ietf-wg-spice / draft-ietf-spice-sd-cwt

SPICE SD-CWT
https://ietf-wg-spice.github.io/draft-ietf-spice-sd-cwt/intialize-draft-contents/draft-ietf-spice-sd-cwt.html
Other
3 stars 2 forks source link

renaming "sd_claims" #24

Open beltram opened 1 week ago

beltram commented 1 week ago

Currently, disclosed claims, represented in the CDDL by a salted_array have the same name (sd_claims) and the same key (TBD1), regardless if they are in the issued token or the presented one.

First of all, in each case they carry different semantics: they are "potentially disclosable" in the sd-cwt-issued whereas they are actually "actually disclosed" in the sd-cwt-presentation. So I think they should have at least a different name. Since we're not using JSON we do not have to abbreviate our keys so I would go for a full name.

Then, they both have structural differences. If we add Decoys as suggested in #11 , the sd_claims issued supports them whereas the presented one must not. I think it will help down the road help implementation of the spec easier by "making illegal state unrepresentable".

I think it could look like this:

salted-issued = salted-claim / salted-element / decoy
salted-presentation = salted-claim / salted-element

salted-array-issued = [ +bstr .cbor salted-issued ]
salted-array-presentation = [ +bstr .cbor salted-presentation ]

unprotected-issued = {
   &(disclosures-issued: TBD_X) ^ => bstr .cbor salted-array-issued,
}

unprotected-presentation = {
   ? &(disclosures-presentation: TBD_Y) ^ => bstr .cbor salted-array-presentation,
}

What do you think ? I'll be happy to contribute to that in a PR.