[OAUTH-WG] Re: WGLC for SD-JWT

Dick Hardt <dick.hardt@gmail.com> Wed, 04 September 2024 12:25 UTC

Return-Path: <dick.hardt@gmail.com>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 2C6D8C14F748 for <oauth@ietfa.amsl.com>; Wed, 4 Sep 2024 05:25:38 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.106
X-Spam-Level:
X-Spam-Status: No, score=-2.106 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=unavailable autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id cx9VZ8nu84Wm for <oauth@ietfa.amsl.com>; Wed, 4 Sep 2024 05:25:34 -0700 (PDT)
Received: from mail-yb1-xb2f.google.com (mail-yb1-xb2f.google.com [IPv6:2607:f8b0:4864:20::b2f]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature ECDSA (P-256) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 4B5D3C14F713 for <oauth@ietf.org>; Wed, 4 Sep 2024 05:25:34 -0700 (PDT)
Received: by mail-yb1-xb2f.google.com with SMTP id 3f1490d57ef6-e02b79c6f21so6956739276.2 for <oauth@ietf.org>; Wed, 04 Sep 2024 05:25:34 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1725452733; x=1726057533; darn=ietf.org; h=cc:to:subject:message-id:date:from:reply-to:in-reply-to:references :mime-version:from:to:cc:subject:date:message-id:reply-to; bh=8Hqj1mKoODJwhR/OBe3BARtphWsE7J0t8Ge+2Pf06UY=; b=a9sH83gf0Oyplh5pXEhkjbmU0x+I709gRI8BW6uyHDJ24tzVQ5oSTwM/EzYztwst0m eK6Hx9Sc9RBmG5eXL37r+655apFIlqKhfE0ZvwN1Sp4BldKRgDDh5VmBj+4zyl8hZkeB 9JEdGBlk/Ja0DLyLds8XxaVbgeMkOaCp/186LTV1u4vJ/oZYJyX914Wwk/v6eybNvIjc pPAfKFyb/MgRZfhDzLMuI5NIs4H3GSksC2PPUBgb9cXDt7dQPd6bN/N1qOgGlg3L6rVh 85Gz6+1s/p5pEy8emNTXks3DwTGlgEOglNP0qlP3sd7+AQGHunM/4e7AAbOSV7cSSG1W KY6A==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1725452733; x=1726057533; h=cc:to:subject:message-id:date:from:reply-to:in-reply-to:references :mime-version:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=8Hqj1mKoODJwhR/OBe3BARtphWsE7J0t8Ge+2Pf06UY=; b=FAhPygVOnTLFJVWCNTut53DgZjvVBGgQjbyec6OQiXEz9ZFxYHGgvk//QDQfx9A/lq vL6x7tYrOSoZj85GNoLDCCofOUHcm9QIesCTsPypEiVz+F1c9w4NdViV9UoARgu47Zvz icVA8whsce7VZLWiX3FoEYRMJviveHGs/e28VP6YVgjCnMzxYQWgdioa16o6A7R5+NyT 8+ZD/lNfA86vWIS7lq8np4xpPXVL+KG7+wx+OSmYlwZg3LIiD0kk4hBLVo8aeG3IywfA ++TRMqcnFp74zRWhNLAYhiwXySvxfVkty9TEU8EypfpST1kUvVPfXz70HhyacR3DMme7 ssFA==
X-Forwarded-Encrypted: i=1; AJvYcCWd9cKI1Mn4jL1PfVMKm4kyUrxBMhancdTQ9WI2NOxeOFNyJb8M0tTQZt/sUyoL3CfBxRzXtg==@ietf.org
X-Gm-Message-State: AOJu0YyXJ1cX0nrjWAN8+Nc/w9O5Td77RO2hgzHoTRdlFcNRz+VkDM03 AawVFpjazvWJspG29BduNitSnTxAW/hMXSwFBU3ooPibXHfjJbTPJfAS9fc8U7pQAUYYoUWkQkh ReHAUdW1/tuBadfLx9AOiIxUwEtk=
X-Google-Smtp-Source: AGHT+IHLmPGu+eOIaQJcaEM6wOw0A3JR1BbbbaeHwfH2EQ1jcNhY14AJREJwLRDLDbu1oc+Iv1dUyUOvd5fmCQt1WsI=
X-Received: by 2002:a05:6902:2803:b0:e1c:f184:259a with SMTP id 3f1490d57ef6-e1cfa422738mr5622813276.42.1725452732906; Wed, 04 Sep 2024 05:25:32 -0700 (PDT)
MIME-Version: 1.0
References: <CADNypP_BESkJTXfuv=G9HnLcGwhpSYRggYDZxzaq6-6AaARh0w@mail.gmail.com> <CA+k3eCQOofXBSFz_Ob6y1ZCWjnx4agvFuMOFc6vNWP4c93XTJw@mail.gmail.com>
In-Reply-To: <CA+k3eCQOofXBSFz_Ob6y1ZCWjnx4agvFuMOFc6vNWP4c93XTJw@mail.gmail.com>
From: Dick Hardt <dick.hardt@gmail.com>
Date: Wed, 04 Sep 2024 13:24:55 +0100
Message-ID: <CAD9ie-s4mhFkdTZ1G_+M4SNnTe14moiR-az+UE7JL5_dfQxYKg@mail.gmail.com>
To: Brian Campbell <bcampbell=40pingidentity.com@dmarc.ietf.org>
Content-Type: multipart/alternative; boundary="00000000000038c92906214a45c0"
Message-ID-Hash: W3IXUBAXUMOQY4XITMYXRGJSZPHKZLG7
X-Message-ID-Hash: W3IXUBAXUMOQY4XITMYXRGJSZPHKZLG7
X-MailFrom: dick.hardt@gmail.com
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-oauth.ietf.org-0; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
CC: oauth <oauth@ietf.org>
X-Mailman-Version: 3.3.9rc4
Precedence: list
Reply-To: Dick.Hardt@gmail.com
Subject: [OAUTH-WG] Re: WGLC for SD-JWT
List-Id: OAUTH WG <oauth.ietf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/oauth/CdA3aXIhKwIT25s2rbVnsiVPCUo>
List-Archive: <https://mailarchive.ietf.org/arch/browse/oauth>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Owner: <mailto:oauth-owner@ietf.org>
List-Post: <mailto:oauth@ietf.org>
List-Subscribe: <mailto:oauth-join@ietf.org>
List-Unsubscribe: <mailto:oauth-leave@ietf.org>

