ssi-sd-jwt implementation

[tristanmiller-spruceid]

This new crate implements the sd-jwt specification as found here:

https://datatracker.ietf.org/doc/draft-ietf-oauth-selective-disclosure-jwt/

This is an RFC PR to provide a base for discussion, particularly around the shape of the public API.

TODO

• [x] More comments on public API (examples exist in tests folder)
• [x] Creating sd-jwts where selectively disclosed claims aren't in the root of the payload
• [x] Creating sd-jwts with recursively disclosed claims (ie. sd claims that that contain additional sd claims)
• [ ] No key binding JWT support

[CLAassistant]

All committers have signed the CLA.

[justAnIdentity]

Am I correct thinking this implementation takes the Flat SD-JWT approach for nested data? I think that's fine, but just want to make sure we take that decision conciously cc @cobward

[Voronar]

Do you plan integration with ssi-vc? Will we see new enum value here https://github.com/spruceid/ssi/blob/main/ssi-vc/src/lib.rs#L282?

[tristanmiller-spruceid]

Do you plan integration with ssi-vc? Will we see new enum value here https://github.com/spruceid/ssi/blob/main/ssi-vc/src/lib.rs#L282?

I imagined that SD-JWT + VC would be a separate pull request, but I can integrate that here if that's required.

[tristanmiller-spruceid]

Am I correct thinking this implementation takes the Flat SD-JWT approach for nested data? I think that's fine, but just want to make sure we take that decision conciously cc @cobward

The highlevel API only supports Flat SD-JWT, but an example of using the lower level API to parse a more complex JWT that is both nested and contains recursive disclosures is given in https://github.com/tristanmiller-spruceid/ssi/blob/5bfe8af2d9ffabe3b7b68db79f5943ffd3c4fb10/ssi-sd-jwt/tests/rfc_examples.rs#L181 and to create and parse a nested JWT is here https://github.com/tristanmiller-spruceid/ssi/blob/5bfe8af2d9ffabe3b7b68db79f5943ffd3c4fb10/ssi-sd-jwt/tests/full_pathway.rs#L119