5.1.6. Wallet Provider Entity Configuration

An HTTP GET request to the Federation endpoint allows the retrieval of the Wallet Provider Entity Configuration.

The returned Entity Configuration of the Wallet Provider MUST contain the attributes described in the sections below.

The Wallet Provider Entity Configuration is a signed JWT containing the public keys and supported algorithms of the Wallet Provider. It is structured in accordance with the OID-FED and the The Infrastructure of Trust outlined in this specification.

5.1.6.1. Wallet Provider Entity Configuration JWT Header

Key

Value

Reference

alg

Algorithm used to verify the token signature. It MUST be one of the possible values indicated in Cryptographic Algorithms (e.g., ES256).

OID-FED.

kid

Thumbprint of the public key used for the signature.

OID-FED and RFC 7638.

typ

Media type, set to entity-statement+jwt.

OID-FED.

5.1.6.2. Wallet Provider Entity Configuration JWT Payload

Key

Value

Reference

iss

REQUIRED. Public URL of the Wallet Provider.

OID-FED.

sub

REQUIRED. Public URL of the Wallet Provider.

OID-FED.

iat

REQUIRED. Issuance datetime in Unix Timestamp format.

OID-FED.

exp

REQUIRED. Expiration datetime in Unix Timestamp format.

OID-FED.

authority_hints

REQUIRED. Array of URLs (String) containing the list of URLs of the immediate superior Entities, such as the Trust Anchor or an Intermediate, that MAY issue an Entity Statement related to the Wallet Provider.

OID-FED.

jwks

REQUIRED. A JSON Web Key Set (JWKS) representing the public part of the Wallet Provider's Federation Entity signing keys. The corresponding private key is used by the Entity to sign the Entity Configuration about itself.

RFC 7517, OID-FED.

metadata

REQUIRED.JSON object that represents the Entity's Types and the metadata for those Entity Types. Each member name of the JSON object is an Entity Type Identifier, and each value MUST be a JSON object containing metadata parameters according to the metadata schema of the Entity Type. It MUST contains the wallet_provider and OPTIONALLY the federation_entity metadata.

OID-FED.