Hi Nikos,
Am 24.06.22 um 16:16 schrieb Nikos Fotiou:
Hi,
I was wondering what is the reason for introducing the sd_digests claim. I
think it complicates integration with existing systems. For example, I am
pretty sure that the VC included in Example 4 is wrong. Since the verifier can
learn from the SD-JWT-RELEASE which claims are hashed, why is it necessary to
nest them under the sd_digests claim?
The idea is to have a clean, unambiguous seperation between the two. If
the SD-JWT-R does not contain all claim names, the verifier might not be
able to tell whether a particular claim is an SD claim or a plain-text
claim.
Also a small detail: if you decode the token at the end of section 5.2, instead of
"sd_digests" it uses "_sd"
Good catch, we'll update the examples. We have opened an issue for that:
https://github.com/oauthstuff/draft-selective-disclosure-jwt/issues/79
Thanks,
Daniel
Best,
Nikos
--
Nikos Fotiou -http://pages.cs.aueb.gr/~fotiou
Researcher - Mobile Multimedia Laboratory
Athens University of Economics and Business
https://mm.aueb.gr
On 23 Jun 2022, at 7:32 PM, Daniel Fett<mail=40danielfett...@dmarc.ietf.org>
wrote:
All,
Kristina and I would like to bring to your attention a new draft that we have been
working on with many others over the past weeks. "Selective Disclosure JWT
(SD-JWT)" describes a format for signed JWTs that support selective disclosure
(SD-JWT), enabling sharing only a subset of the claims included in the original signed
JWT instead of releasing all the claims to every verifier.
https://www.ietf.org/archive/id/draft-fett-oauth-selective-disclosure-jwt-01.html
Initial feedback we got was positive and we now would like to hear from the
working group with the eventual goal of asking for working group adoption.
Issues are tracked in our GitHub
repository:https://github.com/oauthstuff/draft-selective-disclosure-jwt/issues
The approach to selective disclosure described in the document is based on
salted hashes. We have discussed and explored other approaches based on
encryption as well. If you are interested in following this discussion, we
would like to invite you to read this
issue:https://github.com/oauthstuff/draft-selective-disclosure-jwt/issues/30
One main goal with this work is that the format should be easy to implement, requiring little more than a regular JWT library. Three working implementations show that this goal has been achieved:https://github.com/oauthstuff/draft-selective-disclosure-jwt#implementations
We are looking forward to your feedback!
-Daniel
_______________________________________________
OAuth mailing list
OAuth@ietf.org
https://www.ietf.org/mailman/listinfo/oauth
_______________________________________________
OAuth mailing list
OAuth@ietf.org
https://www.ietf.org/mailman/listinfo/oauth
_______________________________________________
OAuth mailing list
OAuth@ietf.org
https://www.ietf.org/mailman/listinfo/oauth
