue. |
WP_045a |
Trust, Issuance, Interoperability |
Fetch the Digital Credential catalogue |
Wallet Instance successfully sends an HTTP GET request to the Digital Credentials Catalogue Endpoint, using the |
WP_046 |
Issuance, Interoperability |
Discover Credential Issuer dynamically from federation metadata |
Wallet Instance successfully uses Federation API endpoints ( |
WP_046a |
Trust, Issuance, Security |
Validate Credential Issuer’s full Trust Chain to the Trust Anchor |
Wallet Instance builds and verifies the full Trust Chain from the Credential Issuer through Intermediaries to the root Trust Anchor, ensuring each signature is valid and confirms the root. |
WP_047 |
Issuance, Interoperability |
Issuer-Initiated flow: Credential Offer QR scan & decode |
In an Issuer-Initiated cross-device flow, Wallet Instance successfully scans the QR code, and decodes the |
WP_048 |
Issuance, Interoperability |
Issuer-Initiated flow: Credential Offer parsing |
In an Issuer-Initiated flow, Wallet Instance extracts and validates all required parameters present ( |
WP_049 |
Issuance, Interoperability |
Issuer-Initiated flow: Authorization Server identifier check |
Wallet Instance reads the Credential Issuer’s metadata |
WP_050 |
Issuance, Interoperability |
Issuer-Initiated flow: Digital Credential IDs validation |
Wallet Instance verifies whether each Digital Credential identifier in the |
WP_050a |
Trust, Issuance, Interoperability |
Policy & Trust Marks enforcement |
Wallet Instance verifies that the Credential Issuer is authorized to issue the requested Digital Credential through the application of metadata policies and the verification of Trust Marks. |
WP_050b |
Trust, Issuance, Interoperability |
Supported ID confirmation |
Wallet Instance verifies that every requested |
WP_051 |
Issuance, Interoperability |
Credential Request using OAuth2 code flow |
Wallet Instance successfully requests PID/(Q)EAA from the PID/(Q)EAA Provider using the Authorization Code Flow per OpenID4VCI. |
WP_052 |
Issuance, Interoperability |
PAR Request: payload construction |
Wallet Instance generates a fresh PKCE |
WP_052a |
Issuance, Interoperability |
Secure PKCE |
Wallet Instance creates the |
WP_052b |
Issuance, Interoperability |
Wallet Attestation PoP JWT creation |
Wallet Instance generates the Wallet Attestation PoP JWT (per OAuth-Client-Attestation-PoP parameters as defined in OAUTH-ATTESTATION-CLIENT-AUTH) and binds it to the same ephemeral public key referenced in the Wallet Attestation’s |
WP_052c |
Issuance, Security |
Wallet Attestation PoP JWT signing |
Wallet Instance signs the PoP JWT with the ephemeral private key corresponding to the public key in the Wallet Attestation’s |
WP_052d |
Issuance, Interoperability |
Specify Digital Credential types |
Wallet Instance embeds correct Digital Credential types in the Request Object using the |
WP_053 |
Issuance, Security |
Authorization Request |
Wallet Instance sends an Authorization Request to the Credential Issuer Authorization Endpoint using the received |
WP_053a |
Issuance, Security |
Enforce one-time |
Wallet Instance submits the Authorization Request with a freshly obtained |
WP_054 |
Issuance, Interoperability |
Validate Authorization Response: required parameter |
Wallet Instance checks that the Authorization Response contains all required parameters ( |
WP_054a |
Issuance, Security |
Validate Authorization Response: verify state matching |
Wallet Instance compares the returned |
WP_054b |
Issuance, Security |
Validate Authorization Response: confirm Credential Issuer identity |
Wallet Instance checks that the |
WP_055 |
Issuance, Interoperability |
Send a Token Request |
Wallet Instance sends a POST request to the Token Endpoint with a URL-encoded body, including the received |
WP_055a |
Issuance, Interoperability |
Token request proof parameters |
The Token Request carries the required proofs in headers: a DPoP proof JWT, a Wallet Attestation JWT, and Wallet Instance’s PoP JWT (per OAuth-Client-Attestation and OAuth-Client-Attestation-PoP as defined in OAUTH-ATTESTATION-CLIENT-AUTH). |
WP_055b |
Issuance, Interoperability |
Generate DPoP key pair/proof |
Wallet Instance generates a fresh DPoP key pair and its DPoP proof JWT following the instructions provided in RFC 9449#section-4 for the Token Request to the Credential Issuer. |
WP_055c |
Issuance, Security |
Sign DPoP proof |
Wallet Instance signs the DPoP proof JWT with the DPoP private key generated for this scope. |
WP_055d |
Issuance, Interoperability |
Token request proof parameters |
The Wallet Attestation JWT is signed using the private key bound to Wallet Instance, where its related public key is provided within the Wallet Attestation ( |
WP_056 |
Issuance, Interoperability |
Credential Request |
Wallet Instance sends a POST request to the Credential Endpoint including the Access Token, DPoP Proof JWT, Credential type, and the valid PoP of Credential-bound key. |
WP_056a |
Issuance, Security |
Fetch nonce for the Digital Credential key proof |
Wallet Instance sends a POST request to the Credential Issuer’s Nonce Endpoint and obtains a fresh nonce, which is then used to generate the PoP of the key material bound to the issued Digital Credential. |
WP_056b |
Issuance, Security |
Fresh DPoP proof |
Wallet Instance generates a fresh DPoP proof with the same key used for the Token Request DPoP proof, and in accordance with RFC 9449#section-4. |
WP_056c |
Issuance, Security |
Match the Credential key proof to the DPoP key |
Wallet Instance includes a proof object of type |
WP_057 |
Issuance, Interoperability |
Multiple Digital Credential request |
When a Credential Issuer offers multiple Digital Credentials, Wallet Instance makes a separate and correctly formatted Credential Request for each Digital Credential it intends to accept. |
WP_058 |
Issuance, Interoperability |
Batch Credential Request |
In case of Batch Issuance, Wallet Instance sends a batch Credential request to the Credential Endpoint that includes: the Access Token, a DPoP proof JWT, the credential type, and a |
WP_058a |
Issuance, Security |
Batch Issuance: key generation |
