search

oauth-wg / oauth-selective-disclosure-jwt

https://datatracker.ietf.org/doc/draft-ietf-oauth-selective-disclosure-jwt/
Other
56 stars 30 forks source link

sd_alg, _sd_alg - Option for claims reuse? #468

Open alenhorvat opened 1 week ago

alenhorvat commented 1 week ago

Dear,

First, I would like to express my gratitude for your excellent work on this project.

I have a question regarding the definitions of the following claims:

Claim Name: _sd Claim Description: Digests of Disclosures for object properties

Claim Name: _sd_alg Claim Description: Hash algorithm used to generate Disclosure digests and digest over presentation

Currently, the _sd claim is limited to digests of disclosures. However, there are other mechanisms available for blinding claims, such as Zero-Knowledge Proofs (ZKPs), signatures, and similar techniques. Since the design of _sd is quite robust and generic, would the authors consider broadening its definition to encompass these additional mechanisms?

Proposal:

Claim Name: _sd Claim Description: Blinded (or hidden) claims as defined by the Selective Disclosure Algorithm Additionally, similar to _sd_alg, it could be constructed from {sd-name}:{properties}.

Proposal:

Claim Name: _sd_alg Claim Description: Selective disclosure algorithm name For example, the algorithm name could be registered as something like: sd-jwt:sha-256.

Thank you very much for your time and consideration of this suggestion. I look forward to your feedback.

Sakurann commented 5 days ago

Hi Alen! Thank you for the suggestion. It feels a little immature to make a generalization for ZKP when those are not yet stably used with SD-JWT VCs and also feels like a violation of best/common practices by using the same claim for multiple purposes - for both pure sd-jwt mechanisms and zkp-based mechanisms.

It might be better and less breaking changes to later define a separate specification how to do sd-jwt with zkp

alenhorvat commented 5 days ago

Dear, Kristina.

I fully agree that other selective disclosure algorithms should be defined in separate specifications and in no way I'm asking to broaden the scope of this great work.

My question is simpler. Since the designs of _sd and _sd_alg are reusable with other (e.g., ZKP?) specifications, my question is if the definitions can be broadened.

If this results in a positive resolution, impact on the existing implementations is parsing of the _sd_alg claim that would define the full name of the sd algorithm, in this case something like sd-jwt:sha256 (or similar).

Thank you for your time and answers!