Add Use Case: Holder Presentation

[mickrau]

I would like to use your library to create a presentation as a holder.

In the KeyBindingTest there are code examples for the most relevant parts (see class HolderActor).

The only thing i'm missing is a sophisticating filtering of the disclosures that should be part of the SD-JWT presentation. In your example, you are using a function whatToDisclose: (Claim) -> Boolean to filter the disclosures. I see the problem that the objects neither of type Claim nor of type Disclosure have a context (path in the input claim set). Without context, it is not possible to make a clear decision (same JSON key can appear several times).

I see two approaches to solving this problem:

• add context, e.g. JSON Path, to the disclosures -> DisclosureWithPath to enable proper filtering
• provide filter function that has a releaseClaims object, which is a subset of all claims, as input and outputs a list of all disclosures that belong to the releaseClaims (see example OWF sd-jwt-kotlin library)

Do you have any plans or more examples to implement proper filtering?

[babisRoutis]

Hi @mickrau

Indeed, you are right that this is a feature that is missing.

For starters, I think that we need to clarify how the requirements of the verifier (what to disclose) will be represented. Perhaps, this could be a list of JSON Path expressions (or in the future a list of claim paths).

I will need some time to check for a possible solution (will also consider your proposals).

[babisRoutis]

Perhaps an approach to implement this could be:

Representation of verifier requirements

typealias JsonPath = String

sealed interface Query {
    data object OnlyNonSelectivelyDisclosableClaims : Query // Only non SD claims (Just the jwt part, no Disclosures)
    data class ClaimInPath(val path: JsonPath, val filter: (Claim) -> Boolean = { true }) : Query
    data class Many(val claimsInPath: List<JsonPath>) : Query
    data object AllClaims: Query // All claims including selectively disclosable or non SD (The whole SD-JWT, all disclosures)
}

Notes:

• could also expressed as two data classes
• The Query.ClaimInPath represents a requirement to present a claim that could be located (inside the recreated initial JSON) to the given JSON path and that should satisfy the filter predicate

Presentation function

A basic function, could have the following shape

fun <JWT> SdJwt.Issuance<JWT>.present(
    claimsOf: (JWT) -> Claims,
    query: Query
): SdJwt.Presentation<JWT>? 

Notes:

• It applicable to an Issuance SD-JWT (This is what holder has)
• It receives the verifier's requirements via query

[babisRoutis]

Hi @mickrau please stay tuned for this.

We found a solution for this by slightly enhancing the functionality that is currently available via recreateClaims function.

The above function, actually traverses recursively all claims that exists in the

• JWT payload (of the SD-JWT) and in the
• Disclosures of the SD-JWT

for the purpose of recreating the unprotected claims of the SD-JWT (The JSON having all digests replaced by related claims)

Using this traverse function, it is possible to register a visitor that receives a notification every time a claim (selectively disclosed or not) is being processed.

With that at hand, it possible to create a function that given an issuance SD-JWT produces a Map<JsonPath, List<Disclosures>>. Each entry has on the left the JSON path of the claim and on the right the list of disclosures that need to be released for this claim. If the claim is

• not selectively disclosable, it will be associated with an empty list.
• selectively disclosable, it will be associated with the disclosures that need to be presented

In summary: A function will be made available to the public API having the following shape

fun <JWT> SdJwt.Issuance<JWT>.disclosuresPerClaim(): Map<JsonPath, List<Disclosures>>

[babisRoutis]

Hi @mickrau Can you please take a look in these examples?

They demonstrate some indicative presentation scenarios using the aforementioned API. I would appreciate any comment.

PR is almost done

[mickrau]

Hi @babisRoutis,

thanks for your quick and detailed reply. I played a little with the new code. Looks very good to me and fullfills my requirements :-)

Thanks

[babisRoutis]

Hi @babisRoutis,

thanks for your quick and detailed reply. I played a little with the new code. Looks very good to me and fullfills my requirements :-)

Thanks

@mickrau Good to hear :smile:

Hopefully on Monday we will release it. I think that we just need some updates on the readme .

[babisRoutis]

@mickrau Released in v0.3.1 Thanks for raising this.