In case of Batch Issuance, Wallet Instance generates a number of fresh Digital Credential key pairs equal to the |
WP_058b |
Issuance, Interoperability |
Batch Issuance: PoP of batch Credential keys |
In case of Batch Issuance, Wallet Instance generates N key proofs using the provided |
WP_059 |
Issuance, Interoperability |
Validate Credential Response for required parameters |
Wallet Instance inspects the Credential Response payload, verifying all mandatory PID/(Q)EAA parameters are present and valid as defined in Table of Credential Response; if any parameter is missing or invalid, it rejects the response with an error. |
WP_060 |
Issuance, Interoperability |
Verify Digital Credential type/schema |
Wallet Instance retrieves the issued Digital Credential from the response’s |
WP_061 |
Issuance, Security |
Validate Credential Issuer Trust Chain |
Wallet Instance verifies the Digital Credential’s Trust Chain from its header to confirm that the Credential Issuer is trusted. |
WP_062 |
Issuance, Interoperability |
Format-specific Digital Credential verification |
Wallet Instance verifies whether a Digital Credential is in SD-JWT VC or mdoc-CBOR format, and then runs the appropriate verification. If it fails, it rejects the Credential. |
WP_062a |
Issuance, Security, Interoperability |
Verify SD-JWT Credential integrity |
Wallet Instance obtains the |
WP_062b |
Issuance, Security, Interoperability |
Verify mdoc-CBOR Credential integrity |
Wallet Instance extracts the signature algorithm from the protected header of the mdoc-CBOR |
WP_063 |
Issuance, Privacy |
User consent for credential storage |
Wallet Instance prompts the User for consent and stores the Digital Credential only after explicit approval. |
WP_064 |
Issuance, Interoperability |
Notification Handling |
Wallet Instance sends an HTTP POST request to the Notification Endpoint with |
WP_064a |
Issuance, Interoperability |
Notification Parameters |
The Notification Request payload contains the |
WP_064b |
Issuance, Privacy |
Protect User privacy in notification content |
The |
WP_065 |
Issuance, Security |
Handle deferred issuance |
Wallet Instance evaluates the Credential Response; if it contains both |
WP_066 |
Issuance, Interoperability |
Deferred issuance request after lead_time |
Wallet Instance submits a Deferred Credential Request only after the required |
WP_066a |
Issuance, Interoperability |
Deferred issuance request with transaction_id |
Wallet Instance sends a Deferred Credential Request as an HTTP POST with |
WP_066b |
Issuance, Interoperability |
Deferred request with still-valid Access Token |
Wallet Instance includes the existing Access Token in the deferred request if the |
WP_066c |
Issuance, Interoperability |
Fresh DPoP-bound Access Token via the Refresh |
When the existing Access Token would expire before the deferred request can be made, Wallet Instance obtains a new DPoP-bound Access Token via the Refresh Token flow. |
WP_067 |
Issuance, Interoperability |
New Credential Issuance flow |
When Wallet Instance fails to refresh an expiring Access Token, it initiates an entirely new Credential Issuance flow. |
WP_068 |
Issuance, Interoperability |
Refresh Token Request |
Wallet Instance sends a POST request to the Credential Issuer’s Token Endpoint with |
WP_068a |
Issuance, Security |
Refresh Token: generate proofs |
For a refresh Access Token request, Wallet Instance generates a new DPoP JWT and a new Wallet Attestation PoP, and includes them in the request. |
WP_068b |
Issuance, Interoperability |
Refresh Token: maintain binding |
Wallet Instance reuses the same key bound to the Wallet Attestation PoP and the DPoP proof from the original Access Token request, ensuring the refreshed Access Token remains cryptographically bound and valid. |
WP_069 |
Issuance, Security |
Check Digital Credential status |
Wallet Instance verifies the status of each stored Digital Credential by retrieving and validating either a Status List Token (per OAuth Status Lists) or a Status Assertion (per OAuth Status Assertions). |
WP_070 |
Issuance, Security |
Re-issuance flow: detect re-issuance necessity (update status) |
Wallet Instance updates a Digital Credential when the Status List shows |
WP_071 |
Issuance, Security |
Re-issuance flow: verify Access Token validity for re-issuance |
When an update is detected for a Digital Credential, Wallet Instance verifies the validity of the associated Access Token. If the token is valid, Wallet Instance proceeds with Credential re-issuance. |
WP_071a |
Issuance, Security |
Re-issuance flow: refresh expired Access Token |
If the Access Token is expired but a valid Refresh Token is available, Wallet Instance initiates a Refresh Token flow to obtain a new DPoP-bound Access Token, following the Refresh Token Flow. |
WP_071b |
Issuance, Security |
Restart issuance on full expiry |
Wallet Instance re-authenticates the User when initiating a new Credential Issuance flow. |
WP_072 |
Issuance, Security |
Retrieve refreshed Credential |
Wallet Instance, with a valid DPoP-bound Access Token, sends a request to the Credential Endpoint and successfully retrieves the updated Digital Credential. |
WP_073 |
Issuance, Security and Privacy |
Delete old Digital Credentials |
After storing a new Digital Credential, Wallet Instance deletes the previous version so that only the latest Digital Credential remains stored. |
WP_073a |
Issuance, Security and Privacy |
Delete old batch Credentials |
When the Wallet Instance receives and stores a new batch of the same Credential with the same claims, it deletes the previous Credentials. |
WP_074 |
Issuance, UX |
Consent on new Digital Credential store with |
If the Digital Credential update involves changes to the User's attribute values ( |
WP_075 |
Issuance, UX |
No consent on new Digital Credential store without |
If the Digital Credential update only concerns credential metadata changes ( |
16.4.1.3.4. Test Cases for Presentation Phase¶
This section lists the test cases from Section Digital Credential Presentation, covering both the Remote Flow and the Proximity Flow presentation phases.
