X.509 certificates PKI-based trust support

From [spec](https://spec.smarthealth.cards/#certificates):

> Certificates
> X.509 certificates can be used by issuers to indicate the issuer's participation in a PKI-based trust framework.
> 
> If the Verifier supports PKI-based trust frameworks and the Health Card issuer includes the "x5c" parameter in matching JWK entries from the .keys[] array, the Verifier establishes that the issuer is trusted as follows:
> - Verifier validates the leaf certificate's binding to the Health Card issuer by:
>    - matching the <<iss value from JWS>> to the value of a uniformResourceIdentifier entry in the certificate's Subject Alternative Name extension (see [RFC5280](https://tools.ietf.org/html/rfc5280#section-4.2.1.6)), and
>    - verifying the signature in the Health Card using the public key in the certificate.
> - Verifier constructs a valid certificate path of unexpired and unrevoked certificates to one of its trusted anchors (see [RFC5280](https://tools.ietf.org/html/rfc5280#section-6)).

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

X.509 certificates PKI-based trust support #1

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

X.509 certificates PKI-based trust support #1

Description

Metadata

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Issue actions