As per the last discussions we had for Wallet Instance Attestations (WIA) RFC 006, and RFC 004 within EWC (@ntsbs @lalc please confirm), it is planned to use OAuth 2.0 Attestation-Based Client Authentication for including WIA within issuance/verification transactions as HTTP headers.
Therefore suggesting a revision on the diagram provided in Chapter 4.1.
---
config:
darkmode: false
---
sequenceDiagram
autonumber
participant NP as Natural person
participant PP as LPID Provider/authentic source
participant PPW as LPID Provider wallet
participant CW as Legal person wallet
participant AS as LPID Authorization server
participant VDR
Note over PPW, CW: Credential offer
PPW->>PPW: Create credential offer response
PPW->>CW: Send credential offer response
Note over CW,PP: Discovery of issuer capabilities
CW->>PP: GET: /.well-known/oauth-authorization-server
PP-->>CW: OAuth authorization server metadata
Note over CW, AS: Authenticate & authorize
alt Preauthorized flow
CW->>AS: Token request + OAuth Client Attestation headers
AS->>VDR: WIA verification and validation
VDR-->>AS: WIA verification and validation response
AS-->>CW: Access token
end
alt Authorization flow
CW->>AS: Authorization request + OAuth Client Attestation headers
AS->>VDR: WIA verification and validation
VDR-->>AS: WIA verification and validation response
AS-->>CW: Athorization response
CW->>AS: Token request + OAuth Client Attestation headers
AS->>VDR: WIA verification and validation
VDR-->>AS: WIA verification and validation response
AS-->>CW: Access Token
end
CW->>PPW: LPID Credential request (access token)
Note over PPW, CW: LPID generation, issuance and storage
PPW->>PPW: Create credential
PPW->>PPW: Seal credential
PPW->>PPW: Encrypt credential
PPW-->>CW: LPID Credential
CW->>CW: Accept and store LPID
Note over CW, NP: Confirmation
CW->>PPW: ACK
PPW->>PP: ACK
PP->>NP: Inform user
As per the last discussions we had for Wallet Instance Attestations (WIA) RFC 006, and RFC 004 within EWC (@ntsbs @lalc please confirm), it is planned to use OAuth 2.0 Attestation-Based Client Authentication for including WIA within issuance/verification transactions as HTTP headers.
Therefore suggesting a revision on the diagram provided in Chapter 4.1.