Test Case ID |
Purpose |
Description |
Expected Result |
---|---|---|---|
WP_076 |
Remote-flow, Presentation, Interoperability |
Obtain Authorization Request URL in Same Device flow |
In the Same Device flow, Wallet Instance successfully obtains a URL and extracts the following parameters: |
WP_077 |
Remote-flow, Presentation, Interoperability |
Obtain Authorization Request URL in Cross Device flow |
In the Cross Device flow, Wallet Instance successfully scans and parses a QR Code to extract the following parameters: |
WP_078 |
Remote-flow, Trust, Presentation, Interoperability |
Relying Party identity discovery |
Wallet Instance successfully uses Federation API endpoints ( |
WP_079 |
Remote-flow, Trust, Presentation, Interoperability |
Relying Party Trust Chain evaluation |
Wallet Instance successfully validates the Trust Chain of the Relying Party (provided statically or built through a Federation Entity Discovery process) from the Trust Anchor down to the Relying Party itself, confirming that the Relying Party is a recognized and trusted member of the federation. |
WP_080 |
Remote-flow, Trust, Presentation, Interoperability |
Relying Party Trust Mark check |
Wallet Instance successfully evaluates any Trust Marks included in the Relying Party’s Entity Configuration to ensure they are valid and indicate compliance with federation policies. |
WP_081 |
Remote-flow, Trust, Presentation, Security |
Validate |
Wallet Instance checks the |
WP_082 |
Remote-flow, Presentation, Interoperability |
GET Request Object |
If the |
WP_083 |
Remote-flow, Presentation, Interoperability |
POST Request Object |
If the |
WP_083a |
Remote-flow, Presentation, Interoperability |
Construct |
Wallet Instance formats the |
WP_083b |
Remote-flow, Presentation, Privacy |
Exclude PII in |
The |
WP_083c |
Remote-flow, Presentation, Security |
Generate replay nonce |
A fresh |
WP_084 |
Remote-flow, Trust, Presentation, Security |
Relying Party public key retrieval |
Wallet Instance fetches the correct Relying Party’s public key exclusively from the |
WP_085 |
Remote-flow, Presentation, Security |
Request Object signature verification |
Wallet Instance confirms the integrity of the signed Request Object by successfully performing the cryptographic signature validation against the Relying Party’s public key. |
WP_086 |
Remote-flow, Presentation, Security |
Match |
Wallet Instance confirms that the |
WP_087 |
Remote-flow, Presentation, Security |
Check Relying Party eligibility |
Wallet Instance authorizes the request and proceeds with the flow when the Relying Party's metadata, policies, and a valid Trust Mark collectively confirm its permission to request the specified credential. |
WP_088 |
Remote-flow, Presentation, Privacy |
User consent for disclosure |
Wallet Instance requests the User's consent by presenting a UI screen that clearly displays the verified identity of the Relying Party and a list of all requested data attributes. |
WP_089 |
Remote-flow, Presentation, UX |
Handle |
When the Relying Party's |
WP_089a |
Remote-flow, Presentation, UX |
Logging |
Wallet Instance internally logs the detailed error information. |
WP_089b |
Remote-flow, Presentation, UX |
Recovering from |
For a recoverable error, such as |
WP_090 |
Remote-flow, Presentation, Interoperability |
Notify Relying Party on invalid request |
If the Request Object is invalid or fails verification, Wallet Instance sends an Authorization Error Response via HTTP POST to the Relying Party’s |
WP_091 |
Remote-flow, Presentation, Interoperability |
Send Authorization Response |
If the Request Object verification is valid, Wallet Instance sends an Authorization Response via HTTP POST to the Relying Party’s |
WP_091a |
Remote-flow, Presentation, Security |
Validate |
Before sending the Authorization Response, Wallet Instance confirms the |
WP_092 |
Remote-flow, Presentation, Security |
Encrypt Authorization Response |
Wallet Instance encrypts the Authorization Response JWT per Section 7.3 of [OpenID4VP] using the Relying Party’s public key. |
WP_093 |
Remote-flow, Presentation, Security |
Construct |
The Authorization Response JWT payload includes the original |
WP_093a |
Remote-flow, Presentation, Interoperability |
Include signed presentations |
Within that |
WP_093b |
Remote-flow, Presentation, Security |
Append Key Binding JWT |
Wallet Instance generates for every individual SD-JWT presentation within the |
WP_093c |
Remote-flow, Presentation, Security |
Key Binding JWT format |
The JOSE header of each generated Key Binding JWT includes |
WP_094 |
Remote-flow, Presentation, Interoperability |
Perform user-agent redirect |
Upon receiving the |
WP_094a |
Remote-flow, Trust, Presentation, Security |
Validate |
Wallet Instance verifies that the |
WP_095 |
Proximity-flow, Presentation, Security |
Support supervised/unsupervised retrieval |
Wallet Instance supports a Credential presentation using the Supervised Device Retrieval method for an in-person verification scenario and via Device Retrieval (unsupervised) for automated verification without human oversight. |
WP_096 |
Proximity-flow, Presentation, Security |
Device retrieval support |
Wallet Instance supports Device Retrieval mechanisms via the Bluetooth Low Energy (BLE) or NFC. |
WP_096a |
