Merge pull request #59 from peppelinux/fix-assertion

fix: missing attestation to assertion replacements this PR resolves several missing definitions
peppelinux · May 25, 2024 · 175dff1 · 175dff1
2 parents cda96eb + 813922b
commit 175dff1
Showing 1 changed file with 17 additions and 16 deletions.
diff --git a/draft-demarco-oauth-status-attestations.md b/draft-demarco-oauth-status-attestations.md
@@ -161,8 +161,8 @@ to check the revocation status of a Digital Credential could
 be deemed as excessive monitoring of the End-User's activities.
 
 This could potentially infringe upon the End-User's right to privacy,
-as outlined in [Article 8 of the European Convention on Human Rights]
-(https://www.echr.coe.int/documents/convention_eng.pdf) and
+as outlined in
+[Article 8 of the European Convention on Human Rights](https://www.echr.coe.int/documents/convention_eng.pdf) and
 in the the European Union's General Data Protection Regulation
 ([GDPR](https://gdpr-info.eu/)),
 by creating a detailed profile of the End-User's
@@ -211,12 +211,13 @@ possession mechanisms. This includes, but is not limited to:
 2. Controlling the confirmation method of the Credential, using the Credential's `cnf` parameter.
 
 The essence of requiring proof of possession over the Credential
-through the confirmation method, such has proving the control of the cryptographic material related to a Credential, is
+through the confirmation method, such has proving the control of the
+cryptographic material related to a Credential, is
 to ensure that the entity in possession of the Credential can execute
 actions exclusively reserved to the legitimate Holder.
 The dual-layered approach of requiring both possession of the
-Credential and control over it, reinforces the security and integrity of the Status
-Assertion process.
+Credential and control over it, reinforces the security and integrity
+of the Status Assertion process.
 This ensures that the Holder requesting a Status Assertion is indeed
 the same Holder to which the Credential was originally issued,
 affirming the authenticity and rightful possession of the Credential.
@@ -268,19 +269,19 @@ When the JWT or CWT format are used, the JWT/CWT MUST contain the parameters def
 
 | Header | Description | Reference |
 | --- | --- | --- |
-| **typ** | It MUST be set to `status-attestation+jwt` when JWT format is used. It MUST be set to `status-attestation+cwt` when CWT format is used. | {{RFC7516}} Section 4.1.1 |
+| **typ** | It MUST be set to `status-assertion+jwt` when JWT format is used. It MUST be set to `status-assertion+cwt` when CWT format is used. | {{RFC7516}} Section 4.1.1 |
 | **alg** | A digital signature algorithm identifier such as per IANA "JSON Web Signature and Encryption Algorithms" registry. It MUST NOT be set to `none` or any symmetric algorithm (MAC) identifier. | {{RFC7516}} Section 4.1.1 |
-| **kid** | Unique identifier of the `JWK or` `Cose_Key` used for the signature of the Status Attestation Request, it MUST match the one contained in the Credential. | {{RFC7515}} |
+| **kid** | Unique identifier of the `JWK or` `Cose_Key` used for the signature of the Status Assertion Request, it MUST match the one contained in the Credential. | {{RFC7515}} |
 
 | Payload | Description | Reference |
 | --- | --- | --- |
 | **iss** | Status Assertion Request Issuer identifier. The value is supposed to be used for identifying the Wallet that has issued the request. It is out of scope for this document defining how this value must be set. | {{RFC9126}}, {{RFC7519}} |
-| **aud** | It MUST be set with the Credential Issuer Status Attestation endpoint URL as value that identify the intended audience. | {{RFC9126}}, {{RFC7519}} |
+| **aud** | It MUST be set with the Credential Issuer Status Assertion endpoint URL as value that identify the intended audience. | {{RFC9126}}, {{RFC7519}} |
 | **exp** | UNIX Timestamp with the expiration time of the JWT. It MUST be superior to the value set for `iat` . | {{RFC9126}}, {{RFC7519}}, {{RFC7515}} |
 | **iat** | UNIX Timestamp with the time of JWT/CWT issuance. | {{RFC9126}}, {{RFC7519}} |
 | **jti** | Unique identifier for the JWT.  | {{RFC7519}} Section 4.1.7 |
-| **credential_hash** | Hash value of the Digital Credential the Status Attestation is bound to. | this specification |
-| **credential_hash_alg** | The Algorithm used of hashing the Digital Credential to which the Status Attestation is bound. The value SHOULD be set to `sha-256`. | this specification |
+| **credential_hash** | Hash value of the Digital Credential the Status Assertion is bound to. | this specification |
+| **credential_hash_alg** | The Algorithm used of hashing the Digital Credential to which the Status Assertion is bound. The value SHOULD be set to `sha-256`. | this specification |
 
