Added mandatory claims section

Author: milux

Communication/Identities/README.md

@@ -8,6 +8,18 @@ In order to establish trust via these tokens, two requirements have to be met:
 - There MUST exist a sound mechanism that enables a connector to proof ownership over the tokens or claims issued for this particular connector.
 Specifically, any connector implementing a corresponding validation mechanism MUST be capable of identifying and rejecting tokens that have not been issued for the respective peer connector(s).
 
+## Mandatory Claims
+
+Each implementation of identity tokens MUST at least implement the following claims:
+
+- `securityProfile`: Reflects the `SecurityProfile` of the owning connector according to IDS certification criteria.
+Valid values are `idsc:BASE_SECURITY_PROFILE`, `idsc:TRUST_SECURITY_PROFILE` and `idsc:TRUST_PLUS_SECURITY_PROFILE` as given by the members of https://international-data-spaces-association.github.io/InformationModel/docs/index.html#SecurityProfile.
+Any other value denotes the absence of a security profile.
+- `extendedGuarantee`: Reflects extended security features or properties that go beyond the requirements of the connector's `SecurityProfile`.
+The claim MUST NOT contain any property that reflects a security level lower than the requirements of the stated `SecurityProfile`.
+The claim MAY contain one or more values represented by members of `SecurityGuarantee` subclasses.
+For a comprehensive list, see https://international-data-spaces-association.github.io/InformationModel/docs/index.html#SecurityGuarantee.
+
 ## X.509/OAuth2-Token-based Identities
 Identities of this kind are established via X.509 certificates and corresponding private keys.
 The tokens used to provide identity information to other peers are regular OAuth2 JSON Web Tokens (JWTs).

Communication/Message-Structure/README.md

@@ -43,8 +43,8 @@ A Connector has following properties, which are used for it's self-description.
 |host†	|Network host of the Connector capable of serving / consuming Digital Contents and services|
 |defaultHost	|Default host that should be used for basic infrastructure interactions, e.g., providing the self description|
 |authInfo	|Information of the authentication service used by the Connector (e.g., to access a Connector’s data)|
-|securityProfile |Set of security guarantees claimed by a Connector. Value contains one of the default security profile codes, such as idsc:BASE_CONNECTOR_SECURITY_PROFILE. All profiles can be found here: https://github.com/International-Data-Spaces-Association/InformationModel/blob/develop/codes/SecurityGuarantee.ttl Valid attributes are: idsc:BASE_SECURITY_PROFILE idsc:TRUST_SECURITY_PROFILE idsc:TRUST_PLUS_SECURITY_PROFILE|
-|extendedGuarantee	|Reference to additional security guarantees that, if used in combination with a security profile instance, overrides the respective guarantee of the given predefined instance. Value is a pre-defined code for the claimed guarante, e.g., ids:USAGE_CONTROL_POLICY_ENFORCEMENT|
+|securityProfile |Set of security guarantees claimed by a Connector. Value contains one of the default security profile codes, such as idsc:BASE_CONNECTOR_SECURITY_PROFILE. All profiles can be found here: https://international-data-spaces-association.github.io/InformationModel/docs/index.html#SecurityProfile Valid attributes are: idsc:BASE_SECURITY_PROFILE idsc:TRUST_SECURITY_PROFILE idsc:TRUST_PLUS_SECURITY_PROFILE|
+|extendedGuarantee	|Reference to additional security guarantees that, if used in combination with a security profile instance, overrides the respective guarantee of the given predefined instance. Value is a pre-defined code for the claimed guarante, e.g., ids:USAGE_CONTROL_POLICY_ENFORCEMENT, see subclass members of https://international-data-spaces-association.github.io/InformationModel/docs/index.html#SecurityGuarantee for a full list|
 |transportCertSha256†	|SHA256 fingerprints of currently valid transport certificates|
 |componentCertification	|Certification issued for the given Connector. Value is an instance of class ids:ComponentCertification|
 |publicKey	|Public Key that has been created for the Connector|