Support for SD-JWT

[David-Chadwick]

The IETF is specifying a standard way for the selective disclosure of JSON objects, which includes verifiable credentials. See
https://www.ietf.org/archive/id/draft-ietf-oauth-selective-disclosure-jwt-02.html#name-creating-an-sd-jwt
We should add support to the VC DM for this type of VC.
How a credential is proofed is flexible in the VC DM - it can be external or internal via the proof property.
SD-JWTs are a different way of externally proofing a credential. Consequently we should do the following:
i) write a new document (analogous to the current JWT spec) to say how W3C credentials are proofed using SD-JWT
ii) add details to the DM to say how presentations may incorporate SD-JWTs and disclosures instead of (or as well as) VCs
For example

{
  "@context": [
    "https://www.w3.org/2018/credentials/v1",
    "https://www.w3.org/2018/credentials/examples/v1"
  ],
  "id": "urn:uuid:3978344f-8596-4c3a-a978-8fcaba3903c5",
  "type": ["VerifiablePresentation", "SD-JWTPresentation"],
  "sdJWTCredential": [{ eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImNBRUlVcUowY21MekQxa3pHemhlaUJhZzBZ
UkF6VmRsZnhOMjgwTmdIYUEifQ.eyJfc2QiOiBbIk5ZQ29TUktFWXdYZHBlNXlkdUpYQ
3h4aHluRVU4ei1iNFR5TmlhcDc3VVkiLCAiU1k4bjJCYmtYOWxyWTNleEhsU3dQUkZYb
0QwOUdGOGE5Q1BPLUc4ajIwOCIsICJUUHNHTlBZQTQ2d21CeGZ2MnpuT0poZmRvTjVZM
UdrZXpicGFHWkNUMWFjIiwgIlprU0p4eGVHbHVJZFlCYjdDcWtaYkpWbTB3MlY1VXJSZ
U5UekFRQ1lCanciLCAibDlxSUo5SlRRd0xHN09MRUlDVEZCVnhtQXJ3OFBqeTY1ZEQ2b
XRRVkc1YyIsICJvMVNBc0ozM1lNaW9POXBYNVZlQU0xbHh1SEY2aFpXMmtHZGtLS0JuV
mxvIiwgInFxdmNxbmN6QU1nWXg3RXlrSTZ3d3RzcHl2eXZLNzkwZ2U3TUJiUS1OdXMiX
SwgImlzcyI6ICJodHRwczovL2V4YW1wbGUuY29tL2lzc3VlciIsICJpYXQiOiAxNTE2M
jM5MDIyLCAiZXhwIjogMTUxNjI0NzAyMiwgIl9zZF9hbGciOiAic2hhLTI1NiIsICJjb
mYiOiB7Imp3ayI6IHsia3R5IjogIlJTQSIsICJuIjogInBtNGJPSEJnLW9ZaEF5UFd6U
jU2QVdYM3JVSVhwMTFfSUNEa0dnUzZXM1pXTHRzLWh6d0kzeDY1NjU5a2c0aFZvOWRiR
29DSkUzWkdGX2VhZXRFMzBVaEJVRWdwR3dyRHJRaUo5enFwcm1jRmZyM3F2dmtHanR0a
DhaZ2wxZU0yYkpjT3dFN1BDQkhXVEtXWXMxNTJSN2c2SmcyT1ZwaC1hOHJxLXE3OU1oS
0c1UW9XX21UejEwUVRfNkg0YzdQaldHMWZqaDhocFdObmJQX3B2NmQxelN3WmZjNWZsN
nlWUkwwRFYwVjNsR0hLZTJXcWZfZU5HakJyQkxWa2xEVGs4LXN0WF9NV0xjUi1FR21YQ
U92MFVCV2l0U19kWEpLSnUtdlhKeXcxNG5IU0d1eFRJSzJoeDFwdHRNZnQ5Q3N2cWltW
EtlRFRVMTRxUUwxZUU3aWhjdyIsICJlIjogIkFRQUIifX19.xqgKrDO6dK_oBL3fiqdc
q_elaIGxM6Z-RyuysglGyddR1O1IiE3mIk8kCpoqcRLR88opkVWN2392K_XYfAuAmeT9
kJVisD8ZcgNcv-MQlWW9s8WaViXxBRe7EZWkWRQcQVR6jf95XZ5H2-_KA54POq3L42xj
k0y5vDr8yc08Reak6vvJVvjXpp-Wk6uxsdEEAKFspt_EYIvISFJhfTuQqyhCjnaW13X3
12MSQBPwjbHn74ylUqVLljDvqcemxeqjh42KWJq4C3RqNJ7anA2i3FU1kB4-KNZWsijY
7-op49iL7BrnIBxdlAMrbHEkoGTbFWdl7Ki17GHtDxxa1jaxQg~WyJkcVR2WE14UzBHY
TNEb2FHbmU5eDBRIiwgInN1YiIsICJqb2huX2RvZV80MiJd~WyIzanFjYjY3ejl3a3Mw
OHp3aUs3RXlRIiwgImdpdmVuX25hbWUiLCAiSm9obiJd~WyJxUVdtakpsMXMxUjRscWh
FTkxScnJ3IiwgImZhbWlseV9uYW1lIiwgIkRvZSJd~WyJLVXhTNWhFX1hiVmFjckdBYz
dFRnd3IiwgImVtYWlsIiwgImpvaG5kb2VAZXhhbXBsZS5jb20iXQ
 }],
}

Note that the above credential contains 7 hidden/hashed properties but only 4 of them have been disclosed to the verifier

[Sakurann]

Thanks for bringing this up, David. I think SD-JWT-VC can be created in an interoperable manner without an additional specification in W3C VC WG. Latest SD-JWT draft has two examples (4a and 4b) of SD-JWT-VC with two different payloads: one uses cty defined in section 6.3 of VCDM 2.0 and another uses cty defined in section 4 of VC-JWT spec.

SD-JWT spec allows to include combined format for presentations (a term defined in the SD-JWT spec which refers to SD-JWT + Disclosures) in a container such as a Verifiable Presentation (spec text here). So a presentation would simply use verifiableCredential property to pass SD-JWT-VCs (or combined format of presentations to be precise), just like when passing VC-JWTs.

[iherman]

The issue was discussed in a meeting on 2023-06-07

• no resolutions were taken

View the transcript

2.1. Support for SD-JWT (issue vc-data-model#1019)

See github issue vc-data-model#1019.

Brent Zundel: Discuss issue 1019.

Joe Andrieu: Thinks it would be hard to discuss this without Kristina's input.

Orie Steele: +1 to closing the issue, it's being resolved elsewhere.

David Chadwick: Has this been superseded by Oliver's email requesting this has been moved to a work item with some positive replies on the working group.

Brent Zundel: talking into mute.

Andres Uribe: +1 to close as well.

Brent Zundel: agreement that this needs to be done but not here. So should be pending close as its being done elsewhere.

David Chadwick: I'm happy with it being pending closed.

Phillip Long: +1 to mark it pending closed.

Joe Andrieu: +1 to close.

Orie Steele: +1 David.

Brent Zundel: Marking issue as pending closed.

[brentzundel]

No objections raised to closing since being marked pending close, per the conversation during our last meeting. Closing.