Proximity-flow, Presentation, Security |
Enforce device retrieval only |
Wallet Instance rejects any request to initiate a proximity flow using the Server Retrieval mechanism. |
WP_096b |
Proximity-flow, Presentation, Security |
Support BLE/NFC retrieval (conditional) |
Wallet Instance completes the BLE or NFC retrieval flow successfully. BLE support is mandatory, while NFC support is RECOMMENDED. Support for at least one device retrieval method (BLE or NFC) is mandatory; failure constitutes non-compliance. |
WP_097 |
Proximity-flow, Presentation, UX |
Supported DeviceEngagement mechanisms |
Wallet Instance supports DeviceEngagement based on QR code or NFC Connection Handover. |
WP_097a |
Proximity-flow, Presentation, Security |
Support QR/NFC engagement (conditional) |
Wallet Instance completes a full data-retrieval transaction over BLE and over NFC (where hardware is available). QR code support is mandatory, while NFC support is RECOMMENDED. Support for at least one engagement method (QR or NFC) is mandatory; failure constitutes non-compliance. |
WP_098 |
Proximity-flow, Presentation, Security |
Relying Party authentication |
Wallet Instance supports and performs Relying Party Instance Authentication in accordance with ISO18013-5 reader-authentication. |
WP_099 |
Proximity-flow, Presentation, Interoperability |
Domestic mDL support |
Wallet Instance supports and processes mDL Credentials using both the IT Wallet domestic document type and namespaces and the standard ISO18013-5 definitions without error (see mdoc-CBOR Credential Format for more details). |
WP_100 |
Proximity-flow, Presentation, Security |
WSCA authentication |
Wallet Instance prompts the User to perform a WSCA-based authentication, directly or by unlocking the application, and does not proceed with the proximity flow until it succeeds. |
WP_101 |
Proximity-flow, Presentation, Security |
Generate ephemeral EC key pair |
Wallet Instance successfully generates a fresh ephemeral elliptic-curve key pair (per the chosen ISO18013-5 cipher suite). |
WP_102 |
Proximity-flow, Presentation, Interoperability |
CBOR encoding of DeviceEngagement data |
DeviceEngagement is CBOR encoded and contains Version, Security, Capabilities, and OriginInfos (may be empty). For QR engagement it also includes DeviceRetrievalMode-BLEOptions and/or DeviceRetrievalMode-NFCOptions. For NFC engagement, these options are omitted. |
WP_102a |
Proximity-flow, Presentation, Interoperability |
DeviceEngagement over QR |
The QR mdoc: URI encodes the valid CBOR DeviceEngagement encoded (per Section 9.1 of [ISO18013-5]) using base64url-without-padding (RFC 4648). |
WP_102b |
Proximity-flow, Presentation, Interoperability |
Verify Security component |
The Security component within the DeviceEngagement data contains a supported cipher suite identifier and the Wallet Instance’s ephemeral public key per ISO18013-5 Table 22. |
WP_102c |
Proximity-flow, Presentation, Interoperability |
Verify DeviceRetrievalMode-BLEOptions component |
The DeviceRetrievalMode-BLEOptions component within the DeviceEngagement data indicates Central Client Mode and carries the correct device UUID. |
WP_102d |
Proximity-flow, Presentation, Interoperability |
Verify DeviceRetrievalMode-NFCOptions component |
The DeviceRetrievalMode-NFCOptions component declares supported role (PICC for Wallet Instance) and maximum APDU command/response sizes per ISO mapping. |
WP_102e |
Proximity-flow, Presentation, Interoperability |
Verify Capabilities component |
The Capabilities component within the DeviceEngagement data correctly sets both the |
WP_102f |
Proximity-flow, Presentation, Interoperability |
Verify OriginInfos component |
If the OriginInfos component, is present within the DeviceEngagement data, is correctly encoded as an array (which may be empty). |
WP_103 |
Proximity-flow, Presentation, UX |
DeviceEngagement over NFC (Connection Handover) |
Wallet Instance exposes DeviceEngagement via NFC Connection Handover either Static or Negotiated. |
WP_103a |
Proximity-flow, Presentation, Interoperability |
NFC Connection Handover (Static) |
Wallet Instance acts as NFC Tag (Type 4) and provides a Handover Select with at least one Alternative Carrier Record and associated Carrier Configuration Record; an Auxiliary Data Record carries the DeviceEngagement (type iso.org:18013:deviceengagement, id “mdoc”). |
WP_103b |
Proximity-flow, Presentation, Interoperability |
NFC Connection Handover (Negotiated) |
Wallet Instance exposes the service |
WP_103c |
Proximity-flow, Presentation, Security, Interoperability |
Early SessionEstablishment via TNEP |
If |
WP_103d |
Proximity-flow, Presentation, Interoperability |
Carrier Configuration Record encoding |
Wallet Instance successfully includes a Carrier Configuration Record for each supported carrier. For NFC, type |
WP_103e |
Proximity-flow, Presentation, Interoperability |
Auxiliary Data Record for DeviceEngagement |
Wallet Instance successfully provides an Auxiliary Data Record carrying DeviceEngagement with type |
WP_103f |
Proximity-flow, Presentation, Interoperability |
Alternative Carrier Records |
In Static Handover, Handover Select includes one oe more Alternative Carrier Records; in Negotiated Handover, Handover Select contains exactly one selected carrier. The NFC Alternative Carrier references the |
