v0.4.0 (in development)

Upgrading

  • This release changes the identifiers used by the wallet and Wallet Provider to refer to the wallet’s keys, invalidating existing keys and their identifiers. The WP’s database will therefore have to be cleared when deploying this.

  • Specifying for which attributes a relying party is authorized in a certificate has been made attestation format agnostic, meaning all existing certificates are invalid and should be regenerated to accommodate the new structure.

  • The minimum size for the ephemeral_id_secret in the configuration of the verification_server has been increased from 16 to 32 bytes.

  • The Wallet Provider no longer tracks in the database for each user if that user received a WUA. The corresponding column in the WP’s user table has been removed, so the WP’s database will therefore have to be cleared when deploying this.

  • Switched configuration of mock relying party, issuance and verification server to use DCQL (Digital Credential Query Language) for defining credential queries. (see issuance_server.example.toml)

  • The disclosed_attributes endpoint of the verifier no longer returns a JSON object keyed by the attestation type. Instead, it returns an array of attestation objects, with attestation_type added as a field in that object. This effectively removes the limitation that a particular attestation type can only appear once in disclosed attributes.

  • The WTE acronym has been replaced by WUA across the codebase, including in the Wallet Provider and PID issuer configurations, as well as their database table and column names. These configurations will need to be updated and the database migrations will need to be fresly run. In addition, a variable in the wallet configuration has been renamed, so an updated wallet configuration will need to be deployed. Also the name of the HSM key has been changed.

  • The database table used_wuas (previously known as used_wtes) is removed.

  • flutter_rust_bridge has been updated to 2.11.1, run cargo install flutter_rust_bridge_codegen --locked --version 2.11.1 to update.

  • In the wallet configuration mdoc_trust_anchors is renamed to issuer_trust_anchors.

  • The Recovery Code will now be disclosed to the Wallet Provider after PID issuance. It will be stored in the Wallet Provider’s database, so therefore the database will have to migrated when deploying this. For the Wallet Provider to be able to verify the disclosed Recovery Code, the Wallet Provider’s configuration will need to be updated with the pid_issuer_trust_anchors.

  • The disclosure query language used by OpenID4VP is now DCQL instead of Presentation Exchange. This has caused the JSON for both the verifier’s disclosed_attributes endpoint and the POST endpoint of the attestation server as used for disclosure-based issuance to be changed. Please refer to the relevant portions of the documentation.

  • The /disclosed_attributes of the verification_server now instead of returning a JSON object returns a JSON array, whose order matches that of the DCQL query that started the session.

  • The pid_issuer, issuance_server and verification_server have now separate migration binaries.

  • The typ field of JWTs is now consistently verified across the codebase. Previously, the Wallet configuration was erroneously set to "JOSE+JSON", which should be changed to "jwt".

New features

  • The wallet and Wallet Provider now use the SHA256 of the public keys to refer to the wallet’s keys, so that the wallet’s signing instructions to the WP are non-repudiable.

  • The wallet now supports issued attributes containing ‘null’ and array values.

  • The PID issuer now includes a new attribute called the recovery code, which is computed as the HMAC of the user’s BSN.

  • When identical attestations are issued, the wallet detects if the attestation already exists and renews the existing attestation. The only exception is that if the attestation will be valid in the future, the attestation will be treated as new.

  • The Wallet Provider now supports a new StartPinRecovery instruction with which the wallet can start PIN recovery if the user forgot their PIN.

  • The wallet now start with an empty database on every new version.

  • The disclosed_attributes endpoint of the verifier now includes the attestation_qualification field per disclosed attestation.

  • The wallet now supports disclosing SD-JWT credentials and the verification server supports receiving them.

  • The recovery code and login claims can be configured per PID attestation type in the wallet configuration.

  • The PID issuer and the Issuance Server now maintain a table of issued attestation batches and the corresponding issued status token claims.

  • The PID attestation types with recovery code has to be configured for the wallet-provider.

  • The wallet supports selecting one of a set of candidate attestations for disclosure, if more than one matches the request.

Code improvements

  • ReaderRegistration has been made attestation format agnostic, meaning the attributes specified in the reader certificate for which the relying party is authorized to request them are specified in a manner that works for both mdoc and SD-JWT attestations.

  • The various instructions that the wallet used to send to the Wallet Provider during issuance and disclosure are now consolidated into two instructions, one for issuance and one for disclosure, that handle everything the wallet needs at once.

  • The code now contains types that deal with Token Status Lists.

  • The GBA tooling accepts a client certificate chain.

Wallet app improvements

  • The wallet now includes a ‘video tour’ screen, where users can watch short short video tutorials to learn about the functionalities of the app.

  • The UI has been updated to support the ‘pid renewal’ flow. Currently only available in mock builds.

  • Update to Flutter 3.35.6.

  • The UI has been updated to support the ‘pin recovery’ flow. Currently only available in mock builds.

  • The UI has been updated to support the Wallet Transfer (source & target) flow. Currently only available in mock builds.

  • New ‘Need help’ and ‘Contact’ pages have been added to the menu, these are placeholders which will provide help for the end-user in the future.

  • Add a new ‘Demo’ screen, shown on the initial start of the app to inform the user about the current pilot phase.

Bug fixes

  • The PoA provided by the wallet during disclosure now uses the nonce generated by the the verifier, instead of the nonce generated by the holder, in order to prevent a possible replay attack.

CI changes

  • Configure volume mounts more naturally (and aligned with other charts) via Helm values for update-policy-server and wallet-provider.

  • Configure wallet-provider directly via Deployment instead of separate ConfigMap.

  • Capture stdout/stderr from PKCS#11 library and log lines via log library to get structured logging.

  • Base CI images on Debian Trixie.

  • Using extraPodLabels (previously extraPodlabels) correctly cased in Helm charts.

  • Using a Deployment for preload-gba-v-data pod to always keep pod alive.

  • Helm charts have option to add additional annotations on Deployment or Cronjob resources.

  • Checksum annotations in Helm charts for GBA pods is removed.

  • Split building and signing for iOS build

  • The wallet-provider ingress has an option to set the max client body size.