A while ago in an in-person meeting I provided feedback that the
introduction was difficult to parse. It still is. A few comments inserted
to illustrate.

I'll raise my hand to provide alternative text if the authors are
interested.

/Dick


> 1.
> <https://www.ietf.org/archive/id/draft-ietf-oauth-selective-disclosure-jwt-12.html#section-1>
> Introduction
>
> <https://www.ietf.org/archive/id/draft-ietf-oauth-selective-disclosure-jwt-12.html#name-introduction>This
> document specifies conventions for creating JSON Web Signature (JWS) [
> RFC7515
> <https://www.ietf.org/archive/id/draft-ietf-oauth-selective-disclosure-jwt-12.html#RFC7515>
> ] structures with JSON [RFC8259
> <https://www.ietf.org/archive/id/draft-ietf-oauth-selective-disclosure-jwt-12.html#RFC8259>
> ] objects as the payload while supporting selective disclosure of
> individual elements of that JSON. Because JSON Web Token (JWT) [RFC7519
> <https://www.ietf.org/archive/id/draft-ietf-oauth-selective-disclosure-jwt-12.html#RFC7519>
> ] is a very prevalent application of JWS with a JSON payload, the
> selective disclosure of JWT claims receives primary treatment herein.
> However, that does not preclude the mechanism's applicability to other
> applications of JWS with JSON payloads.
>

The last two sentences add alot of noise to the first paragraph of what
this document is all about


> The JSON-based representation of claims in a signed JWT is secured against
> modification using JWS digital signatures. A consumer of a signed JWT that
> has checked the signature can safely assume that the contents of the token
> have not been modified. However, anyone receiving an unencrypted JWT can
> read all the claims. Likewise, anyone with the decryption key receiving
> encrypted JWT can also read all the claims.
>


