Explicit clarification over correct formatting of objects with no disclosed elements

[MichaelFraser99]

If we take the following example of an SD-JWT:

eyJhbGciOiJSUzI1NiIsInR5cCI6ImFwcGxpY2F0aW9uL2pzb24rc2Qtand0In0.eyJfc2QiOlsienctOU1SQXdtcUJXeTFUOEVua0JvZ2lyVEpfU2NTbnZfSGlCenhOWXFUNCJdLCJjbmYiOnsiZSI6IkFRQUIiLCJrdHkiOiJSU0EiLCJuIjoidlpEc29UMW5HVjR4X1gzck9HTGUzOF8tQmpibVUtUWxlSjRIZU1Fbl9GRUZLaEhTc1ZIR1dsR28xZ2pBckR5a2d5d0VTQVg0dEhqdURMUFZiODlkNzQ2eVJIRVF3aXRIbU5sTE40c1NGQUd1MWNJSU1iUDNuM3RrSWtYQlh5U25pMXNCanV4b3lnMFU1UmJQd1lMN2J0NklqWS04OWljd2ZjTVV1N2p3aV80dFk2SUUyQXpTbm9sQi1RN21tS2o1ZXNWeEJ3RTIzTkdlamp2NmNvLWNtTFVZMEhuZFE2QXo1RldKbjlGRTA3RlFOeHQwVXNLaGZDTi05eGVnVXR1c1lDX3IyZlg2SnRsYy1UYWlwQWV5WEZ2RFVIVHVUSEdWSHNseGN5NFhPVS15WnE2OFhGaHJUQnZRTVNKV1dxRDR0MjYyXzlIR2k2QlEzVmlpbE51ZDd3In0sImZhbWlseV9uYW1lIjoiTcO8bGxlciIsImdpdmVuX25hbWUiOiJNYXgifQ.xj0X10080FANgzrdpfWrbF0DO0Y3KwiJzoO8-C-pj_DU6xjrG9kX9Nbh6rFhD1iuX_aGL-tXQwXaiGrgWLC72ws_mleRkQ6cvibl-ej9mr45iqZ2vd9rQavBh_q5v9AoKI3vu763ZEp49b_Z02acOWbIK9LlmSf3_hivHvV8mV5tpUCaSxD8JQ8tWbD5q5WhPofeAprm0_ygj4JmF0EuC_ARPmAZEK8of9kIKTgRKsLQuAPreQId8Sg7tTZaSLL4D47DZlWY0ioO2wn6QyYXIbHFnx01EKbsk_I3F0ha4P0h0UPif3KcIRh_tGkrjazejAv7mXd0jJLjF9CEGJzNYw~WyI1eWZHRjVxZnhKN2ViOXN0anBIR3dRIiwiYWRkcmVzcyIseyJfc2QiOlsiaFRiS1NZdVBaaW5qMVBja1N1Z0pfdnRhc3dFVEYxR0xPSVRpRnM1Wnl1dyIsIk0xU3FsVWNyZ1Ewc1FuRE1Vek5nVVFXVXBWM19XWEN0YzN3QWNNMUx4Y2siLCJ1OTdHb1cwRnZiVkl3dElBdWJGZEFIbTVjaG5wc0VFVm1jTzVGNUJxeG5JIl19XQ~

Where there is a single provided disclosure that decodes to:

[ ["5yfGF5qfxJ7eb9stjpHGwQ","address",{"_sd":["hTbKSYuPZinj1PckSugJ_vtaswETF1GLOITiFs5Zyuw","M1SqlUcrgQ0sQnDMUzNgUQWUpV3_WXCtc3wAcM1Lxck","u97GoW0FvbVIwtIAubFdAHm5chnpsEEVmcO5F5BqxnI"]}] ]

The disclosure value is an address claim which has all of it's values as disclosable. In the given scenario where the presence of the address claim has been disclosed yet none of the contents disclosed, I believe it would be good to be explicit over the desired result here

Reading through the steps in 8.1. I think the implicit correct result would be to have the above boil down to { "cnf": { "e": "AQAB", "kty": "RSA", "n": "vZDsoT1nGV4x_X3rOGLe38_-BjbmU-QleJ4HeMEn_FEFKhHSsVHGWlGo1gjArDykgywESAX4tHjuDLPVb89d746yRHEQwitHmNlLN4sSFAGu1cIIMbP3n3tkIkXBXySni1sBjuxoyg0U5RbPwYL7bt6IjY-89icwfcMUu7jwi_4tY6IE2AzSnolB-Q7mmKj5esVxBwE23NGejjv6co-cmLUY0HndQ6Az5FWJn9FE07FQNxt0UsKhfCN-9xegUtusYC_r2fX6Jtlc-TaipAeyXFvDUHTuTHGVHslxcy4XOU-yZq68XFhrTBvQMSJWWqD4t262_9HGi6BQ3ViilNud7w" }, "family_name": "Müller", "given_name": "Max", "address": {} }

where address is an empty object. I think explicitly specifying this in the spec would be valuable

Possibly something worded akin to: In the scenario where an object claim's presence is disclosed yet the entire contents of the object has not been, the result should be an empty object

[bc-pi]

I do think it's implied as you described but an explicit clarification would be worthwhile. Something like the wording would work but I'm not sure where to fit it in easily with the current text. Probably a note in https://www.ietf.org/archive/id/draft-ietf-oauth-selective-disclosure-jwt-08.html#section-8.1 somewhere. https://www.ietf.org/archive/id/draft-ietf-oauth-selective-disclosure-jwt-08.html#section-8.1-4.3.2.5 is the the step that would leave the empty object - so maybe a note on that step (worded slightly differently to fit there)? Or just a note near the end of 8.1 somewhere?