CBOR structure - Githubissues

peppelinux / draft-demarco-oauth-status-assertions

OAuth 2.0 Status Assertions for Digital Credentials

Other

4 stars 5 forks source link

CBOR structure #72

Open peppelinux opened 3 months ago

peppelinux commented 3 months ago

in CBOR, this structure might be a better solution for this:

COSE_X509 = bstr / [ 2*certs: bstr ]
COSE_CertHash = [ hashAlg: (int / tstr), hashValue: bstr ]

See https://datatracker.ietf.org/doc/html/rfc9360

_Originally posted by @OR13 in https://github.com/peppelinux/draft-demarco-oauth-status-assertions/pull/65#discussion_r1635626847_

OR13 commented 3 months ago

currently the draft would require us to register 2 new CWT claims for credential_hash_alg, and credential_hash.

but in CBOR, you can register a single claim like:

credential_hash, and set it to be an array where the first element is a COSE alg for a hash, like -16 for sha-256, and the second element is the hash value.

in CDDL:

CWT_Claims = {
  &(iss: 1) => tstr
  &(sub: 2) => tstr
  &(credential_hash: TBD) => [ hashAlg: (int / tstr), hashValue: bstr ]
  * int => any
}