Merge pull request italia#727 from italia/editorial-revision

Revision of the content structure

Author: peppelinux

docs/common/common_definitions.rst

@@ -48,12 +48,11 @@
 .. _OIDC-FED#Section-7.5: https://openid.net/specs/openid-federation-1_0.html#Section-7.5
 .. _OIDC-IDA: https://openid.net/specs/openid-connect-4-identity-assurance-1_0.html
 .. _OIDC: https://openid.net/specs/openid-connect-core-1_0.html
-.. _OPENID4VC-HAIP: https://openid.net/specs/openid4vc-high-assurance-interoperability-profile-sd-jwt-vc-1_0.html
+.. _OPENID4VC-HAIP: https://openid.net/specs/openid4vc-high-assurance-interoperability-profile-1_0-01.html
 .. _OpenID4VC-SecTrust: https://openid.github.io/OpenID4VC_SecTrust/draft-oid4vc-security-and-trust.html
 .. _OpenID4VCI: https://openid.net/specs/openid-4-verifiable-credential-issuance-1_0-15.html
-.. _OpenID4VP: https://openid.net/specs/openid-4-verifiable-presentations-1_0-20.html
+.. _OpenID4VP: https://openid.net/specs/openid-4-verifiable-presentations-1_0-23.html
 .. _PDND: https://www.agid.gov.it/sites/agid/files/2024-06/Linee_guida_infrastruttura_interoperabilita_pdnd.pdf
-.. _PresentationExch: https://identity.foundation/presentation-exchange/spec/v2.0.0
 .. _RFC 2898: http://tools.ietf.org/html/rfc2898.html
 .. _RFC 9449: https://datatracker.ietf.org/doc/html/draft-ietf-oauth-dpop
 .. _RFC 5280: https://datatracker.ietf.org/doc/html/rfc5280

docs/common/standards.rst

@@ -40,8 +40,8 @@ Digital Credential Data Format
     :header-rows: 0
 
     * - `SD-JWT-VC`_
-      - O. Terbu, D.Fett, B. Campbell, "SD-JWT-based Verifiable Credentials (SD-JWT VC)".
-    * - ISO18013-5
+      - O. Terbu, D.Fett, B. Campbell, "SD-JWT-based Verifiable Credentials (SD-JWT VC)", November 2024, Draft 06.
+    * - `ISO18013-5`_
       - ISO/IEC 18013-5 2020. Information technology — Personal identification — ISO-compliant driving license — Part 5: Mobile driving license (mDL) application.
 
 
@@ -77,7 +77,7 @@ Digital Credential Presentation
       - Kasselman, P., Fett, D., Skokan, F.,  "Cross-Device Flows: Security Best Current Practice", July 2024, Draft 8.
     * - `OPENID4VC-HAIP`_
       - Lodderstedt, T., K. Yasuda, "OpenID4VC High Assurance Interoperability Profile", January 2025, Draft 1.
-    * - ISO18013-5
+    * - `ISO18013-5`_
       - ISO/IEC 18013-5 2020. Information technology — Personal identification — ISO-compliant driving license — Part 5: Mobile driving license (mDL) application.
 
 

docs/en/appendix-oas-pdnd-as.rst

@@ -0,0 +1,10 @@
+
+
+Authentic Source PDND OpenAPI Specification
+---------------------------------------------
+
+Below is the complete Open API Specification for the Authentic Source PDND e-services:
+
+.. literalinclude:: ./oas3/OAS3-PDND-AS.yaml
+    :language: yaml
+    :linenos:

docs/en/appendix-oas-pdnd-issuer.rst

@@ -0,0 +1,10 @@
+
+
+Credential Issuer PDND OpenAPI Specification 
+-----------------------------------------------
+
+Below is the complete Open API Specification for the ACredential Issuer PDND e-services:
+
+.. literalinclude:: ./oas3/OAS3-PDND-Issuer.yaml
+    :language: yaml
+    :linenos:

