Validation of payload of TrustedIsssuerRecord

[philpotisk]

Method validTrustedIssuerRecord

waltid-ssikit/src/main/kotlin/id/walt/auditor/VerificationPolicy.kt

Line 109 in 0d97840

private fun validTrustedIssuerRecord(tirRecord: TrustedIssuer): Boolean {

should be extended to validate the JWT as well as the decoded payload of the token.

[victorholo]

Hello,

We are part of EBSI4RO and have been working in understanding EBSI and Walt.id and also have been looking over the Policies. We have just been added in the trusted issuer registry and our attributes do not match with the ones tested against in the mentioned method validTrustedIssuerRecord.

Here is our issuer entry with it’s attribute https://api.preprod.ebsi.eu/trusted-issuers-registry/v2/issuers/did%3Aebsi%3AzfPHQeMuKeSE7Ff35BcH7xL
At this moment I couldn’t find a TIR entry with the strings which the code is testing against for comparison.

As seen here: https://ec.europa.eu/cefdigital/wiki/display/EBSIDOC/Trusted+Issuers+Registry+API#attribute+data+model the hash represents the keccak256 hash of the payload and the body is base64 encoded content.

I believe there isn’t any reason to validate the hash, considering it is being used as an identifier, but instead decode the base64 body which would result in something like:

{
   "@context":"https://ebsi.eu",
   "type":"attribute",
   "name":"issuer",
   "data":"5d50b3fa18dde32b384d8c6d096869de"
}

I haven’t been able to figure out what the data represents, but seems that the name and type field might be more appropriate to test against.

Also, is it safe to assume we will always have this entry at the first index of the attributes array?