WP_103g |
Proximity-flow, Presentation, Security |
Early SessionEstablishment mismatch |
If early SessionEstablishment is received during Negotiated Handover, Wallet Instance successfully verifies that it matches the SessionEstablishment received during Device Retrieval; on mismatch Wallet Instance terminates the flow |
WP_103h |
Proximity-flow, Presentation, Interoperability |
No early SessionEstablishment |
If no early SessionEstablishment is received during Negotiated Handover, the Wallet Instance proceeds with Device Retrieval as normal (no failure), per the NFC DeviceEngagement note. |
WP_104 |
Proximity-flow, Presentation, Security |
Derive session keys |
Wallet Instance successfully derives session keys by performing the negotiated key-agreement protocol with its ephemeral private key and the Relying Party's ephemeral public key. |
WP_105 |
Proximity-flow, Presentation, Security |
Decrypt & verify |
Wallet Instance successfully decrypts the |
WP_106 |
Proximity-flow, Presentation, Security |
Validate |
Wallet Instance verifies the |
WP_107 |
Proximity-flow, Presentation, Privacy |
Prompt attribute consent |
Wallet Instance decrypts and displays the requested attributes to the User in a consent screen and proceeds only after receiving explicit User approval. |
WP_107a |
Proximity-flow, Presentation, Privacy |
No consent for Wallet Attestation disclosure |
Wallet Instance does not request the User's consent for the Wallet Attestation, ensuring that its technical attributes are excluded from the list of data shown on the User consent screen. |
WP_107b |
Proximity-flow, Presentation, Privacy |
Display Relying Party certificate |
Wallet Instance displays the full, parsed Relying Party Registration Certificate to the User for transparency before User consent and data disclosure. |
WP_108 |
Proximity-flow, Presentation, Interoperability |
Retrieve mdoc Credentials and Wallet Attestation |
Wallet Instance successfully retrieves each requested mdoc Credential from storage and obtains a fresh Wallet Attestation (if requested), preparing them for the mdoc Response. |
WP_108a |
Proximity-flow, Presentation, Interoperability |
Use cached Wallet Attestation |
When a fresh Wallet Attestation cannot be fetched, Wallet Instance successfully includes its most recently cached version of the Wallet Attestation in the response. |
WP_108b |
Proximity-flow, Presentation, Interoperability |
Wallet Attestation attributes |
When providing the Wallet Attestation, Wallet Instance includes all of its available disclosures, and the mandatory |
WP_109 |
Proximity-flow, Presentation, Interoperability |
Prepare mdoc Response |
Wallet Instance successfully builds the CBOR-encoded |
WP_110 |
Proximity-flow, Presentation, Security, Interoperability |
mdoc authentication |
Wallet Instance correctly signs the |
WP_111 |
Proximity-flow, Presentation, Interoperability |
Validate mdoc Response structure |
Wallet Instance constructs the mdoc Response as a CBOR-encoded object that includes a |
WP_111a |
Proximity-flow, Presentation, Security |
Validate |
Within each document, the |
WP_112 |
Proximity-flow, Presentation, Security |
Encrypt |
Wallet Instance encrypts the |
WP_112a |
Proximity-flow, Presentation, Interoperability |
BLE transport of messages |
Over BLE (using the ISO GATT characteristics), Wallet Instance correctly receives the Relying Party’s encrypted |
WP_112b |
Proximity-flow, Presentation, Interoperability |
NFC transport of messages |
Over NFC (using the APDU flow), the Wallet Instance correctly receives the Relying Party’s encrypted |
WP_112c |
Proximity-flow, Presentation, Interoperability |
BLE UUID/MTU consistency |
The Wallet’s BLE service/characteristic UUIDs and effective MTU used on the link are consistent with the values advertised in DeviceEngagement (and/or Carrier Configuration), and the Wallet segments messages accordingly. |
WP_112d |
Proximity-flow, Presentation, Security |
BLE Ident characteristic (optional) |
If the Ident characteristic is implemented, Wallet Instance verifies the Relying Party’s Ident value before data retrieval and terminates the BLE connection on mismatch, per Section 11.1.3 of [ISO18013-5]. |
WP_112e |
Proximity-flow, Presentation, Interoperability |
NFC SELECT AID handling |
Wallet Instance successfully exposes AID and, upon SELECT APDU, returns valid FCI with correct SW1/SW2; subsequent ENVELOPE/GET RESPONSE exchanges. |
WP_112f |
Proximity-flow, Presentation, Interoperability |
NFC APDU size consistency |
The Wallet’s APDU command/response sizing (including fragmentation and SW1=61 handling) is consistent with the max PDU sizes it advertised (Carrier Configuration / NFCOptions) during Device Engagement. |
WP_113 |
Proximity-flow, Presentation, Security |
Terminate session/ inactivity timeout |
Wallet Instance automatically terminates the session if no session-related messages are sent or received for the duration of its configured inactivity timeout. |
WP_113a |
Proximity-flow, Presentation, Security |
Terminate session/ no further request |
Wallet Instance terminates the session once either it or the Relying Party has concluded the data exchange. |
WP_113b |
Proximity-flow, Presentation, Security |
