bc-pi
commented
5 months ago It seems like it could be helpful to implementors, allowing them to quickly validate whether what they have is syntactically an SD-JWT or an SD-JWT with key binding. Something like:
base64url ::= ALPHA / DIGIT / "-" / "_" JWT ::= base64url "." base64url "." base64url SD-JWT ::= JWT "~" [base64url "~"]* Fnord ::= SD-JWT JWT
The actual helpfulness of ABNF IMHO really depends on the readers familiarity with ABNF. I don't know that such familiarity is particularity prevalent. But, as long as it's correct, it doesn't hurt to include either. And while I'm not overly familiar with ABNF myself, I know enough to know that that isn't valid ABNF and doesn't quite correctly convey the SD-JWT constructs. I've endeavored* to fix it up but am not 100% sure this is correct either:
ALPHA = %x41-5A / %x61-7A ; A-Z / a-z
DIGIT = %x30-39 ; 0-9
base64url = 1*(ALPHA / DIGIT / "-" / "_")
JWT = base64url "." base64url "." base64url
SD-JWT = JWT "~" *[base64url "~"]
SD-JWT-KB = SD-JWT JWT* with a bit of help from https://author-tools.ietf.org/abnf
danielfett
bifurcation
Sakurann
It seems like it could be helpful to implementors, allowing them to quickly validate whether what they have is syntactically an SD-JWT or an SD-JWT with key binding. Something like: