Skip to main content

Reference Samples

Reference EAAs

Each sample mirrors an ETSI EAA Plugtests test case. SD-JWT VC samples carry real signatures from a self-signed iGrant.io reference issuer certificate; mdoc samples carry placeholder signatures (the engine does not verify mdoc signatures yet). Ready to drop into the Self-Assessment runner or any conformance pipeline.

MDL-EAA-1ISO mdocOrdinary EAA

MDL-EAA-1: mDL baseline

Baseline mDL (org.iso.18013.5.1.mDL) carrying the standard subject identifier triplet plus document_number, issuing_authority and issue_date. No status, no shortLived, no x5chain.

Exercises 10 controls

Open
MDL-EAA-2ISO mdocOrdinary EAA

MDL-EAA-2: mDL with TokenStatusList (flat ETSI shape)

mDL carrying a status component implementing the ETSI flat shape: type=TokenStatusList, purpose=revocation, index, uri.

Exercises 6 controls

Open
MDL-EAA-3ISO mdocOrdinary EAA

MDL-EAA-3: non-mDL with category data element

Non-mDL credential using the ISO/IEC 23220-2 namespace, plus a category data element in the ETSI namespace flagging the credential as non-qualified, non-public-body.

Exercises 6 controls

Open
MDL-EAA-4ISO mdocQEAA

MDL-EAA-4: mdoc QEAA with qualified URN

Non-mDL credential at the QEAA tier with category=urn:etsi:esi:eaa:eu:qualified, status carried in MSO, and the issuer cert in the COSE x5chain header parameter.

Exercises 5 controls

Open
MDL-EAA-5ISO mdocPuB-EAA

MDL-EAA-5: mdoc PuB-EAA with shortLived

Non-mDL credential at the PuB-EAA tier with category=urn:etsi:esi:eaa:eu:pub and shortLived=true (so revocation status is not required).

Exercises 8 controls

Open
SJV-EAA-1SD-JWT VCOrdinary EAA

SJV-EAA-1: Baseline mandatory + given_name + family_name

Mandatory elements only with x5c, iss, issuing_authority, given_name, family_name. No selective disclosures. No key binding.

Exercises 6 controls

Open
SJV-EAA-2SD-JWT VCOrdinary EAA

SJV-EAA-2: Baseline + cnf JWK

Mandatory elements plus a cnf claim binding the credential to the wallet public key. No selective disclosures.

Exercises 8 controls

Open
SJV-EAA-3SD-JWT VCOrdinary EAA

SJV-EAA-3: Baseline + selective disclosure

given_name and family_name are selectively-disclosable claims. The payload carries _sd digests and _sd_alg; the disclosures are appended after the JWT in the compact serialisation.

Exercises 6 controls

Open
SJV-EAA-4SD-JWT VCOrdinary EAA

SJV-EAA-4: + pseudonym

Carries a pseudonym claim plus key binding (cnf) and selective disclosure. The pseudonym substitutes for natural-person identifiers in attestation flows where the subject must remain unidentifiable.

Exercises 8 controls

Open
SJV-EAA-5SD-JWT VCOrdinary EAA

SJV-EAA-5: + oneTime

Carries the oneTime claim (a JSON null primitive) marking the credential as single-use. Includes key binding and selective disclosure.

Exercises 8 controls

Open
SJV-EAA-6SD-JWT VCOrdinary EAA

SJV-EAA-6: + ShortLived

Carries the shortLived claim (JSON null) declaring the credential as non-revocable and short-lived. No status component, no key-binding requirement.

Exercises 7 controls

Open
SJV-EAA-7SD-JWT VCOrdinary EAA

SJV-EAA-7: + status component

Carries a status claim referencing an IETF Token Status List, plus key binding. The structural status checks (5.2.10.1-*) verify the component is well-formed; the runtime resolver is only exercised against a real endpoint.

Exercises 16 controls

Open

Back to EAA Conformance