Broaden transaction data requirements #421
+26
−10
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
|
|
@@ -314,7 +314,6 @@ This enables the Wallet to assess the Verifier's capabilities, allowing it to tr | |
|
|
||
| * `type`: REQUIRED. String that identifies the type of transaction data . This value determines parameters that can be included in the `transaction_data` object. The specific values are out of scope of this specification. It is RECOMMENDED to use collision-resistant names for `type` values. | ||
| * `credential_ids`: REQUIRED. Array of strings each referencing a Credential requested by the Verifier that can be used to authorize this transaction. In [@!DIF.PresentationExchange], the string matches the `id` field in the Input Descriptor. In the Digital Credentials Query Language, the string matches the `id` field in the Credential Query. If there is more than one element in the array, the Wallet MUST use only one of the referenced Credentials for transaction authorization. | ||
|
|
||
| Each document specifying details of a transaction data type defines what Credential(s) can be used to authorize those transactions. Those Credential(s) can be issued specifically for the transaction authorization use case or re-use existing Credential(s) used for user identification. A mechanism for Credential Issuers to express that a particular Credential can be used for authorization of transaction data is out of scope for this specification. | ||
|
|
||
|
|
@@ -324,7 +323,6 @@ The following is a non-normative example of a transaction data content, after ba | |
| { | ||
| "type": "example_type", | ||
| "credential_ids": [ "id card credential" ], | ||
| // other transaction data type specific parameters | ||
| } | ||
| ``` | ||
|
|
@@ -1192,12 +1190,7 @@ The following is a non-normative example of the payload of the JWT used in the e | |
|
|
||
| The transaction data mechanism enables a binding between the user's identification/authentication and the user’s authorization, for example to complete a payment transaction, or to sign specific document(s) using QES (Qualified Electronic Signatures). This is achieved by signing the transaction data used for user authorization with the user-controlled key used for proof of possession of the Credential being presented as a means for user identification/authentication. | ||
|
|
||
| The Wallet that received the `transaction_data` parameter in the request MUST include a representation or reference to the data in the respective credential presentation. How this is done is part of the specification of any Credential Format that supports it, such as some of those in (#format_specific_parameters). If the Wallet does not support `transaction_data` parameter, it MUST return an error. | ||
|
|
||
| ## Error Response {#error-response} | ||
|
|
||
|
|
@@ -2174,6 +2167,10 @@ The following is a non-normative example of the Verifiable Presentation in the ` | |
|
|
||
| <{{examples/response/ldp_vp.json}} | ||
|
|
||
| ### Transaction Data | ||
|
|
||
| The W3C Verifiable Credentials format does not support transaction data as specified in (#transaction_data). | ||
|
|
||
| ## AnonCreds | ||
|
|
||
| AnonCreds is a Credential format defined as part of the Hyperledger Indy project [@Hyperledger.Indy]. | ||
|
|
@@ -2234,6 +2231,10 @@ The following is the content of the `vp_token` parameter: | |
|
|
||
| <{{examples/response/ac_vp_sd.json}} | ||
|
|
||
| ### Transaction Data | ||
|
|
||
| The AnonCreds format does not support transaction data as specified in (#transaction_data). | ||
|
|
||
| ## Mobile Documents or mdocs (ISO/IEC 18013 and ISO/IEC 23220 series) {#mdocs} | ||
|
|
||
| ISO/IEC 18013-5:2021 [@ISO.18013-5] defines a mobile driving license (mDL) Credential in the mobile document (mdoc) format. Although ISO/IEC 18013-5:2021 [@ISO.18013-5] is specific to mobile driving licenses (mDLs), the Credential format can be utilized with any type of Credential (or mdoc document types). The ISO/IEC 23220 series has extracted components from ISO/IEC 18013-5:2021 [@ISO.18013-5] and ISO/IEC TS 18013-7 [@ISO.18013-7] that are common across document types to facilitate the profiling of the specification for other document types. The core data structures are shared between ISO/IEC 18013-5:2021 [@ISO.18013-5], ISO/IEC 23220-2 [@ISO.23220-2], ISO/IEC 23220-4 [@ISO.23220-4] which are encoded in CBOR and secured using COSE_Sign1. | ||
|
|
@@ -2251,6 +2252,10 @@ ISO/IEC TS 18013-7 Annex B [@ISO.18013-7] and ISO/IEC 23220-4 [@ISO.23220-4] Ann | |
| The `SessionTranscript` and `Handover` CBOR structure when the invocation does not use the DC API. Also see (#non-dc-api-invocation). | ||
| * Additional restrictions on Authorization Request and Authorization Response parameters to ensure compliance with ISO/IEC TS 18013-7 [@ISO.18013-7] and ISO/IEC 23220-4 [@ISO.23220-4]. For instance, to comply with ISO/IEC TS 18013-7 [@ISO.18013-7], only the same-device flow is supported, the `request_uri` Authorization Request parameter is required, and the Authorization Response has to be encrypted. | ||
