Credential format - MSO-MDOC

• The PID is issued in the format defined in the ARF Annex 6, with the changes from ARF PR 160 applied.
• The credential is returned as a IssuerSigned structure as described in ISO 18013-5 (see chapter 8.3.2.1.2.2):
• Use of a test root certificate used for credential signing. The root certificate is available on the main page. The chain is written to the x5c element (id "33") of the unprotected header of the IssuerAuth structure with certificates encoded in DER format.
• The signing key is also made available at the jwt-vc-issuer well-known endpoint for web based key resolution. Transfer of the jwt-vc-issuer metadata is secured by a browser validatable TLS certificate used for displaying this technical details page as well.

Sample PID

The following data is an example of data contained in a PID:

{
    "given_name": "ERIKA",
    "family_name": "MUSTERMANN",
    "family_name_birth": "GABLER",
    "birth_date": "1964-08-12",
    "age_birth_year": 1964,
    "age_in_years": 59,
    "age_over_12": true,
    "age_over_14": true,
    "age_over_16": true,
    "age_over_18": true,
    "age_over_21": true,
    "age_over_65": false,
    "birth_place": "BERLIN",
    "resident_country": "D",
    "resident_city": "KÖLN",
    "resident_postal_code": "51147",
    "resident_street": "HEIDESTRAẞE 17",
    "nationality": "DE",

    "issuance_date": "...",
    "expiry_date": "...",
    "issuing_country": "DE",
    "issuing_authority": "DE"
}
        

Raw credential (base64url-encoded as defined for the credential parameter in OID4VCI):