Release Announcements Swiyu Public Beta

With the upcoming releases in the different repositories we will fix some issues raised by the community and deliver also features from the initial gaps of the swiyu Public Beta Trust Infrastructure. We also announce first steps related to the Expand-Migrate-Contract pattern to avoid breaking changes. For a more detailled view please refer to the CHANGELOG.md in each repository.

swiyu wallet: Android Version 1.7.3; iOS Version 1.8.1

• Expand step for “send client_id in aud claim of holder binding jwt for a presentation response” for Android and iOS
• Expand step for “wallet must support specified cnf claim format for Android and iOS
• Remove “format” property in credential response for Android
• Feature: Issuer and verifier trust statement support and visualization in the Android wallet
• Feature: Online e-ID issuing process (Implemented, but not yet activated)
• Feature: Software-based device binding
• Fix: Harden JsonPath validator regex
• Fix: Avoid decompression bomb when parsing Status List

DID Toolbox Version 1.5.0

• Feature: Proof-of-possession helper
• Improvement: Enforcement of the swiyu specific DID log/doc conformity
• Improvement: Added support for macOS on Intel x86-64 CPUs
• Improvement: Input validation of CLI parameters
• Fix: Storing/exporting generated private keys into files with restricted access
• Integration of DID Resolver 2.1.3
• Backward compatibility with older versions of DID Toolbox

DID Resolver Version 2.1.3

• Improvement: Support for the x86_64 architecture

Generic Issuer & Generic Verifier

We put together the management- and signer-service on the issuer side (resulting in a new repository “swiyu-issuer”) as well as the management- and validator-service on the verifier side (resulting in a new repository “swiyu-verifier”). The cookbooks will be adjusted accordingly. The existing issues on the deprecated components will be moved to the new repositories.

Generic Issuer (Version 1.0 on new repository)

• Expand step for Access-Token-Request” with wrong Content-Type
• Expand step for providing openid metadata also under correct “/.well-known/oauth-authorization-server”
• Feature: Client and key attestation to ensure HW binding
• Fix: Issuer metadata property “cryptographic_binding_methods” is incorrect
• Fix: Malformed “cnf” claim in issued SD-JWT VCs
• Fix: Block disallowed disclosures

Generic Verifier (Version 1.0 on new repository)

• Expand step to handle malformed and correct “cnf” claim
• Fix: Verifier_did used instead client_id in sample.compose.yml
• Fix: Two config vars with different names but same meaning/content
• Fix: “Client_metadata” does not contain required “vp_formats” property
• Fix: Missing error handling when parsing status list at verifier
• Fix: Possible compression bomb attack
• Fix: Provide request_uri functionality as described in Swiss Profile

Specifications

• Upcoming: Trust Protocol Version 1.0
• OID4VP Version 1.0 has been published. We will plan the updates on our side and will announce the changes as soon as possible.