search

ietf-wg-spice / draft-ietf-spice-sd-cwt

SPICE SD-CWT
https://ietf-wg-spice.github.io/draft-ietf-spice-sd-cwt/intialize-draft-contents/draft-ietf-spice-sd-cwt.html
Other
3 stars 2 forks source link

Create a better set of default examples #26

Open mprorock opened 2 weeks ago

mprorock commented 2 weeks ago

Identify a better example case that is not age verification over web, and update spec with that example accordingly

mprorock commented 3 days ago

@rohanmahy will something like this work for example?

/ cose-sign1 / 18([
  / protected / << {
    / alg / 1  : -35, / ES384 /
    / typ / 16 : "application/sd+cwt",
    / kid / 4  : 'https://issuer.example/cwk3.cbor'
  } >>,
  / unprotected / {
    / sd_claims / 17 : / these are all the disclosures /
    <<[
        <<[
            /salt/   h'8d5c15fa86265d8ff77a0e92720ca837',
            /claim/  "inspection_result",
            /value/  true
        ]>>,
        <<[
            /salt/   h'd84c364fad31e0075213141ca7d1408f',
            /claim/  "location",
            /value/  {
                "country": "us", 
                "region": "ca", / California /
                "postal_code": "94188"
            }
        ]>>,
        <<[
            /salt/   h'86c84b9c3614ba27073c7e5a475a2a13',
            /claim/  "inspection_details",
            /value/  60(h'c47e3b047c1cd6d9d1e1e01514bc2ec9' +
                         h'ed010ac9ae1c93403ec72572bb1e00e7') / redacted /
        ]>>
    ]>>
  },
  / payload / << {
    / iss / 1  : "https://issuer.example",
    / sub / 2  : "WRQ2RbY5RYJCIxfDQL9agl9fFSCYVu4Xocqb6zerc1M",
    / exp / 4  : 1725330600, /2024-09-02T19:30:00Z/
    / nbf / 5  : 1725243840, /2024-09-01T19:25:00Z/
    / iat / 6  : 1725244200, /2024-09-01T19:30:00Z/
    / cnf / 8  : {
      / cose key / 1 : {
        / alg: ES256 /  3: -7,
        / kty: EC2   /  1: 2,
        / crv: P-256 / -1: 1,
        / x / -2: h'hVTrJ13Nb70cesZBqiyQ2SAi_Q0wJLWvGMfMYa1Sei0',
        / y / -3: h'TceuLGd-ltDMgll2Vc6S1VA_VCk9h4ddHnnOR3AZQ0M'
      }
    },
    / sd_alg /  12 : -16  / SHA256 /,
    / redacted_claim_keys / -65536 : [
        / redacted inspection_details /
        h'c47e3b047c1cd6d9d1e1e01514bc2ec9' +
        h'ed010ac9ae1c93403ec72572bb1e00e7'
    ],
    "inspection_result": true,
    "location": {
        "country": "us",            / United States /
        "region": "ca",             / California /
        "postal_code": "94188"
    }
  } >>,
  / signature / h'3337af2e66959614' /TODO: fix /
])
rohanmahy commented 3 days ago

how about these instead for the unredacted claims?

/most_recent_inspection_passed/ 500: true,
/inspector_license_number/ 501: "ABCD-123456",
/inspection_dates/ 502 : [
  1549560720,   / 2019-02-07T17:32:00 /
  1612498440,   / 2021-02-04T20:14:00 /
  1674004740,   / 2023-01-17T17:19:00 /
],
/inspection_location/ 503: {
        "country": "us",            / United States /
        "region": "ca",             / California /
        "postal_code": "94188"
}

I'll leave most_recent_inspection_passed and the latest date as fixed claims in the example, and the rest of the claims can be disclosable.

mprorock commented 3 days ago

that totally works

how about these instead for the unredacted claims?

/most_recent_inspection_passed/ 500: true, /inspector_license_number/ 501: "ABCD-123456", /inspection_dates/ 502 : [ 1549560720, / 2019-02-07T17:32:00 / 1612498440, / 2021-02-04T20:14:00 / 1674004740, / 2023-01-17T17:19:00 / ], /inspection_location/ 503: { "country": "us", / United States / "region": "ca", / California / "postal_code": "94188" }

I'll leave most_recent_inspection_passed and the latest date as fixed claims in the example, and the rest of the claims can be disclosable.