Difference between revisions of "VICAL"
From MgmtWiki
(Created page with "==Full Title== The VICAL is the new name for the ISO 18013-5 master list of certificates for issuers (and perhaps others) for Mobile Driver's Licenses. ==AAMVA== Thes...") |
(→ISO) |
||
| (10 intermediate revisions by the same user not shown) | |||
| Line 1: | Line 1: | ||
==Full Title== | ==Full Title== | ||
| − | The [[VICAL]] | + | The [[VICAL]] I(Verified issuer certificate authority list) s the new name for the ISO 18013-5 master list of certificates for issuers (and perhaps others) for [[Mobile Driver's License]]s. |
==AAMVA== | ==AAMVA== | ||
These are notes from AAMVA who may wish to implement a VICAL. | These are notes from AAMVA who may wish to implement a VICAL. | ||
| − | *The VICAL is | + | *The VICAL is validated by verification of the VICAL signing key which will be provided to the RPs. Any specific requirements from a governance/policy perspective regarding the requirements that must be met for inclusion in the MVP will be determined at a later time |
| − | validated by verification of the VICAL signing key which will be provided to | + | * AAMVA’s desire is that during normal VICAL generation and signing that AAMVA personnel would not need to be involved. However, if you feel that it is important feel free to propose it. |
| − | the RPs. Any specific requirements from a governance/policy perspective | + | * Given the limited scope, number of participants and expected duration of the MVP... AAMVA does not believe it is required that the solution reside in a [[FedRamp]] certified/compliant environment. |
| − | regarding the requirements that must be met for inclusion in the MVP | + | |
| − | will be determined at a later time | + | ==ISO 18013-5== |
| + | |||
| + | APPENDIX - Master list CDDL profile | ||
| + | |||
| + | The master list profile uses a COSE_Sign structure with the X509 (chain) element from draft-ietf-cose-x509-07 to the ML signer certificate. | ||
| + | |||
| + | The payload shall use the following [[CDDL]] structure: | ||
| + | |||
| + | MasterList = { | ||
| + | "type" : tstr ; currently "1.0" | ||
| + | "version" : tstr : currenlty "1.0" | ||
| + | "date" : tdate ; date-time according to RFC 7049 (eg 1990-12-31T23:59:60Z) | ||
| + | ? "nextUpdate" : tdate ; date-time according to RFC 7049 | ||
| + | "certificateInfo : [+ CertificateInfo] | ||
| + | } | ||
| + | |||
| + | CertificateInfo = { | ||
| + | "issuingCountry": tstr ; ISO3166-1 or ISO3166-2 depending on the issuer | ||
| + | ? "issuingAuthority": tstr | ||
| + | ? "stateOrProvinceName": tstr | ||
| + | ? "docType": tstr | ||
| + | "certStructure" : CertStructure | ||
| + | } | ||
| + | |||
| + | CertStructure = { | ||
| + | ? "DN": bstr | ||
| + | "ski": bstr | ||
| + | "certificate" : bstr | ||
==References== | ==References== | ||
[[Category: Trust]] | [[Category: Trust]] | ||
| + | [[Category: Mobile]] | ||
Latest revision as of 08:58, 3 September 2021
Contents
Full Title
The VICAL I(Verified issuer certificate authority list) s the new name for the ISO 18013-5 master list of certificates for issuers (and perhaps others) for Mobile Driver's Licenses.
AAMVA
These are notes from AAMVA who may wish to implement a VICAL.
- The VICAL is validated by verification of the VICAL signing key which will be provided to the RPs. Any specific requirements from a governance/policy perspective regarding the requirements that must be met for inclusion in the MVP will be determined at a later time
- AAMVA’s desire is that during normal VICAL generation and signing that AAMVA personnel would not need to be involved. However, if you feel that it is important feel free to propose it.
- Given the limited scope, number of participants and expected duration of the MVP... AAMVA does not believe it is required that the solution reside in a FedRamp certified/compliant environment.
ISO 18013-5
APPENDIX - Master list CDDL profile
The master list profile uses a COSE_Sign structure with the X509 (chain) element from draft-ietf-cose-x509-07 to the ML signer certificate.
The payload shall use the following CDDL structure:
MasterList = {
"type" : tstr ; currently "1.0"
"version" : tstr : currenlty "1.0"
"date" : tdate ; date-time according to RFC 7049 (eg 1990-12-31T23:59:60Z)
? "nextUpdate" : tdate ; date-time according to RFC 7049
"certificateInfo : [+ CertificateInfo]
}
CertificateInfo = {
"issuingCountry": tstr ; ISO3166-1 or ISO3166-2 depending on the issuer
? "issuingAuthority": tstr
? "stateOrProvinceName": tstr
? "docType": tstr
"certStructure" : CertStructure
}
CertStructure = {
? "DN": bstr
"ski": bstr
"certificate" : bstr
