Closed mickrau closed 3 months ago
Hi @mickrau
Indeed, you are right that this is a feature that is missing.
For starters, I think that we need to clarify how the requirements of the verifier (what to disclose) will be represented. Perhaps, this could be a list of JSON Path expressions (or in the future a list of claim paths).
I will need some time to check for a possible solution (will also consider your proposals).
Perhaps an approach to implement this could be:
typealias JsonPath = String
sealed interface Query {
data object OnlyNonSelectivelyDisclosableClaims : Query // Only non SD claims (Just the jwt part, no Disclosures)
data class ClaimInPath(val path: JsonPath, val filter: (Claim) -> Boolean = { true }) : Query
data class Many(val claimsInPath: List<JsonPath>) : Query
data object AllClaims: Query // All claims including selectively disclosable or non SD (The whole SD-JWT, all disclosures)
}
Notes:
Query.ClaimInPath
represents a requirement to present a claim that could be located (inside the recreated initial JSON) to the given JSON path and that should satisfy the filter
predicateA basic function, could have the following shape
fun <JWT> SdJwt.Issuance<JWT>.present(
claimsOf: (JWT) -> Claims,
query: Query
): SdJwt.Presentation<JWT>?
Notes:
Issuance
SD-JWT (This is what holder has)query
Hi @mickrau please stay tuned for this.
We found a solution for this by slightly enhancing the functionality that is currently available via recreateClaims
function.
The above function, actually traverses recursively all claims that exists in the
JWT
payload (of the SD-JWT) and in theDisclosures
of the SD-JWT for the purpose of recreating the unprotected claims of the SD-JWT (The JSON having all digests replaced by related claims)
Using this traverse function, it is possible to register a visitor that receives a notification every time a claim (selectively disclosed or not) is being processed.
With that at hand, it possible to create a function that given an issuance SD-JWT produces a
Map<JsonPath, List<Disclosures>>
.
Each entry has on the left the JSON path of the claim and on the right the list of disclosures that need to be released for this claim.
If the claim is
In summary: A function will be made available to the public API having the following shape
fun <JWT> SdJwt.Issuance<JWT>.disclosuresPerClaim(): Map<JsonPath, List<Disclosures>>
Hi @mickrau Can you please take a look in these examples?
They demonstrate some indicative presentation scenarios using the aforementioned API. I would appreciate any comment.
PR is almost done
Hi @babisRoutis,
thanks for your quick and detailed reply. I played a little with the new code. Looks very good to me and fullfills my requirements :-)
Thanks
Hi @babisRoutis,
thanks for your quick and detailed reply. I played a little with the new code. Looks very good to me and fullfills my requirements :-)
Thanks
@mickrau Good to hear :smile:
Hopefully on Monday we will release it. I think that we just need some updates on the readme .
@mickrau Released in v0.3.1 Thanks for raising this.
I would like to use your library to create a presentation as a holder.
In the KeyBindingTest there are code examples for the most relevant parts (see class HolderActor).
The only thing i'm missing is a sophisticating filtering of the disclosures that should be part of the SD-JWT presentation. In your example, you are using a function
whatToDisclose: (Claim) -> Boolean
to filter the disclosures. I see the problem that the objects neither of typeClaim
nor of typeDisclosure
have a context (path in the input claim set). Without context, it is not possible to make a clear decision (same JSON key can appear several times).I see two approaches to solving this problem:
DisclosureWithPath
to enable proper filteringreleaseClaims
object, which is a subset of all claims, as input and outputs a list of all disclosures that belong to thereleaseClaims
(see example OWF sd-jwt-kotlin library)Do you have any plans or more examples to implement proper filtering?