Send termination signal |
Wallet Instance transmits End command (or termination code) over BLE to signal session closure. |
WP_113c |
Proximity-flow, Presentation, Security |
Send termination over NFC |
Wallet Instance signals end via a status code in |
WP_114 |
Proximity-flow, Presentation, Security |
Destroy session keys |
When a session is terminated, Wallet Instance wipes all session keys and related ephemeral material from memory and storage. |
WP_114a |
Proximity-flow, Presentation, Security |
Close communication channel |
Wallet Instance closes the active communication channel by disconnecting the BLE link or ending the NFC APDU exchange. |
16.4.1.3.5. Test Cases for User Attribute Deletion on Relying Party Side¶
This section lists the test cases from Sections:
Test Case ID |
Purpose |
Description |
Expected Results |
---|---|---|---|
WP_115 |
Attribute Deletion, Lifecycle, Privacy |
Attribute deletion function |
Wallet Instance UI provides functions for the User to request attribute deletion, view transaction logs, and see a list of Relying Parties that hold their attributes. |
WP_115a |
Attribute Deletion, Lifecycle, Privacy |
Filtered transaction logs for identifying attributes |
The transaction log view is filtered to show only Relying Parties that accessed attributes uniquely identifying the User. |
WP_116 |
Attribute Deletion, Lifecycle, Security |
Relying Party metadata validation for deletion |
When a User selects a Relying Party for attribute deletion, Wallet Instance fetches and validates its federation metadata, confirming the presence of an Erasure Endpoint. |
WP_117 |
Attribute Deletion, Lifecycle, Interoperability |
Erasure Request |
Wallet Instance correctly constructs, and sends a valid Erasure Request destined for the Relying Party's Erasure Endpoint. |
WP_117a |
Attribute Deletion, Lifecycle, Privacy |
Erasure Request logging |
A log entry is created for each Erasure Request, containing the timestamp, the Relying Party's identifier, and the specific attributes requested for deletion. |
WP_118 |
Attribute Deletion, Lifecycle, UX |
User redirection and callback for erasure |
Wallet Instance successfully redirects the User to the Relying Party’s Erasure Endpoint and receives the Erasure Response via its callback mechanism. |
WP_119 |
Attribute Deletion, Lifecycle, Interoperability |
Handles deletion/error response |
Wallet Instance correctly processes both success and error responses for the Erasure Response from the Relying Party. |
WP_119a |
Attribute Deletion, Lifecycle, UX |
User notification on erasure |
Wallet Instance displays a clear notification to the User indicating the success or failure of the Erasure Request. |
16.4.1.3.6. Test Cases for Digital Credential’s Backup and Restore¶
This section lists the test cases from Section Backup and Restore.
Test Case ID |
Purpose |
Description |
Expected Results |
---|---|---|---|
WP_120 |
Backup and Restore, UX |
Credential backup initiation |
The User successfully triggers the Credential backup operation on Wallet Instance. |
WP_120a |
Backup and Restore, Security |
Random key phrase display |
Wallet Instance invokes the backup APIs, selects 10 random key phrases from a pre-generated list and displays them to the User. |
WP_120b |
Backup and Restore, Security |
Secure key phrase storage instruction |
Wallet Instance displays a clear instruction for the User to securely store the generated key phrases. |
WP_121 |
Backup and Restore, Security |
Key derivation from key phrases |
Wallet Instance derives an encryption key from the User’s key phrases using a key derivation function (e.g., |
WP_121a |
Backup and Restore, Security |
Key derivation function configuration |
If |
WP_122 |
Backup and Restore, Interoperability |
Signed backup JWT creation |
Wallet Instance creates a backup file containing a signed JWT that encapsulates the backup data. |
WP_122a |
Backup and Restore, Interoperability |
JOSE header for backup JWT |
The backup JWT header contains the correct |
WP_122b |
Backup and Restore, Interoperability |
Backup JWT payload contents |
The backup JWT payload includes the required claims: |
WP_122c |
Backup and Restore, Security |
Optional transaction history in backup JWT |
The |
WP_122d |
Backup and Restore, Security |
Credential identifiers in backup JWT |
The |
WP_123 |
Backup and Restore, Security |
Backup JWT signing with attested key |
Wallet Instance signs the backup JWT with the private key corresponding to the public key found in the |
WP_123a |
Backup and Restore, Security |
Attestation validity check for backup JWT |
Before signing the backup JWT, Wallet Instance verifies the validity of its own Wallet Attestation. |
WP_124 |
Backup and Restore, Security |
Backup file encryption with User key |
Wallet Instance encrypts the backup using the key derived from the User's key phrases. |
WP_125 |
Backup and Restore, UX |
Secure storage location selection prompt |
Wallet Instance prompts the User to select a location to save the encrypted backup file, offering options such as local or cloud storage. |
WP_126 |
Backup and Restore, UX |
Credential restore initiation |
The User successfully triggers the Credential restore operation on Wallet Instance. |
WP_127 |
Backup and Restore, UX |
