Standards¶
Below is the list of the standards and specifications used in this blueprint:
IETF Standards¶
| Standard | Version | Description |
|---|---|---|
| OAuth 2.0 Attestation-Based Client Authentication | draft 08 | This specification defines an extension to the OAuth 2 protocol as defined in [RFC6749] which enables a Client Instance to include a key-bound attestation in interactions with an Authorization Server or a Resource Server. This new method enables Client Instances involved in a client deployment that is traditionally viewed as a public client, to be able to utilize this key-bound attestation to authenticate. |
| Selective Disclosure for JWTs (SD-JWT) | RFC 9901 | This specification defines a mechanism for the selective disclosure of individual elements of a JSON data structure used as the payload of a JSON Web Signature (JWS). The primary use case is the selective disclosure of JSON Web Token (JWT) claims. |
| SD-JWT-based Verifiable Credentials (SD-JWT VC) | draft 15 | This specification describes data formats as well as validation and processing rules to express Verifiable Credentials with JSON payloads with and without selective disclosure based on the SD-JWT [I-D.ietf-oauth-selective-disclosure-jwt] format. |
| Designated Verifier Signatures for JOSE | draft 02 | This specification defines designated verifier signatures for JOSE and defines algorithms that use a combination of key agreement and MACs. |
OpenID Standards¶
| Standard | Version | Description |
|---|---|---|
| OpenID4VC High Assurance Interoperability Profile with SD-JWT VC | 1.0-draft 04 | This document defines a profile of OpenID for Verifiable Credentials in combination with the credential formats IETF SD-JWT VC [I-D.ietf-oauth-sd-jwt-vc] and ISO mdoc [ISO.18013-5]. The aim is to select features and to define a set of requirements for the existing specifications to enable interoperability among Issuers, Wallets and Verifiers of Credentials where a high level of security and privacy is required. The profiled specifications include OpenID for Verifiable Credential Issuance [OIDF.OID4VCI], OpenID for Verifiable Presentations [OIDF.OID4VP], Self-Issued OpenID Provider v2 [OIDF.SIOPv2], IETF SD-JWT VC [I-D.ietf-oauth-sd-jwt-vc], and ISO mdoc [ISO.18013-5]. |
| OpenId for Verifiable Credential Issuance | 1.0 | This specification defines an API for the issuance of Verifiable Credentials. |
| OpenID for Verifiable Presentations | 1.0 | This specification defines a protocol for requesting and presenting Credentials. |
ISO Standards¶
| Standard | Version | Description |
|---|---|---|
| ISO/IEC 18013-5 | 2021 | This document establishes interface specifications for the implementation of a driving licence in association with a mobile device. This document specifies the interface between the mDL and mDL reader and the interface between the mDL reader and the issuing authority infrastructure. This document also enables parties other than the issuing authority (e.g. other issuing authorities, or mDL verifiers in other countries) to: — use a machine to obtain the mDL data; — tie the mDL to the mDL holder; — authenticate the origin of the mDL data; — verify the integrity of the mDL data. The following items are out of scope for this document: — how mDL holder consent to share data is obtained; - requirements on storage of mDL data and mDL private keys. |
ETSI Standards¶
| Standard | Verion | Description |
|---|---|---|
| ETSI TR 119 001 | 1.2.1 | The framework for standardization of signatures: Definitions and abbreviations |
| ETSI TS 119 152-1 | 1.1.1 | Specifies a CBOR format for AdES signatures (CB-AdES) built on CBOR Object Signing and Encryption (COSE) as specified in IETF RFC 9052 |
| ETSI TS 119 182-1 | 1.2.1 | Specifies JSON-based advanced electronic signature formats (JAdES) for interoperable and long-term validation |
| ETSI TS 119 411-8 | 1.1.1 | Defines Access Certificate Policy for EUDI Wallet Relying Parties . |
| ETSI TS 119 432 | 1.3.1 | Defines protocols for remote digital signature creation. |
| ETSI TS 119 461 | 2.1.1 | Specifies policy and security requirements for trust service components providing identity proofing of trust service subjects |
| ETSI TS 119 471 | 1.1.1 | Defines Policy and Security requirements for Providers of Electronic Attestation of Attributes Services |
| ETSI TS 119 472-1 | 1.2.1 | Specifies the general requirements and data models for Electronic Attestations of Attributes (EAA) |
| ETSI TS 119 472-2 | 1.1.1 | Specifies profiles for EAA/PID presentations to relying parties |
| ETSI TS 119 472-3 | 1.1.1 | Specifies profiles for issuance of EAA or PID |
| ETSI TS 119 475 | 1.2.1 | Structure of registration certificates with rulebook references |
| ETSI TS 119 478 | 1.1.1 | Specification of interfaces related to Authentic Sources |
| ETSI TS 119 602 | 1.1.1 | Specifies the Lists of Trusted Entities (LoTE) data model |
| ETSI TS 119 612 | 2.4.1 | Specifies the technical specifications for Trusted Lists |
| ETSI EN 319 102-1 | 1.4.1 | Procedures for Creation and Validation of AdES Digital Signatures |
| ETSI EN 319 122-1 | 1.3.1 | Specifies the CAdES (CMS Advanced Electronic Signatures) format, defining the technical requirements for advanced electronic signatures based on the Cryptographic Message Syntax (CMS) for binary data and documents |
| ETSI EN 319 132-1 | 1.3.1 | Specifies the XML Advanced Electronic Signatures (XAdES) format, defining the baseline requirements for creating and validating structured digital signatures within XML documents |
| ETSI EN 319 162 | 1.1.1 | Specifies the building blocks and the baseline containers of the Associated Signature Containers (ASiC) |
CSC Technical Specifications¶
| Technical Specification | Version | Description |
|---|---|---|
| CSC API | 2.2.0.0 | Provides a standardized interface for interoperable, cloud-based digital signatures and remote signing. |
| CSC Data Model | 1.0.0 | Defines data models for (a) Requesting a signature, (b) Requesting a signing operation, © Authorization of a signing operation |
| CSC Data Model Bindings | 1.0.0 | Describes bindings of the CSC data model for use cases that are out of scope for CSC but may be used in relation with the CSC API. |
CEN Standards¶
| Standard | Version | Description |
|---|---|---|
| CEN EN 419 241-1 | 2108 | Specifies security requirements and recommendations for Trustworthy Systems Supporting Server Signing (TW4S) that generate digital signatures. |