Authorization Response of Wallet-centric QES

Type

  • Editorial

Summary

Clarification on authorization response in wallet-centric QES needed

Version and Section

v2.6.2 | Advanced Wallet Features -> QES

Feedback / Questions

The article on QES mentions the authorization response from the wallet to the RP in the wallet centric model (https://bmi.usercontent.opencode.de/eudi-wallet/eidas-2.0-architekturkonzept/functions/07-qes/#response). The given example is very minimal but defined that the response is an SD-JWT. Can you extend the description on how the SD-JWT is constructed? Ideal would be a fully encoded example of the SD-JWT similar to the examples in the spec (https://datatracker.ietf.org/doc/html/draft-ietf-oauth-selective-disclosure-jwt-10#section-6.2-2).

The current version does not answer the following questions:

  • Who is the issuer of the SD-JWT?
  • How is the SD-JWT signed? What is the content of the JWT Header?
To upload designs, you'll need to enable LFS and have an admin enable hashed storage. More information