docs/en/appendix-oas-pdnd-wp.rst

@@ -0,0 +1,9 @@
+
+Wallet Provider PDND OpenAPI Specification 
+---------------------------------------------
+
+Below is the complete OpenAPI Specification for the Wallet Provider PDND e-services:
+
+.. literalinclude:: ./oas3/OAS3-PDND-WP.yaml
+    :language: yaml
+    :linenos:

docs/en/appendix.rst

@@ -0,0 +1,25 @@
+.. include:: ../common/common_definitions.rst
+
+
+Appendix
+========
+
+
+
+  .. toctree::
+    :caption: Appendix Table of Contents
+    :maxdepth: 3
+
+    mobile-application-instance.rst
+    e-service-pdnd.rst
+    test-plans.rst
+
+.. only:: latex
+
+  .. toctree::
+    :caption: Appendix Table of Contents
+    :maxdepth: 3
+
+    appendix-oas-pdnd-issuer.rst 
+    appendix-oas-pdnd-as.rst 
+    appendix-oas-pdnd-wp.rst 

docs/en/architecture-overview.rst

@@ -0,0 +1,54 @@
+.. include:: ../common/common_definitions.rst
+
+
+Architecture Overview
+=====================
+
+The IT-Wallet System is a federated ecosystem that enables secure Digital Identity management and Digital Credential exchange for citizens and organizations. 
+The IT-Wallet ecosystem is built on a multi-layered architecture, where governance bodies establish and maintain the trust infrastructure, Primary Actors implement and operate the technical solutions, and external systems provide additional services.
+
+The following diagrams depict the IT-Wallet architecture overview.
+
+
+
+.. plantuml:: plantuml/architecture-overview-governance.puml
+    :width: 99%
+    :alt: The image illustrates the IT-Wallet architecture overvew - governance.
+    :caption: `IT-Wallet architecture overview - Governance. <https://www.plantuml.com/plantuml/svg/fLNlRzis4Fskl-Bc5fWDvCTQ9uK3B4KTnsq314cGk2ZwoJYHPviOHMgyKr9jsFy-aSuYgManOzC7mpe-Fl6zUoUzOy4WLM7XOh7_6QqbMTxLB5Gifq5jZ92IAX3immT_Jy6XKvJzP9oobIRuTNPqE3jQpdnHUaTEtcOVByxdoxl5_7P-lVXoCn-Eif-1VpEkn805MED8wfB01zdux7BwvVhJOdavVxzOtbvy-BX8yCVgulfcUNxz-IhLpcbb7C7TpUt5OdxNEO1K9UemFbI-ABnx-vsLbNUoZm_4lg3zuqD5GSpAA1JQ0QrHC4UcNOZzcdU06RrK6FGEIFggDkZMj4GhEy0VKlF-3NXe78kHIanqgt5sLh7u0bXgIvnDjPvRAiZ90jV30NsLs7Cxs8EN-NhchG-dWnSdwOgroFnOVOXPIJWVD8N7wZfGFHXzIri6Ks2e-wolNhsPv7edrXU_v4UJoT5pOY6rwRE-KVbulDgDzGWduzSdprdNJydlSq-cuvF9-zsuZuzVZu-d3NScHYorqmRRQOCVJbjiKdi7KoK-S7RcAwSnrCFsS7imUCRwREDW17zcq5mt5DYx8IhNxBl2c0UqCAlpfawg2aPgc5QoyUdVS3gx6WswI7nQamqAq3tQ2eKOPjCp25Jw80peD1ZcgYahNvJMf9EW2B4a8Zw0kUCgH43lqNxLy7Pj8kKvQKgaZIgpCiI0UaE18gjuS8-7Iv1v5Nn9wE29amMZPveFOdy4rtpQw-rBBXiSdGuwCn8xrhKhxtemLIgGDbifSEPrtRUej-p36ftv8zriFNjy5H4dgJ6xpYYqoIgI9CglefySnI4pCNSSOM_J4V-77CxxeQbA2lU6VQYVr7HhULE3G5nwnoQt12iVmBlSOz36hM7kn4ZKOvpuR_gt8aqXYK_TKRx1kifN38LtHdo81Dkkcm2enDmdhWEu42ZGuPeOIWnYb2dH2LYp8bKhIucFKefwCNimie7M40YLfV_YrNQKXWfpRloOUTUeBj9uf8uKv2Iw5NKFcsQbCVad6QH1jHkmtP2d3TiSb1GYeat07g0kZ3CiqR7xfB2DSSl2uDrt0m6B3TNR8Qbx8z8-evs6FdkWtoiJAD7_m2nuSglpCHsCabdfvnBhvQSuAz6pKQUKF4JbEhNq1k9ybFsLPTaxShegxDy0>`_
+
+
