search

EWC-consortium / eudi-wallet-rfcs

EU Digital Identity Wallet RFCs in EWC to align towards the Large Scale Pilot (LSP) usecases. The project is co-funded by the European Union.
https://eudiwalletconsortium.org/
Apache License 2.0
21 stars 13 forks source link

WIA(or WUA) verification and validation #79

Open georgepadayatti opened 2 hours ago

georgepadayatti commented 2 hours ago

As per the last discussions we had for Wallet Instance Attestations (WIA) RFC 006, and RFC 004 within EWC (@ntsbs @lalc please confirm), it is planned to use OAuth 2.0 Attestation-Based Client Authentication for including WIA within issuance/verification transactions as HTTP headers.

Therefore suggesting a revision on the diagram provided in Chapter 4.1.

---
config:
  darkmode: false
---

sequenceDiagram
    autonumber
    participant NP as Natural person
    participant PP as LPID Provider/authentic source
    participant PPW as LPID Provider wallet
    participant CW as Legal person wallet
    participant AS as LPID Authorization server
    participant VDR 

    Note over PPW, CW: Credential offer
    PPW->>PPW: Create credential offer response
    PPW->>CW: Send credential offer response

    Note over CW,PP: Discovery of issuer capabilities
    CW->>PP: GET: /.well-known/oauth-authorization-server
    PP-->>CW: OAuth authorization server metadata

    Note over CW, AS: Authenticate & authorize
    alt Preauthorized flow
    CW->>AS: Token request + OAuth Client Attestation headers
    AS->>VDR: WIA verification and validation
    VDR-->>AS: WIA verification and validation response
    AS-->>CW: Access token
    end
    alt Authorization flow
    CW->>AS: Authorization request + OAuth Client Attestation headers
    AS->>VDR: WIA verification and validation
    VDR-->>AS: WIA verification and validation response
    AS-->>CW: Athorization response
    CW->>AS: Token request + OAuth Client Attestation headers
    AS->>VDR: WIA verification and validation
    VDR-->>AS: WIA verification and validation response
    AS-->>CW: Access Token
    end
    CW->>PPW: LPID Credential request (access token)

    Note over PPW, CW: LPID generation, issuance and storage
    PPW->>PPW: Create credential
    PPW->>PPW: Seal credential
    PPW->>PPW: Encrypt credential
    PPW-->>CW: LPID Credential
    CW->>CW: Accept and store LPID

    Note over CW, NP: Confirmation
    CW->>PPW: ACK
    PPW->>PP: ACK
    PP->>NP: Inform user
georgepadayatti commented 1 hour ago

@malinnorlander @lalc Should we point the WIA (or WUA) verification and validation part to the respective RFCs?