Closed bifurcation closed 1 month ago
It seems like it could be helpful to implementors, allowing them to quickly validate whether what they have is syntactically an SD-JWT or an SD-JWT with key binding. Something like:
base64url ::= ALPHA / DIGIT / "-" / "_" JWT ::= base64url "." base64url "." base64url SD-JWT ::= JWT "~" [base64url "~"]* Fnord ::= SD-JWT JWT
The actual helpfulness of ABNF IMHO really depends on the readers familiarity with ABNF. I don't know that such familiarity is particularity prevalent. But, as long as it's correct, it doesn't hurt to include either. And while I'm not overly familiar with ABNF myself, I know enough to know that that isn't valid ABNF and doesn't quite correctly convey the SD-JWT constructs. I've endeavored* to fix it up but am not 100% sure this is correct either:
ALPHA = %x41-5A / %x61-7A ; A-Z / a-z
DIGIT = %x30-39 ; 0-9
base64url = 1*(ALPHA / DIGIT / "-" / "_")
JWT = base64url "." base64url "." base64url
SD-JWT = JWT "~" *[base64url "~"]
SD-JWT-KB = SD-JWT JWT
* with a bit of help from https://author-tools.ietf.org/abnf
Looks good to me, thank you!
Maybe a small improvement would be to introduce a name for disclosure?
ALPHA = %x41-5A / %x61-7A ; A-Z / a-z
DIGIT = %x30-39 ; 0-9
base64url = 1*(ALPHA / DIGIT / "-" / "_")
JWT = base64url "." base64url "." base64url
DISCLOSURE = base64url
SD-JWT = JWT "~" *[DISCLOSURE "~"]
SD-JWT-KB = SD-JWT JWT
That's a good improvement, thanks!
Looks good to me, and appears valid according to the IETF ABNF parser.
(SD-JWT-KB part of the ABNF depends on another PR)
need to wait after #394 is resolved to do a PR.
maybe add a KB-JWT line to be even more better? a la:
ALPHA = %x41-5A / %x61-7A ; A-Z / a-z
DIGIT = %x30-39 ; 0-9
base64url = 1*(ALPHA / DIGIT / "-" / "_")
JWT = base64url "." base64url "." base64url
DISCLOSURE = base64url
SD-JWT = JWT "~" *[DISCLOSURE "~"]
KB-JWT = JWT
SD-JWT-KB = SD-JWT KB-JWT
It seems like it could be helpful to implementors, allowing them to quickly validate whether what they have is syntactically an SD-JWT or an SD-JWT with key binding. Something like: