Re: [OAUTH-WG] SD-JWT, use of JSON path in disclosure claim name

Wed, 07 Feb 2024 06:56:44 -0800 

We use JSON Path internally, we also use the !sd tags in YAML to annotate
disclosable terms.

We wrote a utility that converts from a YAML file with !sd tags to a set of
JSON Pointers, for convenience.

I think the current approach in SD-JWT is to treat the "definition of
disclosable claims" as an implementation detail.

OS

On Wed, Feb 7, 2024 at 8:52 AM Nikos Fotiou <nikos.fotiou...@gmail.com>
wrote:

> I was wondering if ever occured to use a JSON path-like approach as
> disclosure name. This will result in a single top level _sd key and will
> remove the need for sperating discolsures that conern objects vs those that
> concern arrays. If this has been disussed in the past, what are its
> disadvantages? A version of example in 6.1 using this hypothetical approach
> follows.
>
> SD-JWT payload (the difference is in the "nationalities" key, the hash
> values have been moved to the _sd claim . Note that the hash values are not
> correct )
> {
>      "_sd": [
>        "CrQe7S5kqBAHt-nMYXgc6bdt2SH5aTY1sU_M-PgkjPI",
>        "JzYjH4svliH0R3PyEMfeZu6Jt69u5qehZo7F7EPYlSE",
>        "PorFbpKuVu6xymJagvkFsFXAbRoc2JGlAUA2BA4o7cI",
>        "TGf4oLbgwd5JQaHyKVQZU9UdGE0w5rtDsrZzfUaomLo",
>        "XQ_3kPKt1XyX7KANkqVR6yZ2Va5NrPIvPYbyMvRKBMM",
>        "XzFrzwscM6Gn6CJDc6vVK8BkMnfG8vOSKfpPIZdAfdE",
>        "gbOsI4Edq2x2Kw-w5wPEzakob9hV1cRD0ATN3oQL9JM",
>        "jsu9yVulwQQlhFlM_3JlzMaSFzglhQG0DpfayQwLUK4",
>        "pFndjkZ_VCzmyTa6UjlZo3dh-ko8aIKQc9DlGzhaVYo",
>        "7Cf6JkPudry3lcbwHgeZ8khAv1U1OSlerP0VkBJrWZ0"
>      ],
>      "iss": "https://issuer.example.com";,
>      "iat": 1683000000,
>      "exp": 1883000000,
>      "sub": "user_42",
>      "nationalities": [],
>      "_sd_alg": "sha-256",
>      "cnf": {
>        "jwk": {
>          "kty": "EC",
>          "crv": "P-256",
>          "x": "TCAER19Zvu3OHF4j4W4vfSVoHIP1ILilDls7vCeGemc",
>          "y": "ZxjiWWbZMQGHVWKVQ4hbSIirsVfuecCE6t4jT9F2HZQ"
>        }
>      }
>    }
>
>
> Disclosures for nationalities
> Contents: ["lklxF5jMYlGTPUovMNIvCA", $['nationalities'][0],"US"]
> Contents: ["nPuoQnkRFq3BIeAm7AnXFA", $['nationalities'][1],"DE"]
>
> Each attribute of the streat address can be easily represented as a
> different disclosure
> Contents: ["6Ij7tM-a5iVPGboS5tmvVA", $['address']['region'],
> "Sachsen-Anhalt"]
> Contents: ["6Ij7tM-a5iVPGboS5tmvVA", $['address']['country'], "DE"]
>
> Best,
> Nikos
>
>
> _______________________________________________
> OAuth mailing list
> OAuth@ietf.org
> https://www.ietf.org/mailman/listinfo/oauth
>


-- 


ORIE STEELE
Chief Technology Officer
www.transmute.industries

<https://transmute.industries>

_______________________________________________
OAuth mailing list
OAuth@ietf.org
https://www.ietf.org/mailman/listinfo/oauth

Reply via email to