Difference between revisions of "VICAL"

From MgmtWiki
Jump to: navigation, search
(ISO)
(ISO)
 
(5 intermediate revisions by the same user not shown)
Line 7: Line 7:
 
*The VICAL is validated by verification of the VICAL signing key which will be provided to the RPs. Any specific requirements from a governance/policy perspective regarding the requirements that must be met for inclusion in the MVP will be determined at a later time
 
*The VICAL is validated by verification of the VICAL signing key which will be provided to the RPs. Any specific requirements from a governance/policy perspective regarding the requirements that must be met for inclusion in the MVP will be determined at a later time
 
* AAMVA’s desire is that during normal VICAL generation and signing that AAMVA personnel would not need to be involved. However, if you feel that it is important feel free to propose it.
 
* AAMVA’s desire is that during normal VICAL generation and signing that AAMVA personnel would not need to be involved. However, if you feel that it is important feel free to propose it.
* Given the limited scope, number of participants and expected duration of the MVP... AAMVA does not believe it is required that the solution reside in a FedRamp certified/compliant environment.
+
* Given the limited scope, number of participants and expected duration of the MVP... AAMVA does not believe it is required that the solution reside in a [[FedRamp]] certified/compliant environment.
  
==ISO==
+
==ISO 18013-5==
  
A.1.1.1      Master list CDDL profile
+
APPENDIX  -    Master list CDDL profile
  
 
The master list profile uses a COSE_Sign structure with the X509 (chain) element from draft-ietf-cose-x509-07 to the ML signer certificate.
 
The master list profile uses a COSE_Sign structure with the X509 (chain) element from draft-ietf-cose-x509-07 to the ML signer certificate.
  
The payload shall use the following CDDL structure:
+
The payload shall use the following [[CDDL]] structure:
  
 
  MasterList = {
 
  MasterList = {
 
   "type" : tstr      ; currently "1.0"
 
   "type" : tstr      ; currently "1.0"
 
   "version" : tstr    : currenlty "1.0"
 
   "version" : tstr    : currenlty "1.0"
   "date" : tdate    ; date-time according to RFC 7049
+
   "date" : tdate    ; date-time according to RFC 7049 (eg 1990-12-31T23:59:60Z)
 
   ? "nextUpdate" : tdate ; date-time according to RFC 7049
 
   ? "nextUpdate" : tdate ; date-time according to RFC 7049
 
   "certificateInfo : [+ CertificateInfo]
 
   "certificateInfo : [+ CertificateInfo]
 
  }
 
  }
+
 
 
  CertificateInfo = {
 
  CertificateInfo = {
 
   "issuingCountry": tstr ; ISO3166-1 or ISO3166-2 depending on the issuer
 
   "issuingCountry": tstr ; ISO3166-1 or ISO3166-2 depending on the issuer
Line 41: Line 41:
  
 
[[Category: Trust]]
 
[[Category: Trust]]
 +
[[Category: Mobile]]

Latest revision as of 08:58, 3 September 2021

Full Title

The VICAL I(Verified issuer certificate authority list) s the new name for the ISO 18013-5 master list of certificates for issuers (and perhaps others) for Mobile Driver's Licenses.

AAMVA

These are notes from AAMVA who may wish to implement a VICAL.

  • The VICAL is validated by verification of the VICAL signing key which will be provided to the RPs. Any specific requirements from a governance/policy perspective regarding the requirements that must be met for inclusion in the MVP will be determined at a later time
  • AAMVA’s desire is that during normal VICAL generation and signing that AAMVA personnel would not need to be involved. However, if you feel that it is important feel free to propose it.
  • Given the limited scope, number of participants and expected duration of the MVP... AAMVA does not believe it is required that the solution reside in a FedRamp certified/compliant environment.

ISO 18013-5

APPENDIX - Master list CDDL profile

The master list profile uses a COSE_Sign structure with the X509 (chain) element from draft-ietf-cose-x509-07 to the ML signer certificate.

The payload shall use the following CDDL structure:

MasterList = {
  "type" : tstr      ; currently "1.0"
  "version" : tstr     : currenlty "1.0"
  "date" : tdate     ; date-time according to RFC 7049 (eg 1990-12-31T23:59:60Z)
  ? "nextUpdate" : tdate ; date-time according to RFC 7049
  "certificateInfo : [+ CertificateInfo]
}
CertificateInfo = {
  "issuingCountry": tstr ; ISO3166-1 or ISO3166-2 depending on the issuer
  ? "issuingAuthority": tstr
  ? "stateOrProvinceName": tstr
  ? "docType": tstr
  "certStructure" : CertStructure
 }
CertStructure = {
  ? "DN": bstr
  "ski": bstr
  "certificate" : bstr

References