From 918a82c6d4d479cee52eecd9107fba21e0f3128d Mon Sep 17 00:00:00 2001 From: Bastien Lopez Date: Tue, 12 Nov 2024 00:52:17 +0100 Subject: [PATCH 1/2] up dev/ issuer/ verif config --- docs/wallet/developer-mode.md | 8 +++- docs/wallet/issuer_configuration.md | 66 +++++++++++++++++++++++---- docs/wallet/verifier-configuration.md | 6 +-- 3 files changed, 66 insertions(+), 14 deletions(-) diff --git a/docs/wallet/developer-mode.md b/docs/wallet/developer-mode.md index 48c1a09..72600dc 100644 --- a/docs/wallet/developer-mode.md +++ b/docs/wallet/developer-mode.md @@ -1,6 +1,6 @@ # Developer Mode -Updated the 30th of October 2024. +Updated the 11st of November 2024. The developer mode allow any technical users to get internal information about the wallet data and logic. It modifies the display of verifiable credentials and it includes breakpoint in the code flow for debugging purposes. @@ -32,7 +32,7 @@ After scanning an OIDC4VC QR code a popup proposes to users to: * download this information as a text file, * skip to bypass. -Within the OIDC4VCI flow, the wallet proposes to display or download the data received from: +Within the OIDC4VCI flow, the wallet proposes to display or download the data sent and received from: - the token endpoint, - the credential endpoint. @@ -47,6 +47,10 @@ After scanning an OIDC4VP or SIOPV2 QR code a popup proposes to users to: * download this information as a text file, * skip to bypass. +Within the OIDC4VP flow, the wallet proposes to display or download the data sent to: + +- the respone_uri endpoint. + ## Display of errors details In case of an error response from issuers or verifiers, users have an access to the `error_description` data returned. diff --git a/docs/wallet/issuer_configuration.md b/docs/wallet/issuer_configuration.md index 7fb2191..0e62b1c 100644 --- a/docs/wallet/issuer_configuration.md +++ b/docs/wallet/issuer_configuration.md @@ -1,6 +1,6 @@ # Issuer configuration -Updated the 31th of October 2024. +Updated the 11st of November 2024. The wallets support most of the VC options of the OIDC4VCI standard for issuer configuration. @@ -22,6 +22,8 @@ Specifications of the different Drafts are available here: Wallets support: +* VC format ldp_vc, jwt_vc, jwt_vc_json, jwt_vc_json-ld, vc+sd-jwt, +* VCDM 1.1, * credential offer by value and by reference, * pre authorized code (by default), authorized code flow, push authorization request, PKCE, * [Attestation based client authentication](https://datatracker.ietf.org/doc/draft-ietf-oauth-attestation-based-client-auth/), @@ -35,14 +37,63 @@ Wallets support: * proof of possession header with `kid` or `jwk`, * deferred endpoint, * key identifiers as jwk thumbprint of DID, -* keys as EdDSA, P-256, seckp256k1. +* keys as EdDSA, P-256, seckp256k1, Wallets do not support: * notification endpoint, * batch endpoint of Draft 13, * DPoP for code and token, -* encrypted credentials. +* encrypted credentials, +* VCDM 2.0. + +## Limitations due to VC formats + +### JSON-LD VC + +Wallets do not support remonte @context loading. Use embedded definition of json-ld attributes in the `@contex`t array. + +Example: + +```json +{ + "@context": ["https://www.w3.org/2018/credentials/v1", + { + "EmailPass" : { + "@id": "https://github.com/TalaoDAO/context#emailpass", + "@context": { + "@version": 1.1, + "@protected": true, + "schema" : "https://schema.org/", + "id": "@id", + "type": "@type", + "email": "schema:email" + } + } + } + ], + "id": "urn:uuid:123", + "type": [ + "VerifiableCredential", + "EmailPass" + ], + "issuer": "did:web:talao.co", + "issuanceDate": "2024-03-27T15:42:10Z", + "credentialSubject" : { + "id": "did:key:zDnaeY6i6uVda46Vm8whCFQJPzTYBeZnkHvPCaBLfZoVYwqEP", + "type" : "EmailPass", + "email" : "john.doe@gmail.com" + }, + "proof": { + "type": "Ed25519Signature2018", + "proofPurpose": "assertionMethod", + "verificationMethod": "did:key:z6MkftN6LL5DRTG8u5LjhQuwUconSp3wremHoMjcH1LP7Hxd#z6MkftN6LL5DRTG8u5LjhQuwUconSp3wremHoMjcH1LP7Hxd", + "created": "2024-03-27T14:42:10.447Z", + "jws": "eyJhbGciOiJFZERTQSIsImNyaXQiOlsiYjY0Il0sImI2NCI6ZmFsc2V9..uEc2nusfEihJKUY6Owulwrm0tQccazRt3mDI_5RKXWSFc9ZYOoTJ5hAUI7BZE1vH9S62J8NBIXEkIkz4kcMdCw" + }, +} + +``` ## Invocation