 Below is a non-normative example of a Status Assertion Request with
 the JWT headers and payload are represented without applying signature and
@@ -312,14 +313,14 @@ and payload are presented without applying signature and encoding for better rea
    [
        / protected / << {
        / alg / 1: -7 / ES256 /
-       / typ / 16: -7 / status-attestation-request+cwt /
+       / typ / 16: -7 / status-assertion-request+cwt /
        / kid / 4: h'3132' / $CREDENTIAL-CNF-CWKID /
      } >>,
      / unprotected / {
      },
      / payload / << {
        / iss    / 1: 0b434530-e151-4c40-98b7-74c75a5ef760 /,
-       / aud    / 3: https://issuer.example.org/status-attestation-endpoint /,
+       / aud    / 3: https://issuer.example.org/status-assertion-endpoint /,
        / iat    / 6: 1698744039 /,
        / exp    / 4: 1698830439 /,
        / cti    / 7: 6f204f7e-e453-4dfd-814e-9d155319408c /,
@@ -408,15 +409,15 @@ table below:
 
 | Header | Description | Reference |
 | --- | --- | --- |
-| **typ** | Depending on the related Status Assertion Request object format, it MUST be set to `status-attestation-error+jwt` or `status-attestation-error+cwt`. | {{RFC7516}} Section 4.1.1 |
+| **typ** | Depending on the related Status Assertion Request object format, it MUST be set to `status-assertion-error+jwt` or `status-assertion-error+cwt`. | {{RFC7516}} Section 4.1.1 |
 | **alg** | It MUST set to `none`. | {{RFC7516}} Section 4.1.1 |
 
 | Payload | Description | Reference |
 | --- | --- | --- |
 | **iss** | It MUST be set to the identifier of the Issuer. | {{RFC9126}}, {{RFC7519}} |
 | **jti** | Unique identifier for the JWT.  | {{RFC7519}} Section 4.1.7 |
-| **credential_hash** | Hash value of the Digital Credential the Status Attestation is bound to, according to the related Status Assertion Request object. | this specification |
-| **credential_hash_alg** |  The Algorithm used of hashing the Digital Credential to which the Status Attestation is bound. The value SHOULD be set to `sha-256`. | this specification |
+| **credential_hash** | Hash value of the Digital Credential the Status Assertion is bound to, according to the related Status Assertion Request object. | this specification |
+| **credential_hash_alg** |  The Algorithm used of hashing the Digital Credential to which the Status Assertion is bound. The value SHOULD be set to `sha-256`. | this specification |
 | **error** | The value SHOULD be assigned one of the error types as specified in the {{RFC6749}} [Section 5.2](https://tools.ietf.org/html/rfc6749#section-5.2) or the others as defined in table below  | {{RFC7519}} Section 4.1.7 |
 | **error_description** | Text in human-readable form that offers more details to clarify the nature of the error encountered (for instance, changes in some attributes, reasons for revocation, other).  | {{RFC7519}} Section 4.1.7 |
 
@@ -457,7 +458,7 @@ The Status Assertion MUST contain the parameters defined below.
 | Header Parameter Name | Description | Reference |
 | --- | --- | --- |
 | **alg** | A digital signature algorithm identifier such as per IANA "JSON Web Signature and Encryption Algorithms" registry. It MUST NOT be set to `none` or to a symmetric algorithm (MAC) identifier. | {{RFC7515}}, {{RFC7517}} |
-| **typ** | It MUST be set to `status-attestation+jwt` when JWT format is used. It MUST be set to `status-attestation+cwt` when CWT format is used. | {{RFC7515}}, {{RFC7517}} and this specification |
+| **typ** | It MUST be set to `status-assertion+jwt` when JWT format is used. It MUST be set to `status-assertion+cwt` when CWT format is used. | {{RFC7515}}, {{RFC7517}} and this specification |
 | **kid** | Unique identifier of the Credential Issuer JWK | {{RFC7515}} |
 
 | Payload Parameter Name | Description | Reference |