Merge pull request #26 from paulbastian/example

add example

draft-looker-oauth-attestation-based-client-authentication.md

@@ -57,6 +57,8 @@ normative:
 informative:
  RFC6749: RFC6749
  RFC7521: RFC7521
+ ARF:
+ title: "The European Digital Identity Wallet Architecture and Reference Framework"
 
 
 --- abstract
@@ -278,7 +280,7 @@ Implementers should be aware that using the same client attestation across multi
 
 The guidance provided by {{RFC7519}} and {{RFC8725}} applies.
 
-# IANA Considerations
+# Appendix A IANA Considerations
 
 ## Sub-Namespace Registration of urn:ietf:params:oauth:client-assertion-type:jwt-client-attestation
 
@@ -299,6 +301,40 @@ This section registers the value "attest_jwt_client_auth" in the IANA "OAuth Tok
 
 --- back
 
+# Additional Examples
+
+## Wallet Instance Attestation
+
+This non-normative example shows a client attestations used as an wallet instance attestation in the context of eIDAS 2.0 {{ARF}}, e.g. to secure a Type-1 configuration credential. The additional claims describe the wallet's device binding und user binding capabilities and the achievable level of assurance.
+
+~~~
+{
+ "typ": "wallet-attestation+jwt",
+ "alg": "ES256",
+ "kid": "1"
+}
+.
+{
+ "iss": "https://wallet-provider.com",
+ "sub": "https://wallet-provider.com/solution/wallet-1.6.0",
+ "iat": 1541493724,
+ "exp": 1516247022,
+ "wallet_name": "human readable wallet name",
+ "key_type" : "STRONGBOX",
+ "user_authentication" : "SYSTEM_PIN",
+ "attested_security_context" : "https://eu-trust-list.eu/asc/high",
+ "cnf": {
+ "jwk" : {
+ "kty": "EC",
+ "crv": "P-256",
+ "x": "TCAER19Zvu3OHF4j4W4vfSVoHIP1ILilDls7vCeGemc",
+ "y": "ZxjiWWbZMQGHVWKVQ4hbSIirsVfuecCE6t4jT9F2HZQ"
+ }
+ }
+}
+
+~~~
+
 # Acknowledgments
 {:numbered="false"}