Closed paulbastian closed 7 months ago
In that example, and generally with enveloping, the key binding is achieved by the signature on the enclosing JWT itself, which is over all the sd-jwt content and disclosures. The outer JWT is providing key binding so there's no separate KB JWT and the _sd_hash isn't needed or relevant because the selected disclosures are covered by the signature of the enclosing JWT (also the KB JWT and _sd_hash aren't defined for the JSON serialization).
The text https://www.ietf.org/archive/id/draft-ietf-oauth-selective-disclosure-jwt-06.html#section-10-5 introducing the example does attempt to describe it.
This next non-normative example payload shows a JSON serialized SD-JWT enveloped in a JWT. The JSON serialized SD-JWT appears as the value of an _js_sd_jwt claim and the disclosures are included separately as a top-level claim. Key Binding is achieved by the signature on the enclosing JWT.
The current specification gives the example:
I would propose the structure to be more similar to the structure of compact encoding, and shuffle the order in the example:
Also, the
_sd_hash
is missing