New SD-JWT Encoding #174

danielfett · 2022-11-21T10:48:16Z

Link to editor's copy: https://drafts.oauth.net/oauth-selective-disclosure-jwt/danielfett/new-sd-jwt-encoding/draft-ietf-oauth-selective-disclosure-jwt.html

Disclosures are now delivered not as a JWT but as separate base64url-encoded JSON objects.
In the SD-JWT, hash digests are collected under a _sd claim per level.
Terms "II-Disclosures" and "HS-Disclosures" are replaced with "Disclosures".
Holder Binding is now separate from delivering the Disclosures and implemented, if required, with a separate JWT.
Examples updated and modified to properly explain the specifics of the new SD-JWT format.
Examples are now pulled in from the examples directory, not inlined.
Updated and automated the W3C VC example.
Added examples with multibyte characters to show that the specification and demo code work well with UTF-8.

@Sakurann I updated the W3C example since I had to adapt it to the new format. Also made some updates together with @tlodderstedt, please check.

@Sakurann I added an example with a Japanese address that was thankfully AI-generated by Github Copilot. I have no clue if it makes sense or not, please take a look!

…ication' section

tlodderstedt

The SD-JWT-VC example looks good to me.

draft-ietf-oauth-selective-disclosure-jwt.md

Co-authored-by: Kristina <[email protected]>

draft-ietf-oauth-selective-disclosure-jwt.md

examples/simple_structured/verified_contents.json

examples/simple_structured_with_decoys/user_claims.json

examples/simple_structured_with_decoys/verified_contents.json

sd_jwt/examples/simple_structured.yml

sd_jwt/examples/simple_structured_with_decoys.yml

Sakurann · 2022-11-22T19:31:58Z

examples/simple_structured/user_claims.json

+  "sub": "6c5c0a49-b589-431d-bae7-219122a9ec2c",
+  "given_name": "太郎",
+  "family_name": "山田",
+  "email": "\"unusual email address\"@日本.com",


Suggested change

"email": "\"unusual email address\"@日本.com",

"email": "\"unusual email address\"@nihon.com",

Can we replace it with another domain with multibyte characters? 日本.example.com?

no one uses such domains in Japan though..?

Sakurann · 2022-11-22T19:35:17Z

I think updated SD-JWT-VC is clean and nice. we should probably clarify in the text that it is not "compliant" with vc-data-model v1.1 and is "future-looking" in the light of v2.0 conversations.

the Japanese address is legit and correct and is pretty close from where I lived. I suspect it is an address of a tokyo tower, but have not checked. tho "(@日本.com)" looked weird so I changed to nihon.com?

…de decks

sd_jwt/examples/simple_structured.yml

Sakurann

Thank you, Daniel!!

Daniel Fett added 22 commits November 17, 2022 17:18

Working on new SD-JWT encoding approach

33c04c7

Add option to add decoys

3afa867

Produce examples in separate directory

077e0e9

Worked on text, added more examples

66bdee2

Add address examples

34c1bdc

Make xml2rfc happy

78d4c54

Make xml2rfc even happier

17532b6

Fix file include

e33347a

New names and structure for example, worked through text until 'Verif…

77853c6

…ication' section

Removed trailing white space

42b4513

Update all examples incl. W3C VC example

6c753ed

Fix example update script

14b5d82

Fix references

a1fe266

Renumbered examples and checked references

8192801

Remove trailing whitespace, again

f5abf1c

Enable holder binding in examples

28e6119

Demonstrate holder binding jwt as well

59ec912

Fix for Python 3.8

3b24d6d

Add updated examples

ade26da

Use UTF-8 strings in examples instead of escaping them

0e3b815

Show full W3C VC example

00b0592

Fix header in W3C example

f7e3ec1

danielfett marked this pull request as ready for review November 21, 2022 18:26

danielfett requested a review from Sakurann as a code owner November 21, 2022 18:26

danielfett requested a review from tlodderstedt November 21, 2022 18:26

Update changelog

36189a0

tlodderstedt approved these changes Nov 22, 2022

View reviewed changes