While reviewing the Credential Data Model described in the documentation, I observed a potential inconsistency with the requirements defined in ETSI TS 119 472-1.
Reference page:s
https://italia.github.io/eid-wallet-it-docs/versione-corrente/it/credential-data-model.html (Chapter 11.1.2 - SD-JWT-VC Electronic Attestation Format )
Specification reference
https://www.etsi.org/deliver/etsi_ts/119400_119499/11947201/01.02.01_60/ts_11947201v010201p.pdf (Chapter 5 Implementation of EAA based on SD-JWT VC )
Issue:
The current documentation describes some claims in a way that appears to diverge from the data model defined in ETSI TS 119 472-1.
In particular, for SD-JWT format, the following claims are defined as optional:
Accorting to ETSI TS 119 472-1 both claims are mandatory:
- vct#integrity is marked as mandatory - requirement EAA-5.2.1.2-03: "A SD-JWT VC EAA shall incorporate the claim vct#integrity as specified in IETF SD-JWT VC [3], clause 6"
- nbf is marked as mandatory - requirement EAA-5.2.7.1-01: "A SD-JWT VC EAA shall include the nbf claim specified in IETF RFC 7519 [4], clause 4.1.5, and further profiled in IETF SD-JWT VC [3], clause 3.2.2.2. "
Potential Impact:
- lead to incorrect implementations
- reduce interoperability with systems compliant with ETSI TS 119 472-1
- create ambiguity in credential validation or processing
Proposed fix:
Update the documentation to align with ETSI TS 119 472-1
Specifically:
- mark as MANDATORY nbf claim and add reference to ETSI TS 119 472-1
- mark as MANDATORY vct#integrity and add reference to ETSI TS 119 472-1
While reviewing the Credential Data Model described in the documentation, I observed a potential inconsistency with the requirements defined in ETSI TS 119 472-1.
Reference page:s
https://italia.github.io/eid-wallet-it-docs/versione-corrente/it/credential-data-model.html (Chapter 11.1.2 - SD-JWT-VC Electronic Attestation Format )
Specification reference
https://www.etsi.org/deliver/etsi_ts/119400_119499/11947201/01.02.01_60/ts_11947201v010201p.pdf (Chapter 5 Implementation of EAA based on SD-JWT VC )
Issue:
The current documentation describes some claims in a way that appears to diverge from the data model defined in ETSI TS 119 472-1.
In particular, for SD-JWT format, the following claims are defined as optional:
Accorting to ETSI TS 119 472-1 both claims are mandatory:
Potential Impact:
Proposed fix:
Update the documentation to align with ETSI TS 119 472-1
Specifically: