{ "$schema": "https://json-schema.org/draft/2020-12/schema", "title": "Wallet Attestation JWT", "type": "object", "required": [ "iss", "sub", "iat", "exp", "aal", "wallet_link", "wallet_name", "cnf" ], "properties": { "iss": { "type": "string", "format": "uri", "description": "Identifier of the Wallet Provider" }, "sub": { "type": "string", "description": "Identifier of the Wallet Instance which is the thumbprint of the Wallet Attestation JWK." }, "iat": { "type": "integer", "description": "Issued At — the time at which the JWT was issued, in UNIX timestamp (seconds)" }, "nbf": { "type": "integer", "description": "Not Before — the time before which the JWT must not be accepted, in UNIX timestamp (seconds)" }, "exp": { "type": "integer", "description": "Expiration — the expiration time on or after which the JWT must not be accepted, in UNIX timestamp (seconds)" }, "aal": { "type": "string", "description": "the authentication level of the Wallet" }, "wallet_link": { "type": "string", "format": "uri", "description": "URL to get further information about the Wallet and the Wallet Provider" }, "wallet_name": { "type": "string", "description": "Human-readable name of the wallet" }, "jti": { "type": "string", "description": "JWT ID — a unique identifier for the JWT" }, "aud": { "type": ["string", "array"], "description": "Audience — the recipients for which the JWT is intended" }, "nonce": { "type": "string", "description": "Nonce to prevent replay attacks" }, "cnf": { "type": "object", "description": "Confirmation claim — used to bind the JWT to a key (e.g. device public key)", "properties": { "jwk": { "type": "object", "description": "JSON Web Key used for binding" } }, "required": ["jwk"] } }, "additionalProperties": false }