Normative References

This page lists all normative references cited throughout the IDToken technical documentation. These standards and specifications are incorporated by dated or undated reference. For dated references, subsequent amendments apply only when incorporated by revision. For undated references, the latest edition applies.

ITU-T Recommendations

• [ITU-T X.1280] Mutual out-of-band authentication based on a one-time password — defines the protocol where a service presents an OTP to the user, who confirms it on a separate device. IDToken implements this recommendation as its core authentication protocol.

ISO Standards

VDS Core Standards

• [ISO 22376:2023] Security and resilience — Authenticity, integrity and trust for products and documents — Specification and usage of visible digital seal (VDS) data format for authentication, verification and acquisition of data carried by a document or object
• [ISO 22385:2023] Security and resilience — Authenticity, integrity and trust for products and documents — Guidelines for establishing a framework for trust and interoperability (ESEDS)
• [ISO 22300:2018] Security and resilience — Vocabulary

Information Security

• [ISO/IEC 27001] Information technology — Security techniques — Information security management systems — Requirements
• [ISO/IEC 27002] Information technology — Security techniques — Code of practice for information security controls
• [ISO/IEC 15408] Information technology — Security techniques — Evaluation criteria for IT security (Common Criteria)

Automatic Identification and Data Capture

• [ISO/IEC 16022:2006] Information technology — Automatic identification and data capture techniques — Data Matrix bar code symbology specification
• [ISO/IEC 18004:2024] Information technology — Automatic identification and data capture techniques — QR Code bar code symbology specification

NFC and Contactless

• [ISO/IEC 14443] Identification cards — Contactless integrated circuit cards — Proximity cards (Parts 1–4)
• [ISO/IEC 18092] Information technology — Telecommunications and information exchange between systems — Near Field Communication — Interface and Protocol (NFCIP-1)

Encoding and Data Structures

• [ISO/IEC 3166-1:2013] Codes for the representation of names of countries and their subdivision — Part 1: Country
• [ISO/IEC 8825-1:2015] Information technology — ASN.1 encoding rules: Specification of Basic Encoding Rules (BER), Canonical Encoding Rules (CER) and Distinguished Encoding Rules (DER)

Electronic Signatures

• [ISO 14533-1] Processes, data elements and documents in commerce, industry and administration — Long term signature — Part 1: Profiles for CMS Advanced Electronic Signatures (CAdES)
• [ISO 14533-2] Processes, data elements and documents in commerce, industry and administration — Long term signature — Part 2: Profiles for XML Advanced Electronic Signatures (XAdES)

ICAO Standards

• [ICAO Doc 9303] Machine Readable Travel Documents — defines the structure of passport data groups, Machine-Readable Zones (MRZ), Security Object Document (SOD) digital signatures, Active Authentication (AA), and Passive Authentication (PA) protocols used by IDToken during VDS issuance

ETSI Standards

• [ETSI TS 119 612] Electronic Signatures and Infrastructures (ESI) — Trusted Lists
• [ETSI EN 319 132-1] Electronic Signatures and Infrastructures (ESI) — XAdES digital signatures; Part 1: Building blocks and XAdES baseline signatures
• [ETSI EN 319 122-1] Electronic Signatures and Infrastructures (ESI) — CAdES digital signatures; Part 1: Building blocks and CAdES baseline signatures
• [ETSI EN 319 401] Electronic Signatures and Infrastructures (ESI) — General Policy Requirements for Trust Service Providers
• [ETSI EN 319 411-1] Policy and security requirements for TSP issuing certificates — Part 1: General requirements
• [ETSI TS 102 853] Electronic Signatures and Infrastructures (ESI) — Signature verification procedures and policies Technical Specification

IETF RFCs

• [RFC 2119] Key words for use in RFCs to Indicate Requirement Levels
• [RFC 5280] Internet X.509 Public Key Infrastructure Certificate and Certificate Revocation List (CRL) Profile
• [RFC 6749] The OAuth 2.0 Authorization Framework
• [RFC 6960] X.509 Internet Public Key Infrastructure Online Certificate Status Protocol — OCSP
• [RFC 7515] JSON Web Signature (JWS)
• [RFC 7516] JSON Web Encryption (JWE)
• [RFC 7517] JSON Web Key (JWK)
• [RFC 7518] JSON Web Algorithms (JWA)
• [RFC 7519] JSON Web Token (JWT)
• [RFC 9285] The Base45 Data Encoding

FIPS Standards

• [FIPS 140-2] Security Requirements for Cryptographic Modules
• [FIPS 140-3] Security Requirements for Cryptographic Modules
• [FIPS 186-4] Digital Signature Standard (DSS) — defines the ECDSA algorithm used throughout the IDToken ecosystem

OpenID Foundation

• [OpenID Connect Core 1.0] OpenID Connect Core 1.0 incorporating errata set 2 — defines the identity layer on top of OAuth 2.0 that IDToken implements as an OpenID Provider
• [OpenID Connect Discovery 1.0] OpenID Connect Discovery 1.0 — defines the /.well-known/openid-configuration metadata endpoint

OASIS Standards

• [SAML 2.0 Core] Assertions and Protocols for the OASIS Security Assertion Markup Language (SAML) V2.0 — defines the assertion format and SSO/SLO protocols used by IDToken’s SAML IdP
• [SAML 2.0 Bindings] Bindings for the OASIS Security Assertion Markup Language (SAML) V2.0 — defines HTTP-Redirect and HTTP-POST bindings
• [SAML 2.0 Metadata] Metadata for the OASIS Security Assertion Markup Language (SAML) V2.0 — defines the IdP metadata format served at /saml/metadata

Other Standards

• MessagePack — MessagePack specification (msgpack.org) — binary serialization format used for VDS Payload and Auxiliary Data encoding
• GS1 Digital Link Standard — URI Syntax, Release 1.2.1