Backup file/key phrase selection for restore |
The User successfully selects a backup file from the storage and enters their recovery key phrases. |
WP_128 |
Backup and Restore, Interoperability |
Wallet Attestation extraction from backup JWT |
Wallet Instance extracts the Wallet Attestation JWT from the |
WP_128a |
Backup and Restore, Security |
Ignore Wallet Attestation expiration during restore |
The restore process continues successfully even if the Wallet Attestation JWT in the backup file is expired. |
WP_129 |
Backup and Restore, Security |
Backup JWT signature verification |
Wallet Instance successfully verifies the signature of the backup JWT using the Wallet Attestation public key from the |
WP_130 |
Backup and Restore, Interoperability |
Credential re-issuance from restored backup |
For each Credential entry in the backup JWT, Wallet Instance successfully extracts the Issuer URL, and the |
WP_130a |
Backup and Restore, Interoperability |
Retrieve the Issuer metadata |
For each Issuer URL, Wallet Instance successfully fetches the corresponding Issuer metadata. |
WP_130b |
Backup and Restore, Interoperability |
Credential re-issuance request |
For each Credential, Wallet Instance successfully initiates a re-issuance request for the Credential using a new holder key binding. |
16.4.1.3.7. Optional Test Cases for Wallet Instance¶
This section lists the test cases from Sections:
These test cases are optional and have been designed for the IT Wallet implementation, managed by PagoPA. They are intended for implementers who need to verify compatibility with the specific features of this reference model.
Test Case ID |
Purpose |
Description |
Expected Results |
---|---|---|---|
WP_131 |
Wallet Initialization / Registration, Lifecycle, Security |
Nonce request for replay protection |
Wallet Instance requests and receives a single-use, short-lived nonce from the Wallet Provider's Nonce Endpoint. |
WP_132 |
Wallet Initialization / Registration, Lifecycle, Interoperability |
Hardware-backed EC key pair generation/storage |
Wallet Instance successfully generates a fresh hardware-backed EC key pair and stores its associated |
WP_132a |
Wallet Initialization / Registration, Lifecycle, Security |
Pre-existing key deletion during initialization |
Wallet Instance checks for the presence of pre-existing Cryptographic Hardware Keys during initialization, and successfully deletes them. |
WP_133 |
Wallet Initialization / Registration, Lifecycle, Interoperability |
Wallet Initialization Request submission |
Wallet Instance successfully sends to the Wallet Provider an Initialization request with the required |
WP_133a |
Wallet Initialization / Registration, Lifecycle, Interoperability |
SHA-256 hash computation |
Wallet Instance successfully computes a SHA-256 digest ( |
WP_133b |
Wallet Initialization / Registration, Lifecycle, Interoperability |
Key Attestation |
Wallet Instance successfully invokes the Key Attestation API with the |
WP_134 |
Wallet Initialization / Registration, Lifecycle, Security |
Key Binding request |
Wallet Instance sends a Key Binding request that contains an |
WP_134a |
Wallet Initialization / Registration, Lifecycle, Security |
Signing Key Binding JWT |
Wallet Instance successfully signs the Key Binding request JWT with the Wallet Hardware public key. |
WP_135 |
Wallet Initialization / Registration, Lifecycle, Security |
Wallet Initialization Request validation |
Wallet Provider successfully checks the Initialization Request parameters: the |
WP_135a |
Wallet Initialization / Registration, Lifecycle, Security |
Nonce uniqueness verification |
Wallet Provider rejects any Initialization Request containing a nonce that it did not generate or that has already been used. |
WP_135b |
Wallet Initialization / Registration, Lifecycle, Security |
Key Attestation validation per guidelines |
Wallet Provider validates the |
WP_136 |
Wallet Initialization / Registration, Lifecycle, Security |
Cryptographic binding verification |
Wallet Provider successfully verifies the cryptographic binding between the |
WP_137 |
Wallet Initialization / Registration, Lifecycle, Interoperability |
Wallet Instance Registration |
Wallet Provider successfully registers Wallet Instance, storing its |
WP_138 |
Wallet Initialization / Activation, Lifecycle, Security |
User account creation |
Wallet Provider creates a User account associated with Wallet Instance's |
WP_139 |
Wallet Uninstallation, Lifecycle, Security |
Key/state deletion on uninstallation |
Wallet Instance uninstalls itself and removes all local keys and application data. |
WP_140 |
Wallet Attestation Issuance, Lifecycle, Security |
Wallet Attestation Request |
Wallet Instance successfully constructs the Wallet Attestation Request JWT with the required claims: |
WP_140a |
Wallet Attestation Issuance, Lifecycle, Security |
Hardware key existence check/re-initialization |
Wallet Instance checks for the existence of Cryptographic Hardware Keys; if they are not found, it triggers the re-initialization process. |
WP_140b |
Wallet Attestation Issuance, Lifecycle, Interoperability |
Requests nonce for Wallet Attestation Request |
Wallet Instance successfully requests and receives a fresh nonce from the Wallet Provider’s Nonce Endpoint, before requesting the Wallet Attestation. |