+The governance level requires all participants in the ecosystem to comply with security and technical standards and requirements.
+
+.. plantuml:: plantuml/architecture-overview-primary.puml
+    :width: 99%
+    :alt: The image illustrates the IT-Wallet architecture overvew - primary.
+    :caption: `IT-Wallet architecture overview - Primary Actors. <https://www.plantuml.com/plantuml/svg/dPP_Rzky4SV_zwku-HdG18YJFK-I1ocm5lKITpNMBORjh2WmGA2fiqoK8ZNov5Gj-jwdaoYPJjpCUFINVJgUoC_tVl2T9-6ep3LCbwDFGckaP55vmZmPExbHX99AXydCgLouQl0dPQGkKuI_tbvTt5ubjpOlh453RmSVfdUJPB6Sp2Vtoy-poSdfu1NuByeKmeaSj398LO5W7MtiuEFuy_t3ClauURzCvjE_VrWsxi6wl9ybT_UV_jNOxd2j3C9YDfyk9uje0rGM8dMN5zBckJLl3xnPMqCZyOZUvZYwlf3eIAsL58H7UAU2n4fuF2QmpVmHRYfDf73f4PxuLMw4oJ0HcevmVsJT_g_ZXJAU59Mac5PDzhRqP7FmL6dqWt6QJZJcQ6WfifCXVYLqHkZX6VnvbTrQRTsRuI-lcuTj73bO7pbD6Z_hKdJ1cZciXgTFmnPj7kr7_VNNtszMwL5HV_dBwkhcvkfvO4AvsO_wkrnTNgwFYtebRYv_U_qyQcQtJC58t8zzCxvyVVF-kDZNrxzTNe_hs0DIf75NQD0M6iI51YC8fGPZITRv0IlrnFGtMvgq_dyIQ9x1C7Y4aC5nU0hV1r0__G9HqWODAPbuMpg9lbuwxcomQ6t3OBHEaI2rHGZEODVmuD6zyf2gJ97Gm5K2mgGWY9nQbOJrLxyF1X2UlZ-S29-8GjMXSUJHRHN76y-c_B7vPB5SbneMmSwsJxY2tW-_5jPZ2clhGCZQufN9e3zCs5-pcNEO4gYyQ4Nqu4dmqLFr3LCed2KhhVPD96K8dItGYPNIYghc71uboy1DfJHA2guM3u-ADjttWl4CHCleM_EtXL2cYe2SKDgVSoQGoFoREEbz_PlmpJ2kS4wDWxpIrG5vu2uq9gOK_rwqEtTOir9aNGMUh6DGvPvcaLImTZO7SL3h4uUPyhKd-ZC6jsRgrWWDxGjq_hI6lIETEM5ABJg5G5f3Zbap6SRSSj8sotXJP06DBrqhMoD6ve8AZ51Ya2K2oKKUK-nwT4nmZZgvwxAjXTYXOVUmktf5jw3vyMFG_tm5OwqoqwRBLgNeF5W3j47m8aVGk4MzNrPj0quwVqxVKE5MbysfPrqeLehhCbBSa506tScZVxwmyV-dhKdW1PV4k2XsbWRLOsqLHQ7xNEsJdodlciswD98Q0HKfzEUmt605kJ0YmoxhEM7uhrt3NKYMMuSfnnBQdpsh03JfYEm8JGfefAkAlX9AZw70ra8YbrkVVgg9HzstUQU7QgKNkONBWiKwHVHJ6PFVRHYctfSl8kUbFf0-k7HV1pOorBXFBL5kk4zew0A5vjBwdhMdv5MCnU7MVk4_1_06HJQrdyQUbbUP4JmP6Bz9Gvqq_DkkzAnzlmWpt44YcliiNH6pdAEkUBSpuKZXIo1TqODylkwdsVnlT6gjq3NjQm_VbjzKFo45Wg0eLrh91adXr5OGzkCYwahxxRy96f9tDmlEeCbSMrCjDah2LcYLXWHdlOA_tA3yudSVbDLeLOrIP86EJMM-ABwGo2GueLpf2QPcxOGdLqhMlcyVhGBV3umB4abt_jhdtgmidpgatNjCG_lzZs7kSGBltlry_h8YTXVIu2DC33LzX1FISdECMqqVah--gm1gZkPGjvrgeufOAn-jYzM9hkqHvrO8pY-f2j4gJQM7t1hLZhrQYSFpDrOYF8U0ycQJC0JvYhKxtpmOXxrSiULE-J1VK-YMGovKKogCWM59GKBRZ3kjs0gbnKhZuPuRDQM5t60k_Exc4Sye1iAXbOk8CURpBdlu1k0btsYhdRIyAd37549d3YpZUlb3KpXEoYSyXmz5lGvzZwYhYpR6Hr4b3zqKZnhyQVGsxlln1DvtUpQSNN7GBUvyqRvF1p-QA_W_iDhFtFOo6b_TIyCwa31S98EQmFvuwI_0S_nlYPxytfsvyUSRGBo6VIMgBNgGVHh4pljjT-RGew6dployGvEMkVuV>`_
+
+The primary operational layer implements the core Digital Credential lifecycle through coordinated interactions among specialized technical solutions, so that all credential operations maintain security and privacy standards while enabling seamless user experiences.
+
+.. plantuml:: plantuml/architecture-overview-external.puml
+    :width: 99%
+    :alt: The image illustrates the IT-Wallet architecture overvew - external.
