I was wondering if ever occured to use a JSON path-like approach as
disclosure name. This will result in a single top level _sd key and will
remove the need for sperating discolsures that conern objects vs those that
concern arrays. If this has been disussed in the past, what are its
disadvantages? A version of example in 6.1 using this hypothetical approach
follows.
SD-JWT payload (the difference is in the "nationalities" key, the hash
values have been moved to the _sd claim . Note that the hash values are not
correct )
{
"_sd": [
"CrQe7S5kqBAHt-nMYXgc6bdt2SH5aTY1sU_M-PgkjPI",
"JzYjH4svliH0R3PyEMfeZu6Jt69u5qehZo7F7EPYlSE",
"PorFbpKuVu6xymJagvkFsFXAbRoc2JGlAUA2BA4o7cI",
"TGf4oLbgwd5JQaHyKVQZU9UdGE0w5rtDsrZzfUaomLo",
"XQ_3kPKt1XyX7KANkqVR6yZ2Va5NrPIvPYbyMvRKBMM",
"XzFrzwscM6Gn6CJDc6vVK8BkMnfG8vOSKfpPIZdAfdE",
"gbOsI4Edq2x2Kw-w5wPEzakob9hV1cRD0ATN3oQL9JM",
"jsu9yVulwQQlhFlM_3JlzMaSFzglhQG0DpfayQwLUK4",
"pFndjkZ_VCzmyTa6UjlZo3dh-ko8aIKQc9DlGzhaVYo",
"7Cf6JkPudry3lcbwHgeZ8khAv1U1OSlerP0VkBJrWZ0"
],
"iss": "https://issuer.example.com";,
"iat": 1683000000,
"exp": 1883000000,
"sub": "user_42",
"nationalities": [],
"_sd_alg": "sha-256",
"cnf": {
"jwk": {
"kty": "EC",
"crv": "P-256",
"x": "TCAER19Zvu3OHF4j4W4vfSVoHIP1ILilDls7vCeGemc",
"y": "ZxjiWWbZMQGHVWKVQ4hbSIirsVfuecCE6t4jT9F2HZQ"
}
}
}
Disclosures for nationalities
Contents: ["lklxF5jMYlGTPUovMNIvCA", $['nationalities'][0],"US"]
Contents: ["nPuoQnkRFq3BIeAm7AnXFA", $['nationalities'][1],"DE"]
Each attribute of the streat address can be easily represented as a
different disclosure
Contents: ["6Ij7tM-a5iVPGboS5tmvVA", $['address']['region'],
"Sachsen-Anhalt"]
Contents: ["6Ij7tM-a5iVPGboS5tmvVA", $['address']['country'], "DE"]
Best,
Nikos
_______________________________________________
OAuth mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/oauth
