Rephrase conditions to provide nonce in proof types based on presence of Nonce endpoint#678
Rephrase conditions to provide nonce in proof types based on presence of Nonce endpoint#678awoie wants to merge 11 commits into
nonce in proof types based on presence of Nonce endpoint#678Conversation
…esence of nonce endpoint
paulbastian
left a comment
paulbastian
left a comment
There was a problem hiding this comment.
I can't judge for DI, but the fix on jwt proof_type looks right
Co-authored-by: Kristina <52878547+Sakurann@users.noreply.github.com>
jogu
left a comment
jogu
left a comment
There was a problem hiding this comment.
We still have the part here to solve: #676 (comment) (or we should raise a new issue for that, I don't have a strong opinion which).
I think we should apply the change to 1.0 as well.
|
Hi @awoie Please consider updating the definition of Currently the definition is
IMO this could be update to include
|
I was wondering about the same point - we should be clear where exactly nonce is required and where not. In the case of proof type |
My truth table ( 😄 ) for
|
For the attestation proof type we have this:
|
But yes, I agree with @babisRoutis. I will clean up the language again to clarify all of this since I agree it is language that can be misinterpreted. |
|
@jogu I applied the change to 1.0. Let me know if there is anything else needed wrt change log. Also added some language on pre-generated attestations and how a wallet could detect whether an issuer requires a nonce in the key attestation based on the current specification, e.g., invalid_nonce error. |
There was a problem hiding this comment.
Applied @GarethCOliver suggestion. Please review again.
As a general thought, we might use the opportunity to clean up the language a bit more and also include a table such as the one that @babisRoutis provided to make things more explicit.
|
@awoie the changes you made are in multiple places and describe how the wallet is expected to behave. I think we also need this kind on explanation in Clause 7. Nonce Endpoint. It would be useful for the Issuer's side to have the big picture here. If he provides a nonce endpoint, explain how this is expected to work, when it is mandatory to use this endpoint and when not. |
|
discussed in the WG call:
|
|
@jogu put request for changes which i think have been addressed. please re-review:
|
| * `jwk`: OPTIONAL. JOSE Header containing the key material the new Credential is to be bound to. It MUST NOT be present if `kid` or `x5c` is present. | ||
| * `x5c`: OPTIONAL. JOSE Header containing at least one certificate where the first certificate contains the key that the Credential is to be bound to, additional certificates may also be present. It MUST NOT be present if `kid` or `jwk` is present. | ||
| * `key_attestation`: OPTIONAL. JOSE Header containing a key attestation as described in (#keyattestation). If the Credential Issuer provided a `c_nonce`, the `nonce` claim in the key attestation MUST be set to a server-provided `c_nonce`. | ||
| * `key_attestation`: OPTIONAL. JOSE Header containing a key attestation as described in (#keyattestation). If the `nonce` claim is present in the key attestation, its value MUST be set to a server-provided `c_nonce` from the Nonce Endpoint as defined in (#nonce-endpoint). Note that including a `nonce` claim is left to the Wallet. In some environments, a `nonce` is unnecessary because the key material in the `key_attestation` already provides sufficient entropy and freshness. Omitting the `nonce` also enables pre-generation of attestations prior to interacting with a specific Issuer. If the Issuer returns an `invalid_nonce` error, this can be interpreted as an indication that the Issuer expects a `nonce` claim in the `key_attestation`. |
There was a problem hiding this comment.
Initially there was a suggestion to have a parameter require_nonce_in_key_attestation_in_jwt_proof and I believe that this is necessary to have, otherwise the wallet cannot know what the issuer expects without trial and error.
| * `jwk`: OPTIONAL. JOSE Header containing the key material the new Credential is to be bound to. It MUST NOT be present if `kid` or `x5c` is present. | ||
| * `x5c`: OPTIONAL. JOSE Header containing at least one certificate where the first certificate contains the key that the Credential is to be bound to, additional certificates may also be present. It MUST NOT be present if `kid` or `jwk` is present. | ||
| * `key_attestation`: OPTIONAL. JOSE Header containing a key attestation as described in (#keyattestation). If the Credential Issuer provided a `c_nonce`, the `nonce` claim in the key attestation MUST be set to a server-provided `c_nonce`. | ||
| * `key_attestation`: OPTIONAL. JOSE Header containing a key attestation as described in (#keyattestation). If the `nonce` claim is present in the key attestation, its value MUST be set to a server-provided `c_nonce` from the Nonce Endpoint as defined in (#nonce-endpoint). Note that including a `nonce` claim is left to the Wallet. In some environments, a `nonce` is unnecessary because the key material in the `key_attestation` already provides sufficient entropy and freshness. Omitting the `nonce` also enables pre-generation of attestations prior to interacting with a specific Issuer. If the Issuer returns an `invalid_nonce` error, this can be interpreted as an indication that the Issuer expects a `nonce` claim in the `key_attestation`. |
There was a problem hiding this comment.
this can be interpreted as an indication -> can it be interpreted in another way as well?
| * `jwk`: OPTIONAL. JOSE Header containing the key material the new Credential is to be bound to. It MUST NOT be present if `kid` or `x5c` is present. | ||
| * `x5c`: OPTIONAL. JOSE Header containing at least one certificate where the first certificate contains the key that the Credential is to be bound to, additional certificates may also be present. It MUST NOT be present if `kid` or `jwk` is present. | ||
| * `key_attestation`: OPTIONAL. JOSE Header containing a key attestation as described in (#keyattestation). If the Credential Issuer provided a `c_nonce`, the `nonce` claim in the key attestation MUST be set to a server-provided `c_nonce`. | ||
| * `key_attestation`: OPTIONAL. JOSE Header containing a key attestation as described in (#keyattestation). If the `nonce` claim is present in the key attestation, its value MUST be set to a server-provided `c_nonce` from the Nonce Endpoint as defined in (#nonce-endpoint). Note that including a `nonce` claim is left to the Wallet. In some environments, a `nonce` is unnecessary because the key material in the `key_attestation` already provides sufficient entropy and freshness. Omitting the `nonce` also enables pre-generation of attestations prior to interacting with a specific Issuer. If the Issuer returns an `invalid_nonce` error, this can be interpreted as an indication that the Issuer expects a `nonce` claim in the `key_attestation`. |
There was a problem hiding this comment.
Considering that the issuer can still enforce the presence of the nonce in the key_attestation, it is not actually true that including a nonce claim is left to the Wallet. Saying this is left to the wallet makes one believe that the request will succeed in both cases.
|
@jogu can you re-review? |
10 participants
Potentially fixes #677 , potentially fixes #676
Note that I created the PR based on #676 (comment).
IMO, one implication is that for
nonceclaims in akey_attestationin ajwtproof, it means, the wallet decides whether to include it which is how I interpret the current version of the spec but wanted to point this out in case it is not obvious for readers of this PR. If the issuer insists on the presence which is unlikely, it could still provide a nonce error. To improve this behaviour, we could define a dedicated issuer metadata parameter, e.g.,require_nonce_in_key_attesatation_in_jwt_proofin a backward compatible way to improve this behaviour.