Hi Daniel,
The key sentence from the introduction is the following sentence:
However, when a signed JWT is intended to be multi-use, it needs to
contain the superset of all claims
the user might want to release to verifiers at some point.
Before diving into the proposed solution, it would be useful to identify
these multi-use cases.
Does the document intend to consider the single case of a client making
requests to two different verifiers or more elaborated cases ?
If the signed JWT is intended for two verifiers, wouldn't it be simpler
for developers of clients to ask for two independent signed JWTs
and for developers of verifiers to verify one independent signed JWT ?
If other words, what are the advantages and the drawbacks associated
with this approach ?
Denis
All,
Kristina and I would like to bring to your attention a new draft that
we have been working on with many others over the past weeks.
"Selective Disclosure JWT (SD-JWT)" describes a format for signed JWTs
that support selective disclosure (SD-JWT), enabling sharing only a
subset of the claims included in the original signed JWT instead of
releasing all the claims to every verifier.
https://www.ietf.org/archive/id/draft-fett-oauth-selective-disclosure-jwt-01.html
Initial feedback we got was positive and we now would like to hear
from the working group with the eventual goal of asking for working
group adoption.
Issues are tracked in our GitHub repository:
https://github.com/oauthstuff/draft-selective-disclosure-jwt/issues
The approach to selective disclosure described in the document is
based on salted hashes. We have discussed and explored other
approaches based on encryption as well. If you are interested in
following this discussion, we would like to invite you to read this
issue:
https://github.com/oauthstuff/draft-selective-disclosure-jwt/issues/30
One main goal with this work is that the format should be easy to
implement, requiring little more than a regular JWT library. Three
working implementations show that this goal has been achieved:
https://github.com/oauthstuff/draft-selective-disclosure-jwt#implementations
We are looking forward to your feedback!
-Daniel
_______________________________________________
OAuth mailing list
OAuth@ietf.org
https://www.ietf.org/mailman/listinfo/oauth
_______________________________________________
OAuth mailing list
OAuth@ietf.org
https://www.ietf.org/mailman/listinfo/oauth