+    :caption: `IT-Wallet architecture overview - external Actors. <https://www.plantuml.com/plantuml/svg/ZPHHRzis4CVVzIbkQe7QW9EiTLAum5hKjTtLGz0OYOkYJyA9FCktIQH0dfAumxxxH5g9dNZ0x0S_tFtvv_5tT_he1PqqLGdpvSbtB4kIx6RZXQfixDIQXPGqZhBPlII_i55bemb-cvoVJSwpYQrgQyZ8X-JBV3hBRfQpwzdLyiTYrkidhy3_nQP6XnMKR4WsDO5rihR9vVZ7rRTbTZdxlCokvxz_MKPv5rrUBRBfrVUlCJQb5Hk2cyNrV3cxsIj0cXgr6vufMrNMVFYFpCeQES4xyhQYauipHKvunGg5Zb1h5CpHqp76jl17o5Xd2fq-GadtQesce0nBEK9-5thsly8pDbvO6k50goKxQRpO2hniIlB9MEjPIHKPMMBHI-bUo1aiqm6yp8k9BQrxdxvu5tyX5foxw5qOaQYpJfFheeMZJTf_Rbixhj1jdhg-VlrsbEkZN5_ycf-FHkU7na9g_TJrhSg7mzLnhkSu6hvvT-XQsDj0mIXwwZqQ3z-DFX_dVN7nPdWnRhqJOIbfjsImNJBONp8uWLb77iPAhFD9-tjr4Fna6wDRa3tg4WD87pKODI1sxouVxqfRMTh_Eu7sjo3dhUaffa7w5OLjE3hNP8Hb0mjdRrcJQq_iifeB5Yo17rHrfuAmAHgiWSby1hqMeH9d3QkTuGITxfzsjXvyo1U0ZQo3GCKhm9ExPTMcqMZezfNqxZuKSPmtqYfMre7D1Tbmy875V1fFeHA-HGd1tUldnaleucaAWvU2XN__PC1zxLZeVTfjQDgFWEBVumUkLskZ1scw1slQuPYYjFUNA6rD5VGMqw_J_hwEpSgX5zV45iVAwoOlMO4E9za8ELkJmvnBbiqfx572q6RDFqd3U37VFXkL8k_32nVZHsG3gD1WGVuvqzOXXgpZdzj8Jd97P212vN2KgtexzRxrKusBlKK9XBQzy6jqfBVrxfRYj8LtWFEHvlvNh4Nw36SeAPCrEvtLwBPbfEEkJjAm32bOR5DX2lzeD2l64go3cwOEp_RMRU2JrTnDp2KLRRupUJXtYNT0fkMcuWi12p8gNlTdvzZXwLWuAfeI9LZddVMkgdm3PUidjci2-9eKhrZjXYr2YdqgOpcriuf8iodyWCqjUU4Yzi63TVktgPPDoOTS3yTqzo5_u7g9c-nRtEKmflrTR3ksXx3xoJz9admaevkg_1S0>`_
+
+External systems provide services that connect the IT-Wallet ecosystem to the national digital infrastructure, enabling interoperability with existing government services and data sources.
+
+The architecture enables the following interaction processes:
+
+  1. **Entity Onboarding and Federation**: Only qualified and compliant entities are registered in the IT-Wallet Federation. The Trust Registry is updated during registration, allowing participants to monitor federation status. This process may include technical and security assessments.
+
+  2. **Credential Issuance**: Credential Issuers connect to Authentic Sources via standardized APIs on the National Digital Data Platform to request verified user attributes. Digital Credentials are based on authoritative, current data with proper authorization and audit trails.
+
+  3. **Credential Storage and Management**: IT-Wallet Solutions receive and manage Digital Credentials on user devices, allowing users to control and use credentials from multiple sources.
+
+  4. **Credential Presentation and Verification**: Users present Digital Credentials to Relying Parties for verification. Verification systems check claims through cryptographic methods and status checks for both public and private sector use.
+
+The Trust Infrastructure manages onboarding and revocation of entities, provides credential schemas, and lets participants discover and verify authorized entities and their status. It supports automatic trust chain validation, distributed trust anchoring, standardized metadata exchange, and Federation API services for secure, seamless federation operations.
+
+
+.. toctree::
+  :caption: Architecture Overview Table of Contents
+  :maxdepth: 3
+
+  functionalities.rst
+  how-to-read-spec.rst

