search

oauth-wg / oauth-selective-disclosure-jwt

https://datatracker.ietf.org/doc/draft-ietf-oauth-selective-disclosure-jwt/
Other
55 stars 27 forks source link

Restructure enveloped SD-JWTs #376

Closed paulbastian closed 7 months ago

paulbastian commented 8 months ago

The current specification gives the example:

{
  "aud": "https://verifier.example.org",
  "iat": 2813308004,
  "nonce": "8z8z9X3jUtbthem84swFAzp4aqlHf-sCqQ6eM_qmpUQ",
  "_js_sd_jwt": {
    "protected": "eyJhbGciOiAiRVMyNTYifQ",
    "payload": "eyJfc2QiOiBbIjRIQm42YUlZM1d0dUdHV1R4LX...1NiJ9",
    "signature": "y_b8KFVc2GZ1n-...PKsjU3Q",
  }
  "disclosures": [
    "WyI2SWo3dE0tYTVpVlBHYm9TNXRtdlZBIiwgImZhbWlseV9uYW1...vZSJd",
    "WyJBSngtMDk1VlBycFR0TjRRTU9xUk9BIiwgImFkZHJlc3MiLC...iVVMifV0",
    "WyJlbHVWNU9nM2dTTklJO...V9BIiwgImdpdmVuX25hbWUiLCAiSm9obiJd"
 ]
}

I would propose the structure to be more similar to the structure of compact encoding, and shuffle the order in the example:

  "sd_jwt": {
    "protected": "eyJhbGciOiAiRVMyNTYifQ",
    "payload": "eyJfc2QiOiBbIjRIQm42YUlZM1d0dUdHV1R4LX...1NiJ9",
    "signature": "y_b8KFVc2GZ1n-...PKsjU3Q",
  }
  "disclosures": [
    "WyI2SWo3dE0tYTVpVlBHYm9TNXRtdlZBIiwgImZhbWlseV9uYW1...vZSJd",
    "WyJBSngtMDk1VlBycFR0TjRRTU9xUk9BIiwgImFkZHJlc3MiLC...iVVMifV0",
    "WyJlbHVWNU9nM2dTTklJO...V9BIiwgImdpdmVuX25hbWUiLCAiSm9obiJd"
 ],
  "kb_jwt": {
    "aud": "https://verifier.example.org",
    "iat": 2813308004,
    "nonce": "8z8z9X3jUtbthem84swFAzp4aqlHf-sCqQ6eM_qmpUQ"
  }
}

Also, the _sd_hash is missing

bc-pi commented 8 months ago

In that example, and generally with enveloping, the key binding is achieved by the signature on the enclosing JWT itself, which is over all the sd-jwt content and disclosures. The outer JWT is providing key binding so there's no separate KB JWT and the _sd_hash isn't needed or relevant because the selected disclosures are covered by the signature of the enclosing JWT (also the KB JWT and _sd_hash aren't defined for the JSON serialization).

The text https://www.ietf.org/archive/id/draft-ietf-oauth-selective-disclosure-jwt-06.html#section-10-5 introducing the example does attempt to describe it.

This next non-normative example payload shows a JSON serialized SD-JWT enveloped in a JWT. The JSON serialized SD-JWT appears as the value of an _js_sd_jwt claim and the disclosures are included separately as a top-level claim. Key Binding is achieved by the signature on the enclosing JWT.