feat: Added credential_status_detail in the status assertion

italia · Sep 30, 2024 · f38822e · f38822e
1 parent 2e0d943
commit f38822e
Show file tree

Hide file tree

Showing 3 changed files with 28 additions and 0 deletions.
diff --git a/docs/en/pid-eaa-entity-configuration.rst b/docs/en/pid-eaa-entity-configuration.rst
@@ -118,7 +118,12 @@ The *openid_credential_issuer* metadata MUST contain the following claims.
 
                 - **name**: String value of a display name for the claim.
                 - **locale**: String value that identifies the language of this object represented as a language tag taken from values defined in *BCP47* :rfc:`5646`. There MUST be only one object for each language identifier.
+  * - **credential_status_detail_supported**
+    - JSON object that outlines the details of each validity status supported by the PID/(Q)EAA Provider related to the credentials issued. It contains ``Display`` array containing a list of states with the corresponding descriptions and language identifiers. The parameter that MUST be included are:
 
+        - **state**: String value of a credential status supported.
+        - **description**: String containing the description of the status related to this object.
+        - **locale**: String value that identifies the language of this object represented as a language tag taken from values defined in *BCP47* :rfc:`5646`. There MUST be only one object for each language identifier.
   * - **jwks**
     - JSON Web Key Set document, passed by value, containing the protocol specific keys for the Credential Issuer. See `OID-FED`_ Section 5.2.1 and `JWK`_.
 

diff --git a/docs/en/revocation-lists.rst b/docs/en/revocation-lists.rst
@@ -267,6 +267,9 @@ Below a non-normative example of a Revocation Assertion object in JWT format, wi
     "credential_hash": $CREDENTIAL-HASH,
     "credential_hash_alg": "sha-256",
     "credential_status_validity": false,
+    "credential_status_detail": {
+      "state": "invalid"
+    },
     "cnf": {
       "jwk": {
         "kty": "EC",
@@ -648,6 +651,9 @@ When the JWT format is used, the Revocation Assertion MUST contain the following
     * - **credential_status_validity**
       - Boolean value indicating the absolute validity of the Credential linked to the Status Assertion. It MUST be set with the value `false`.
       - `OAUTH-STATUS-ASSERTION`_.
+    * - **credential_status_detail**
+      - Object containing detailed information about the real status of the credential. IT MUST contains ``state`` claim that MUST be set with one of the values defined in the *credential_status_detail_supported* mapped in the Credential Issuer Metadata.
+      - `OAUTH-STATUS-ASSERTION`_.
 
 
 Status Assertion
@@ -699,6 +705,9 @@ When the JWT format is used, the Status Assertion MUST contain the following cla
     * - **credential_status_validity**
       - Boolean value indicating the absolute validity of the Credential linked to the Status Assertion. It is REQUIRED and it MUST be set with the value "false" or "true".
       - `OAUTH-STATUS-ASSERTION`_.
+    * - **credential_status_detail**
+      - REQUIRED if **credential_status_validity** is set to `false`. Object containing detailed information about the real status of the credential. IT MUST contains ``state`` claim that MUST be set with one of the values defined in the *credential_status_detail_supported* mapped in the Credential Issuer Metadata.
+      - `OAUTH-STATUS-ASSERTION`_.
     * - **cnf**
       - JSON object containing confirmation methods. The sub-member contained within `cnf` member, such as `jwk` for JWT, MUST match with the one provided within the related Digital Credential. Other confirmation methods can be utilized when the referenced Digital Credential supports them, in accordance with the relevant standards.
       - `[RFC7800, Section 3.1] <https://www.iana.org/go/rfc7800>`_ and `[RFC8747, Section 3.1] <https://www.iana.org/go/rfc7800>`_.

diff --git a/examples/ec-eaa.json b/examples/ec-eaa.json
@@ -457,6 +457,20 @@
                     }
                 }
             },
+            "credential_status_detail_supported": {
+                "display": [
+                    {
+                    "state": "Invalida",
+                    "description": "La credenziale non è più utilizzabile in quanto è stata revocata. Questo stato è irreversibile",
+                    "locale": "it-IT"
+                    },
+                    {
+                    "state": "Invalid",
+                    "description": "The Credential is no longer usable as it has been revoked. This state is irreversible",
+                    "locale": "en-US"
+                    }
+                ]
+            },
             "jwks": {
                 "keys": [
                     {