docs/en/authentic-source-endpoint.rst

@@ -0,0 +1,40 @@
+.. include:: ../common/common_definitions.rst
+
+
+.. role:: raw-html(raw)
+  :format: html
+
+Authentic Source Endpoints
+--------------------------
+
+e-Service PDND Authentic Source Catalogue
+^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
+
+Public Authentic Sources MUST provide the following e-service through PDND to provide the Credential Issuer with User's attributes required to the issuance of a Digital Credential.
+
+.. only:: html
+
+  .. note::
+    A complete OpenAPI Specification is available :raw-html:`<a href="OAS3-PDND-AS.html" target="_blank">here</a>`.
+
+.. only:: latex
+
+  .. note::
+    A complete OpenAPI Specification is available :ref:`appendix-oas-pdnd-as:Authentic Source PDND OpenAPI Specification`.
+
+Get Attribute Claims
+""""""""""""""""""""
+
+.. list-table::
+  :class: longtable
+  :widths: 20 80
+  :stub-columns: 1
+
+  * - **Description**
+    - This service provides the Credential Issuer with all attribute claims necessary for the issuance of a Digital Credential.
+  * - **Provider**
+    - Authentic Source
+  * - **Consumer**
+    - Credential Issuer
+
+

docs/en/authentic-sources.rst

@@ -6,7 +6,7 @@ Authentic Sources
 
 Authentic Sources provide Users attributes to the Credential Issuers enabling them in the issuance of the Digital Credentials. During the Issuance Flow, Credential Issuers request from Authentic Sources the attributes required to provide the requested Credential. Authentic Sources MAY also provide a Credential Offer related to their Credential Issuers as defined in Section :ref:`credential-issuance-endpoint:Credential Offer Endpoint`.
 
