I was wondering if ever occured to use a JSON path-like approach as disclosure name. This will result in a single top level _sd key and will remove the need for sperating discolsures that conern objects vs those that concern arrays. If this has been disussed in the past, what are its disadvantages? A version of example in 6.1 using this hypothetical approach follows.
SD-JWT payload (the difference is in the "nationalities" key, the hash values have been moved to the _sd claim . Note that the hash values are not correct ) { "_sd": [ "CrQe7S5kqBAHt-nMYXgc6bdt2SH5aTY1sU_M-PgkjPI", "JzYjH4svliH0R3PyEMfeZu6Jt69u5qehZo7F7EPYlSE", "PorFbpKuVu6xymJagvkFsFXAbRoc2JGlAUA2BA4o7cI", "TGf4oLbgwd5JQaHyKVQZU9UdGE0w5rtDsrZzfUaomLo", "XQ_3kPKt1XyX7KANkqVR6yZ2Va5NrPIvPYbyMvRKBMM", "XzFrzwscM6Gn6CJDc6vVK8BkMnfG8vOSKfpPIZdAfdE", "gbOsI4Edq2x2Kw-w5wPEzakob9hV1cRD0ATN3oQL9JM", "jsu9yVulwQQlhFlM_3JlzMaSFzglhQG0DpfayQwLUK4", "pFndjkZ_VCzmyTa6UjlZo3dh-ko8aIKQc9DlGzhaVYo", "7Cf6JkPudry3lcbwHgeZ8khAv1U1OSlerP0VkBJrWZ0" ], "iss": "https://issuer.example.com", "iat": 1683000000, "exp": 1883000000, "sub": "user_42", "nationalities": [], "_sd_alg": "sha-256", "cnf": { "jwk": { "kty": "EC", "crv": "P-256", "x": "TCAER19Zvu3OHF4j4W4vfSVoHIP1ILilDls7vCeGemc", "y": "ZxjiWWbZMQGHVWKVQ4hbSIirsVfuecCE6t4jT9F2HZQ" } } } Disclosures for nationalities Contents: ["lklxF5jMYlGTPUovMNIvCA", $['nationalities'][0],"US"] Contents: ["nPuoQnkRFq3BIeAm7AnXFA", $['nationalities'][1],"DE"] Each attribute of the streat address can be easily represented as a different disclosure Contents: ["6Ij7tM-a5iVPGboS5tmvVA", $['address']['region'], "Sachsen-Anhalt"] Contents: ["6Ij7tM-a5iVPGboS5tmvVA", $['address']['country'], "DE"] Best, Nikos
_______________________________________________ OAuth mailing list OAuth@ietf.org https://www.ietf.org/mailman/listinfo/oauth