WIA missing client_status claim: spec references a Status List that the WIA JWT does not contain
Summary
The specification references a "Wallet Instance Attestation Status List" in multiple normative and descriptive passages, but the WIA JWT claim table contains no field through which that status list can be conveyed. This leaves verifiers with no way to locate the status list from the token itself.
Where the Status List is referenced
The following passages all assume the WIA carries a resolvable status list reference:
What the WIA JWT actually contains
The WIA claims table (wallet-provider-endpoint.rst L428–L461) defines only iss, sub, iat, exp, nbf, cnf, wallet_link, and wallet_name. There is no status or client_status field. The non-normative example examples/wa-jwt_example_payload.json confirms this. The only revocation-related content in the WIA section is a note at L474 pointing to TS3 Section 2.5.1 as the preferred mechanism, without defining any claim in the token.
Conflict with EUDI-TS 3
TS3 Section 2.3.1 states:
"A Wallet Provider SHALL include a client_status object in every WIA it issues, with a status sub-field referencing a status list entry that represents the revocation state of the Wallet Instance."
TS3 Section 2.4.1 further requires a companion exp sub-field in client_status. The IT Wallet spec diverges from these SHALL requirements without explanation, while simultaneously citing the same TS3 in normative references and using its revocation terminology throughout.
It seems that the client_status claim (with status sub-field containing idx and uri, and exp sub-field) as defined in TS3 Sections 2.3.1 and 2.4.1 is missing from the WIA claims table and from examples/wa-jwt_example_payload.json. If this is intentional, it would be helpful to understand the rationale, given that the spec continues to reference the Wallet Instance Attestation Status List in several normative passages.
WIA missing
client_statusclaim: spec references a Status List that the WIA JWT does not containSummary
The specification references a "Wallet Instance Attestation Status List" in multiple normative and descriptive passages, but the WIA JWT claim table contains no field through which that status list can be conveyed. This leaves verifiers with no way to locate the status list from the token itself.
Where the Status List is referenced
The following passages all assume the WIA carries a resolvable status list reference:
wallet-instance-lifecycle.rstL52: "The Wallet Provider can simply change the status of the Wallet Instance Attestation in the Wallet Instance Attestation Status List to mark it as revoked."wallet-instance-lifecycle.rstL125: "the Wallet Instance is revoked […] which is reflected on the Wallet Instance Attestation Status List."wallet-instance-revocation.rstL116: Credential Issuers verify a WIA is "not revoked — checking the Wallet Instance Attestation Status List."wallet-instance-revocation.rstL118: Credential Issuers check the "Wallet Instance Attestation Status List" every 24 hours.wallet-instance-revocation.rstL120: "The IT Wallet specification RECOMMENDS to use the Status List of the Wallet Instance Attestation."What the WIA JWT actually contains
The WIA claims table (
wallet-provider-endpoint.rstL428–L461) defines onlyiss,sub,iat,exp,nbf,cnf,wallet_link, andwallet_name. There is nostatusorclient_statusfield. The non-normative exampleexamples/wa-jwt_example_payload.jsonconfirms this. The only revocation-related content in the WIA section is a note at L474 pointing to TS3 Section 2.5.1 as the preferred mechanism, without defining any claim in the token.Conflict with EUDI-TS 3
TS3 Section 2.3.1 states:
TS3 Section 2.4.1 further requires a companion
expsub-field inclient_status. The IT Wallet spec diverges from these SHALL requirements without explanation, while simultaneously citing the same TS3 in normative references and using its revocation terminology throughout.It seems that the
client_statusclaim (withstatussub-field containingidxanduri, andexpsub-field) as defined in TS3 Sections 2.3.1 and 2.4.1 is missing from the WIA claims table and fromexamples/wa-jwt_example_payload.json. If this is intentional, it would be helpful to understand the rationale, given that the spec continues to reference the Wallet Instance Attestation Status List in several normative passages.