Skip to content

Add Status List Token validation for MSO MDoc #476

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
dzarras merged 8 commits into from
Dec 8, 2025
Merged

Add Status List Token validation for MSO MDoc #476

dzarras merged 8 commits into from
Dec 8, 2025

Conversation

@dzarras
Copy link
Contributor

@dzarras dzarras commented Dec 8, 2025
edited
Loading

The version of the walt.id MSO MDoc credentials library we are using is lacking support for Status List Tokens.
Given we cannot upgrade to the latest version, a workaround is needed for supporting Status List Token validations for MSO MDoc.

Checking https://github.com/ISOWG10/ISO-18013/blob/main/Working%20Documents/Working%20Draft%20ISO_IEC_18013-5_second-edition_CD_ballot_resolution_v3.pdf, we find the following:

Per 12.3.4 Signing method and structure for MSO:

MobileSecurityObject = {
  "version" : tstr,
  "digestAlgorithm" : tstr,
  "valueDigests" : ValueDigests,
  "deviceKeyInfo" : DeviceKeyInfo,
  "docType" : tstr,
  "validityInfo" : ValidityInfo
  ? "status": Status
  * tstr => RFU
}

Status = {
  ? "identifier_list" : IdentifierListInfo,
  ? "status_list : StatusListInfo,
  * tstr => RFU
}

Additionally per 12.3.6.5 Status list details:

The status_list element shall follow the requirements for the StatusListInfo structure as defined in the token status list specification with the addition of the optional Certificate element defined in 12.3.6.2.

This PR introduces Status List Token validation for MSO MDoc as follows:

  1. Decode the payload of IssuerAuth, which is a MobileSecurityObject as a MapElement
  2. Check if the above MapElement contains the key status
  3. status must be a MapElement
  4. Check if status contains the key status_list
  5. Check if status_list is a MapElement that can be decoded as a StatusReference - the optional certificate element is ignored
  6. If we have a valid StatusReference fetch the current Status and ensure it is Status.Valid

Closes #474

@dzarras dzarras requested a review from babisRoutis December 8, 2025 12:19
@dzarras dzarras self-assigned this Dec 8, 2025
@dzarras dzarras added the feature New feature or request label Dec 8, 2025
babisRoutis
babisRoutis previously approved these changes Dec 8, 2025
View reviewed changes
@dzarras dzarras force-pushed the feat/mso-mdoc-status-list-token-validation branch from f21f41e to 3c9e88f Compare December 8, 2025 14:39
@dzarras dzarras changed the base branch from main to release/0.7.0 December 8, 2025 14:39
@dzarras dzarras linked an issue Dec 8, 2025 that may be closed by this pull request
Status List support for mdoc credentials #474
Closed
@dzarras dzarras requested a review from babisRoutis December 8, 2025 14:40
@dzarras dzarras changed the base branch from release/0.7.0 to main December 8, 2025 14:52
@dzarras dzarras merged commit 6ddbdfe into eu-digital-identity-wallet:main Dec 8, 2025
3 checks passed
@dzarras dzarras deleted the feat/mso-mdoc-status-list-token-validation branch December 8, 2025 14:55
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@babisRoutis babisRoutis Awaiting requested review from babisRoutis

Assignees

@dzarras dzarras

Labels

feature New feature or request

Projects

None yet

Milestone

eudi-web-verifier-endpoint v0.6.5

Development

Successfully merging this pull request may close these issues.

Status List support for mdoc credentials

2 participants

@dzarras @babisRoutis