10.1.6. Wallet Provider Entity Configuration¶
An HTTP GET request to the Federation endpoint allows the retrieval of the Wallet Provider Entity Configuration (WP_001).
The returned Entity Configuration of the Wallet Provider MUST contain the attributes described in the sections below.
The Wallet Provider Entity Configuration is a signed JWT containing the public keys and supported algorithms of the Wallet Solution as a component of the Wallet Provider. It is structured in accordance with the OID-FED and The Infrastructure of Trust outlined in this specification (WP_002).
10.1.6.1. Wallet Provider Entity Configuration JWT Header¶
Key |
Value |
|---|---|
alg |
Algorithm used to verify the token signature. It MUST be one of the possible values indicated in Cryptographic Algorithms (e.g., ES256). |
kid |
Thumbprint of the public key used for the signature. |
typ |
Media type, set to |
10.1.6.2. Wallet Provider Entity Configuration JWT Payload¶
Key |
Value |
|---|---|
|
REQUIRED. Public URL of the Wallet Solution. |
|
REQUIRED. Public URL of the Wallet Solution. |
|
REQUIRED. Issuance datetime in Unix Timestamp format. |
|
REQUIRED. Expiration datetime in Unix Timestamp format. |
|
REQUIRED. Array of URLs (String) containing the list of URLs of the immediate superior Entities, such as the Trust Anchor or an Intermediate, that MAY issue an Entity Statement related to the Wallet Solution. |
|
REQUIRED. A JSON Web Key Set (JWKS) representing the public part of the Federation Entity signing keys. The corresponding private key is used by the Wallet Solution to sign the Entity Configuration about itself. |
|
REQUIRED.JSON object that represents the Entity's Types and the metadata for those Entity Types. Each member name of the JSON object is an Entity Type Identifier, and each value MUST be a JSON object containing metadata parameters according to the metadata schema of the Entity Type. It MUST contain the |
Note
Tests covering the Entity Configuration structure (header and payload) are provided in WP_002a–002h.
10.1.6.3. Example of a Wallet Provider Entity Configuration¶
Below is a non-normative example of a payload of a Wallet Provider Entity Configuration containing a metadata for
federation_entity
wallet_solution
{
"iss": "https://wallet-solution.example.org",
"sub": "https://wallet-solution.example.org",
"iat": 1687171759,
"exp": 1709290159,
"jwks": {
"keys": [
{
"crv": "P-256",
"kty": "EC",
"x": "qrJrj3Af_B57sbOIRrcBM7br7wOc8ynj7lHFPTeffUk",
"y": "1H0cWDyGgvU8w-kPKU_xycOCUNT2o0bwslIQtnPU6iM",
"kid": "5t5YYpBhN-EgIEEI5iUzr6r0MR02LnVQ0OmekmNKcjY"
}
]
},
"metadata": {
"wallet_solution": {
"logo_uri": "https://wallet-solution.example.org/compact-logo.svg",
"jwks": {
"keys": [
{
"crv": "P-256",
"kty": "EC",
"x": "BxYsu3QvYmOz1fl1l5hGyPWlpvgTzz3AY3j3K_9zGPs",
"y": "ob34Wmfah_ScQXaYMJWoBkZSwO-kQ0VTgMk4VZfu48w",
"kid": "749b495837819c00cfee1749b495837819c00cfee1"
}
]
},
"wallet_metadata": {
"wallet_name": "Wallet X",
"authorization_endpoint": "https://wallet-solution.digital-strategy.europa.eu/authorization",
"credential_offer_endpoint": "https://wallet-solution.digital-strategy.europa.eu/credential_offer",
"response_types_supported": [
"vp_token"
],
"response_modes_supported": [
"query"
],
"vp_formats_supported": {
"dc+sd-jwt": {
"sd-jwt_alg_values": [
"ES256",
"ES384"
]
}
},
"request_object_signing_alg_values_supported": [
"ES256"
],
"client_id_prefixes_supported": ["openid_federation", "x509_hash"]
}
},
"federation_entity": {
"organization_name": "IT-Wallet Provider",
"homepage_uri": "https://wallet-provider.example.org",
"policy_uri": "https://wallet-provider.example.org/privacy_policy",
"tos_uri": "https://wallet-provider.example.org/info_policy",
"logo_uri": "https://wallet-provider.example.org/logo.svg"
}
},
"authority_hints": [
"https://registry.eudi-wallet.example.it"
]
}