Release notes v0.4.0

Upgrading

  • This release changes the identifiers used by the wallet and Wallet Provider to refer to the wallet’s keys, invalidating existing keys and their identifiers. The WP’s database will therefore have to be cleared when deploying this.

  • Specifying for which attributes a relying party is authorized in a certificate has been made attestation format agnostic, meaning all existing certificates are invalid and should be regenerated to accomodate the new structure.

  • The minimum size for the ephemeral_id_secret in the configuration of the verification_server has been increased from 16 to 32 bytes.

  • Switched configuration of mock relying party, issuance and verification server to use DCQL (Digital Credential Query Language) for defining credential queries. (see issuance_server.example.toml)

New features

  • The wallet and Wallet Provider now use the SHA256 of the public keys to refer to the wallet’s keys, so that the wallet’s signing instructions to the WP are non-repudiable.

  • The wallet now supports issued attributes containing ‘null’ values.

  • The PID issuer now includes a new attribute called the recovery code, which is computed as the HMAC of the user’s BSN.

  • When identical attestations are issued, the wallet detects if the attestation already exists and renews the existing attestation. The only exception is that if the attestation will be valid in the future, the attestation will be treated as new.

Code improvements

  • ReaderRegistration has been made attestation format agnostic, meaning the attributes specified in the reader certificate for which the relying party is authorized to request them are specified in a manner that works for both mdoc and SD-JWT attestations.

Wallet app improvements

  • The wallet now includes a ‘video tour’ screen, where users can watch short short video tutorials to learn about the functionalities of the app.

Bug fixes

CI changes

  • Configure volume mounts more naturally (and aligned with other charts) via Helm values for update-policy-server and wallet-provider.

  • Configure wallet-provider directly via Deployment instead of separate ConfigMap.

  • Capture stdout/stderr from PKCS#11 library and log lines via log library to get structured logging