WP_140c |
Wallet Attestation Issuance, Lifecycle, Interoperability |
Computes hash for Wallet Attestation Request |
Wallet Instance computes a SHA-256 digest ( |
WP_140d |
Wallet Attestation Issuance, Lifecycle, Interoperability |
Signs hash with hardware private key |
Wallet Instance signs the |
WP_140e |
Wallet Attestation Issuance, Lifecycle, Interoperability |
Obtains signed Integrity Assertion from Device Integrity Service. |
Wallet Instance successfully requests and receives a signed |
WP_140f |
Wallet Attestation Issuance, Lifecycle, Security |
Include |
The |
WP_141 |
Wallet Attestation Issuance, Lifecycle, Security |
Signing JWT Wallet Attestation Request |
Wallet Instance signs the Wallet Attestation Request JWT with the ephemeral private key. |
WP_142 |
Wallet Attestation Issuance, Lifecycle, Security |
Submitting Wallet Attestation Request JWT to Wallet Provider |
The Wallet Instance submits the signed request JWT as an |
WP_143 |
Wallet Attestation Issuance, Lifecycle, Security |
Attestation Request JWT verification |
Wallet Provider successfully performs a comprehensive validation of the Wallet Attestation Request JWT, including its signature, claims, and cryptographic proofs. |
WP_143a |
Wallet Attestation Issuance, Lifecycle, Security |
HTTP header validation for Wallet Attestation Request |
Wallet Provider successfully validates the Wallet Attestation Request JWT header to contain valid |
WP_143b |
Wallet Attestation Issuance, Lifecycle, Security |
JWT signature verification in Wallet Attestation Request |
Wallet Provider successfully verifies the signature of the Wallet Attestation Request JWT using the public key in the provided JWK. |
WP_143c |
Wallet Attestation Issuance, Lifecycle, Security |
Nonce uniqueness verification for Wallet Attestation |
Wallet Provider rejects the Wallet Attestation Request JWT if the nonce was not generated by itself or has been previously used. |
WP_143d |
Wallet Attestation Issuance, Lifecycle, Security |
Registered Wallet Instance verification |
Wallet Provider confirms that the Wallet Attestation Request originates from a valid and currently registered Wallet Instance; if not rejects the request. |
WP_143e |
Wallet Attestation Issuance, Lifecycle, Interoperability |
Hardware signature validation |
Wallet Provider successfully reconstructs the client_data, and validates the |
WP_143f |
Wallet Attestation Issuance, Lifecycle, Security |
Integrity Assertion validation per guidelines |
Wallet Provider successfully validates the |
WP_143g |
Wallet Attestation Issuance, Lifecycle, Security |
|
Wallet Provider verifies that the |
WP_144 |
Wallet Attestation Issuance, Lifecycle, Security |
Attestation Issuance |
After successful validation of the Wallet Attestation Request, Wallet Provider issues a Wallet Attestation with an expiration time not exceeding 24 hours from issuance. |
WP_145 |
Wallet Revocation, Lifecycle, Interoperability |
Wallet Instance status retrieval |
Wallet Instance sends a Wallet Instances Retrieval Request to the Wallet Provider’s Wallet Instance Management Endpoint. |
WP_146 |
Wallet Revocation, Lifecycle, Interoperability |
Wallet Instance status response |
Wallet Provider validates the request and returns Wallet Instance a list of the authenticated User’s linked Wallet Instances, including each instance’s |
WP_147 |
Wallet Revocation, Lifecycle, Interoperability |
Wallet Instance Revocation Request body |
Wallet Instance Revocation Request includes a body with |
WP_148 |
Wallet Revocation, Lifecycle, Interoperability |
Wallet Instance Revocation Response |
Wallet Provider updates the specified Wallet Instance state to |
WP_149 |
Wallet Revocation, Lifecycle, Security |
Clears keys upon revocation |
As part of its revocation, Wallet Instance removes all associated Wallet Cryptographic Hardware Key pairs from the device. |
WP_150 |
Wallet Initialization / Registration, Lifecycle, Interoperability |
Initialization failure (invalid nonce) |
When a Wallet Instance Initialization request contains a nonce that is invalid, expired, or already used, Wallet Provider returns a |
WP_151 |
Wallet Initialization / Registration, Lifecycle, Interoperability |
Initialization failure (Key Attestation signature) |
When a Wallet Instance Initialization request contains an invalid Key Attestation signature, Wallet Provider returns a |
WP_152 |
Wallet Initialization / Registration, Lifecycle, Interoperability |
Key Binding failure (Wallet Instance not found) |
When a Key Binding request references a Wallet Instance that is not found, Wallet Provider returns a |
WP_153 |
Wallet Initialization / Registration, Lifecycle, Interoperability |
Key Binding failure (Wallet Instance revoked) |
When a Key Binding request is made for a Wallet Instance that has been revoked, Wallet Provider returns a |
WP_154 |
Wallet Initialization / Registration, Lifecycle, Interoperability |
Key Binding failure (invalid PoP) |
When a Key Binding request contains an invalid Proof of Possession ( |
WP_155 |
Wallet Initialization / Registration, Lifecycle, Interoperability |
Key Binding failure (Integrity Assertion failure) |
When the Integrity Assertion in a Key Binding request fails validation (e.g., is tampered with), Wallet Provider returns a |