in the current implementation (0.6.0) the metadata is published within the entity configuration in an arbitrary way, while the metadata protocol specific features, requirements and capabilities defined within it are not implemented yet.
We need to implement the followings:
[x] default_acr_values: checks that the LoA during the presentation satisfies the supported values
[x] default_max_age: defines how long an authenticated session, pertaining a presentation, is considered as valid. After this time period the authenticated session must expire. Specifies that the End-User MUST be actively authenticated if the End-User was authenticated longer ago than the specified number of seconds.
[x] id_token_ ..., related to SIOPv2. they we'll be implemented when the pseudonyms will be implemented
[x] presentation_definitions, the RP Must check that the disclosed attributes within the presentation matches the one required as definite in the presentation definition
[x] require_auth_time, boolean value specifying whether the auth_time Claim in the ID Token is REQUIRED. Related to SIOPv2.
[x] subject_type, already implemented. An additional qualitative check is required.
[x] vp_formats, check that the presentation format is compliant to the values defined in this parameter.
feature based, according to the metadata member that actually are implemented. Here we may issu a warning during the first execution of the proxy with the list of all the unsupported features
in the current implementation (0.6.0) the metadata is published within the entity configuration in an arbitrary way, while the metadata protocol specific features, requirements and capabilities defined within it are not implemented yet.
We need to implement the followings:
default_acr_values
: checks that the LoA during the presentation satisfies the supported valuesdefault_max_age
: defines how long an authenticated session, pertaining a presentation, is considered as valid. After this time period the authenticated session must expire. Specifies that the End-User MUST be actively authenticated if the End-User was authenticated longer ago than the specified number of seconds.id_token_ ...
, related to SIOPv2. they we'll be implemented when the pseudonyms will be implementedpresentation_definitions
, the RP Must check that the disclosed attributes within the presentation matches the one required as definite in the presentation definitionrequire_auth_time
, boolean value specifying whether theauth_time
Claim in the ID Token is REQUIRED. Related to SIOPv2.subject_type
, already implemented. An additional qualitative check is required.vp_formats
, check that the presentation format is compliant to the values defined in this parameter.