|
|
||
| ### Transaction Data | ||
|
|
||
| Some document types support some transaction data ((#transaction_data)) to be protected using mdoc authentication, as part of the `DeviceSigned` data structure [@ISO.18013-5]. In those cases, the specifications of these document types include which transaction data types are supported and how the transaction data parameters map to namespaces and device-signed items. If a Wallet receives a request with a `transaction_data` type that is not specified for the document type, the Wallet MUST reject the request due to an unsupported transaction data type. | ||
|
|
||
| ### DCQL Query and Response | ||
|
|
||
| This section defines ISO mdoc specific DCQL Query and Response parameters. | ||
|
|
@@ -2384,6 +2389,19 @@ __Claim `birthdate`__: | |
| * Contents: | ||
| `["6Ij7tM-a5iVPGboS5tmvVA", "birthdate", "1940-01-01"]` | ||
|
|
||
| ### Transaction Data | ||
|
|
||
| The SD JWT VC format supports `transaction_data` as specified in (#transaction_data). If used, it is recommended that the transaction data type specification includes the following parameter, in addition to `type` and `credential_ids` from (#new_parameters): | ||
|
|
||
| * `transaction_data_hashes_alg`: OPTIONAL. Array of strings each representing a hash algorithm identifier, one of which MUST be used to calculate hashes in `transaction_data_hashes` response parameter. The value of the identifier MUST be a hash algorithm value from the "Hash Name String" column in the IANA "Named Information Hash Algorithm" registry [@IANA.Hash.Algorithms] or a value defined in another specification and/or profile of this specification. | ||
|
There was a problem hiding this comment. wouldn't it be better to have an array of objects containing the hash and the corresponding hash alg? There was a problem hiding this comment. Possibly, yes: #442. I did not yet look into this. Seems like it needs a separate PR. |
||
|
|
||
| If the Wallet received the `transaction_data` parameter in the request, it MUST include in the Key Binding JWT as a top level claim a `transaction_data_hashes` parameter defined below. | ||
|
|
||
| * `transaction_data_hashes`: Array of hashes, where each hash is calculated using a hash function over the data in the strings received in the `transaction_data` request parameter. Each hash value ensures the integrity of, and maps to, the respective transaction data object. If `transaction_data_hashes_alg` was specified in the request, the hash function MUST be one of its values. If `transaction_data_hashes_alg` was not specified in the request, the hash function MUST be `sha-256`. | ||
| * `transaction_data_hashes_alg`: REQUIRED when this parameter was present in the `transaction_data` request parameter. String representing the hash algorithm identifier used to calculate hashes in `transaction_data_hashes` response parameter. | ||
|
There was a problem hiding this comment. why does the text have the transaction_data_hashes_alg twice? There was a problem hiding this comment. Which two instances do you mean? There was a problem hiding this comment. Ah I see now: it’s once for inclusion in the request (specifying options), and once consequently in the response (specifying the selected option). I’d like to have something simpler, but don’t think the current PR should change these semantics. |
||
|
|
||
| Note: This means that transaction data mechanism requires use of a SD-JWT VCs with cryptographic key binding. | ||
|
|
||
| ### Verifier Metadata | ||
|
|
||
| The `format` value in the `vp_formats` parameter of the Verifier metadata MUST have the key `dc+sd-jwt`, and the value is an object consisting of the following name/value pairs: | ||
|
|
@@ -2442,8 +2460,6 @@ The following requirements apply to the `nonce` and `aud` claims in the Key Bind | |
|
|
||
| Note that for an unsigned Authorization Request over the DC API, the `client_id` parameter is not used. Instead, the effective Client Identifier is derived from the Origin, as described in (#dc_api_request). | ||
|
|
||
| The following is a non-normative example of the content of the `presentation_submission` parameter: | ||
|
|
||
| <{{examples/response/ps_sd_jwt_vc.json}} | ||
|
|
||
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Is it just recommended or is this how the data must be represented in SD-JWTs?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
If we can still include new mandatory requirements at this stage, let’s indeed make it mandatory.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I would however suggest to have that detail in a separate issue/PR, to keep the current one’s scope limited to enabling the use of transaction data in other credential formats such as X.509.