-Public Authentic Sources MUST interact with Credential Issuers via PDND according to the rules defined in Section :ref:`e-service-pdnd:e-Service PDND` and in Section :ref:`credential-revocation:Status Update by Authentic Sources`. See also Section :ref:`e-service-pdnd-catalogue:Authentic Source Catalogue` for additional details.
+Public Authentic Sources MUST interact with Credential Issuers via PDND according to the rules defined in Section :ref:`e-service-pdnd:e-Service PDND` and in Section :ref:`credential-revocation:Status Update by Authentic Sources`. See also Section :ref:`authentic-source-endpoint:e-Service PDND Authentic Source Catalogue` for additional details.
 
 Authentic Sources MUST:
 

docs/en/brand-identity.rst

@@ -1,9 +1,9 @@
 .. include:: ../common/common_definitions.rst
 
+.. "included" file, so we start with '-' title level
 
-
-IT-Wallet System Brand Identity
-===============================
+Brand Identity
+-------------------------------
 
 
 The IT-Wallet Brand Identity defines the system's personality and it's expressed through a set of standardized elements, including its naming and Visual Identity. It strengthens and promotes the Trust Model at the basis of the entire ecosystem, that is to say the framework that legitimizes the Actors' participation in the IT-Wallet System and ensures the security and integrity of its processes.
@@ -15,7 +15,7 @@ This section outlines the minimum requirements that Primary Actors must meet to
 For further details, please refer to the Official Resources.
 
 Naming
-------
+^^^^^^
 
 "IT-Wallet System" is the official name that MUST be used in all written and verbal contexts, both physical and digital. Below are the requirements for the correct spelling and pronunciation:
 
@@ -27,12 +27,12 @@ Naming
 
 
 Visual Identity
----------------
+^^^^^^^^^^^^^^^
 
 The IT-Wallet System has its own Visual Identity. All actors within the ecosystem MUST ensure that their Visual Identity and that of their Technical Solutions are distinct yet compatible and cohesive with the Visual Identity of IT-Wallet System. Specifically, all Primary Actors MAY use the Official Resources related to the Visual Identity of the IT-Wallet System. Their use MUST be exclusively aimed at representing the participation in the IT-Wallet System and not at replacing the Visual Identity of their own Technical Solutions.
 
 Logo
-^^^^
+""""
 
 The Logo is the official graphic element that ensures immediate recognition of the IT-Wallet System and promotes its reliability.
 
@@ -57,7 +57,7 @@ The following requirements apply to its use in both physical and digital context
 - The Logo MAY be displayed alongside other actors' logos, trademarks, or symbols, in accordance with the coexistence specifications regarding proportions and visibility, as defined in the Official Resources.
 
 Trust Mark
-^^^^^^^^^^
+""""""""""
 
 The Trust Mark is the official graphic element that guarantees the belonging of Primary Actors and their respective Technical Solutions to the IT-Wallet System.
 
@@ -80,7 +80,7 @@ The following requirements apply to its use in both physical and digital context
 - The Trust Mark MAY be displayed alongside other actors' logos, trademarks, or symbols, in accordance with the coexistence specifications regarding proportions and visibility, as defined in the Official Resources.
 
 Components
-^^^^^^^^^^
+""""""""""
 
 Components are the elements of the IT-Wallet System that enable the User to interact with several Technical Solutions via their Wallet Instance.
 
@@ -95,7 +95,7 @@ The key requirements are as follows:
 - Primary Actors MUST keep components up to date, in line with the latest available version.
 
 Authentication Button
-^^^^^^^^^^^^^^^^^^^^^
+"""""""""""""""""""""
 
 The Authentication Button is a type of Engagement Button.
 Verifiers MUST make the Authentication Button available within the Discovery Page of their Technical Solutions to allow the User to get authenticated into their services through the Wallet Instance.