example for key binding

Question

example for key binding

c2bo opened this issue 4 months ago · comments

Christian Bormann commented 4 months ago

The example at 4.2 (https://drafts.oauth.net/oauth-sd-jwt-vc/draft-ietf-oauth-sd-jwt-vc.html#name-examples) seems to be broken in its current state:

eyJhbGciOiAiRVMyNTYiLCAidHlwIjogInZjK3NkLWp3dCIsICJraWQiOiAiZG9jLXNp
Z25lci0wNS0yNS0yMDIyIn0.eyJfc2QiOiBbIjA5dktySk1PbHlUV00wc2pwdV9wZE9C
VkJRMk0xeTNLaHBINTE1blhrcFkiLCAiMnJzakdiYUMwa3k4bVQwcEpyUGlvV1RxMF9k
YXcxc1g3NnBvVWxnQ3diSSIsICJFa084ZGhXMGRIRUpidlVIbEVfVkNldUM5dVJFTE9p
ZUxaaGg3WGJVVHRBIiwgIklsRHpJS2VpWmREd3BxcEs2WmZieXBoRnZ6NUZnbldhLXNO
NndxUVhDaXciLCAiSnpZakg0c3ZsaUgwUjNQeUVNZmVadTZKdDY5dTVxZWhabzdGN0VQ
WWxTRSIsICJQb3JGYnBLdVZ1Nnh5bUphZ3ZrRnNGWEFiUm9jMkpHbEFVQTJCQTRvN2NJ
IiwgIlRHZjRvTGJnd2Q1SlFhSHlLVlFaVTlVZEdFMHc1cnREc3JaemZVYW9tTG8iLCAi
amRyVEU4WWNiWTRFaWZ1Z2loaUFlX0JQZWt4SlFaSUNlaVVRd1k5UXF4SSIsICJqc3U5
eVZ1bHdRUWxoRmxNXzNKbHpNYVNGemdsaFFHMERwZmF5UXdMVUs0Il0sICJpc3MiOiAi
aHR0cHM6Ly9leGFtcGxlLmNvbS9pc3N1ZXIiLCAiaWF0IjogMTY4MzAwMDAwMCwgImV4
cCI6IDE4ODMwMDAwMDAsICJ2Y3QiOiAiaHR0cHM6Ly9jcmVkZW50aWFscy5leGFtcGxl
LmNvbS9pZGVudGl0eV9jcmVkZW50aWFsIiwgIl9zZF9hbGciOiAic2hhLTI1NiIsICJj
bmYiOiB7Imp3ayI6IHsia3R5IjogIkVDIiwgImNydiI6ICJQLTI1NiIsICJ4IjogIlRD
QUVSMTladnUzT0hGNGo0VzR2ZlNWb0hJUDFJTGlsRGxzN3ZDZUdlbWMiLCAieSI6ICJa
eGppV1diWk1RR0hWV0tWUTRoYlNJaXJzVmZ1ZWNDRTZ0NGpUOUYySFpRIn19fQ.RYAGd
0CrhTtnSJeZX9TlAxOqVq1cHg9DeVlzGMQ5GcPLMli_ymAThQVm9lP-XDndP2heaTjQd
cAvTNtbe2sOfg~WyJRZ19PNjR6cUF4ZTQxMmExMDhpcm9BIiwgImFkZHJlc3MiLCB7In
N0cmVldF9hZGRyZXNzIjogIjEyMyBNYWluIFN0IiwgImxvY2FsaXR5IjogIkFueXRvd2
4iLCAicmVnaW9uIjogIkFueXN0YXRlIiwgImNvdW50cnkiOiAiVVMifV0~eyJhbGciOi
AiRVMyNTYiLCAidHlwIjogImtiK2p3dCJ9.eyJub25jZSI6ICIxMjM0NTY3ODkwIiwgI
mF1ZCI6ICJodHRwczovL2V4YW1wbGUuY29tL3ZlcmlmaWVyIiwgImlhdCI6IDE3MDk1N
zk3MjYsICJzZF9oYXNoIjogIjYyZjM0eDRmRTRZZG1SU3RHSVdBQ1FpemdoVUFzdEE1Y
W9GV2JTUFA4VlUifQ.H0Fi2Wc3UjuAsZbhfhKWqgZYd2oj20bnY_tKWP6sg3cKbhDpRC
h_vCPmoHgR6MNGC1B4JcmftOxPMJ13dE3g5w

has only 1 disclosure and the digest does not match any of the ones defined in the payload.

Christian Bormann · Answer 1 · Sat Mar 09 2024 22:55:36 GMT+0800 (China Standard Time)

Never mind regarding the digest, that matches - that was a mistake on my side.
Do you think it makes sense to add a short remark that this example only discloses the address? It reads like it should have the same disclosures as the ones given before, but is configured to only disclose the address.

Lukas.J.Han · Answer 2 · Sat Mar 09 2024 23:18:25 GMT+0800 (China Standard Time)

I think that example is originated from encoded example in section 3.3 (https://drafts.oauth.net/oauth-sd-jwt-vc/draft-ietf-oauth-sd-jwt-vc.html#name-example). They have address disclosure.

And also short description exist in 4.2. but it's separated before and after the example. So I guess I'm a little confused.

The following is a non-normative example of a presentation of the SD-JWT shown above including a Key Binding JWT:

In this presentation, the Holder provides only the Disclosure for the claim address. Other claims are not disclosed to the Verifier.

How about writing it all at once? I'm proposing like:

The following is a non-normative example of a presentation of the SD-JWT shown above(3.3). In this presentation, the Holder provides only the Disclosure for the claim address including a Key Binding JWT. Other claims are not disclosed to the Verifier:

Christian Bormann · Answer 3 · Sun Mar 10 2024 00:17:32 GMT+0800 (China Standard Time)

Yeah, that would help imho. My main concern was that the example didn't properly work for some reason but that was an error on my part / my implementation.
I am also fine with just closing this as it would only be a very minor change, but I do believe it would be a bit easier to understand if it's together in one part - especially if people are just searching for some examples to test with implementations.

Lukas.J.Han · Answer 4 · Sun Mar 10 2024 07:36:53 GMT+0800 (China Standard Time)

@c2bo Good I'll open a PR for it :)