schemes for issuance @@ -63,12 +114,9 @@ For security reasons Talao wallets use Universal Links and App Links to redirect Dynamic Credential Request is an option to operate a VP presentation for user authentication inside an authorization code flow. -The differences between this process and the use of a VP authentication step (OIDC4VP) followed by the issuance of a VC by pre authorized code flow (OIDC4VCI) are multiple: - -- the VP(s) requested from the user depend on the VC requested by the user, -- the integration and the UX are simpler. +The main difference between this process and the use of a VP authentication step (OIDC4VP) followed by the issuance of a VC by pre authorized code flow (OIDC4VCI) is that the VP(s) requested by the verifier for user authentication maybe adapted dynamically to the user identity and the VC requested, -In order to manage that combination wallet must provide its own authorization endpoint to the issuer. Our wallets support the "EBSI V3.x implementation" way with a `client_metadata` argument when Draft is below or equal to 11 and the `wallet_issuer` attribute for more recent Draft, both added to the authorization request and push authorization request. +In order to manage that combination wallet must provide its own authorization endpoint to the issuer. Our wallets support the `client_metadata` attribute when OIDC4VCI Draft is below or equal to 11 and the `wallet_issuer` attribute for more recent Draft, both added to the authorization request and push authorization request. Example of client_metadata: @@ -391,7 +439,7 @@ Use the developer mode to display the VC decoded inside the wallet or download i ``` -## Issuance flow example +## Full issuance flow example This example is based on the flow of [this issuer](https://talao.co/sandbox/issuer/test_2). diff --git a/docs/wallet/verifier-configuration.md b/docs/wallet/verifier-configuration.md index 515f258..eda3706 100644 --- a/docs/wallet/verifier-configuration.md +++ b/docs/wallet/verifier-configuration.md @@ -1,6 +1,6 @@ # Verifier configuration -Updated the 28th of October 2024. +Updated the 11st of November 2024. ## OIDC4VP Specifications Drafts @@ -8,7 +8,7 @@ Wallets support both OIDC4VP and SIOPV2 specifications. * [OIDC4VP Draft 18](https://openid.net/specs/openid-4-verifiable-presentations-1_0-18.html) supported * [OIDC4VP Draft 20](https://openid.net/specs/openid-4-verifiable-presentations-1_0-20.html) supported -* [OIDC4VP Draft 21](https://openid.net/specs/openid-4-verifiable-presentations-1_0.html) coming soon +* [OIDC4VP Draft 22](https://openid.net/specs/openid-4-verifiable-presentations-1_0.html) coming soon * [SIOPV2 Draft 13](https://openid.net/specs/openid-connect-self-issued-v2-1_0.html) supported ## OIDC4VP and SIOPV2 features @@ -293,7 +293,7 @@ Integration of the example provided by waltid documentation must be updated by: } ``` -## Verifier flow example +## Full verifier flow example This example is based on the flow of [this verifier](https://talao.co/sandbox/verifier/test_2). From 53f22605a2b923c524fb68f6e23a58d5e20047a7 Mon Sep 17 00:00:00 2001 From: Bastien Lopez Date: Tue, 12 Nov 2024 00:53:38 +0100 Subject: [PATCH 2/2] versioning --- docusaurus.config.ts | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docusaurus.config.ts b/docusaurus.config.ts index 3ebdfac..6cad0af 100644 --- a/docusaurus.config.ts +++ b/docusaurus.config.ts @@ -60,7 +60,7 @@ const config: Config = { type: 'docSidebar', sidebarId: 'documentationSidebar', position: 'left', - label: 'Documentation v0.1.1', + label: 'Documentation v0.1.2', }, { href: 'https://github.com/TalaoDAO',