> One of the common use cases of a signed JWT is representing a user's
> identity. As long as the signed JWT is one-time use, it typically only
> contains those claims the user has consented to disclose to a specific
> Verifier. However, there is an increasing number of use cases where a
> signed JWT is created once and then used a number of times by the user (the
> "Holder" of the JWT). In such use cases, the signed JWT needs to contain
> the superset of all claims the user of the signed JWT might want to
> disclose to Verifiers at some point. The ability to selectively disclose a
> subset of these claims depending on the Verifier becomes crucial to ensure
> minimum disclosure and prevent Verifiers from obtaining claims irrelevant
> for the transaction at hand. SD-JWTs defined in this document enable such
> selective disclosure of JWT claims.
>


> One example of a multi-use JWT is an Issuer-signed credential that
> contains the claims about a subject, and whose authenticity can be
> cryptographically verified.
> Similar to the JWT specification on which it builds, this document is a
> product of the Web Authorization Protocol (OAuth) working group. However,
> while both JWT and SD-JWT have potential OAuth 2.0 applications, their
> utility and application is certainly not constrained to OAuth 2.0. JWT was
> developed as a general-purpose token format and has seen widespread usage
> in a variety of applications. SD-JWT is a selective disclosure mechanism
> for JWT and is similarly intended to be general-purpose specification.
> While JWTs with claims describing natural persons are a common use case,
> the mechanisms defined in this document are also applicable to other use
> cases.
>

The above paragraphs are background on what problem is being solved -- but
the writing is difficult to follow


> In an SD-JWT, claims can be hidden, but cryptographically protected
> against undetected modification. "Claims" here refers to both object
> properties (name/value pairs) as well as array elements. When issuing the
> SD-JWT to the Holder, the Issuer includes the cleartext counterparts of all
> hidden claims, the so-called Disclosures, outside the signed part of the
> SD-JWT.
>



> The Holder decides which claims to disclose to a particular Verifier and
> includes the respective Disclosures in the SD-JWT to that Verifier. The
> Verifier has to verify that all disclosed claim values were part of the
> original Issuer-signed JWT. The Verifier will not, however, learn any claim
> values not disclosed in the Disclosures.
>

The Holder and Verifier terms are being introduced here with no context.
The key difference in an SD-JWT and a JWT that the claims are encrypted in
what is signed is not clearly obvious.


> This document also defines a format for SD-JWTs with Key Binding
> (SD-JWT+KB). By optionally sending an SD-JWT+KB to a Verifier, the Holder
> can prove to the Verifier that they hold the private key associated to the
> SD-JWT (i.e., using the cnf claim [RFC7800
> <https://www.ietf.org/archive/id/draft-ietf-oauth-selective-disclosure-jwt-12.html#RFC7800>
> ]). The strength of the binding is conditional upon the trust in the
> protection of the private key of the key pair an SD-JWT is bound to.
>

This does not read as an introduction. Assumes significant knowledge of why
this is useful.


> SD-JWT can be used with any JSON-based representation of claims.
>

repetitive from start of intro


> This specification aims to be easy to implement and to leverage
> established and widely used data formats and cryptographic algorithms
> wherever possible.

<https://www.ietf.org/archive/id/draft-ietf-oauth-selective-disclosure-jwt-12.html#section-1-1>

<https://www.ietf.org/archive/id/draft-ietf-oauth-selective-disclosure-jwt-12.html#section-1-2>

<https://www.ietf.org/archive/id/draft-ietf-oauth-selective-disclosure-jwt-12.html#section-1-3>

<https://www.ietf.org/archive/id/draft-ietf-oauth-selective-disclosure-jwt-12.html#section-1-4>

<https://www.ietf.org/archive/id/draft-ietf-oauth-selective-disclosure-jwt-12.html#section-1-5>

<https://www.ietf.org/archive/id/draft-ietf-oauth-selective-disclosure-jwt-12.html#section-1-6>

<https://www.ietf.org/archive/id/draft-ietf-oauth-selective-disclosure-jwt-12.html#section-1-7>

<https://www.ietf.org/archive/id/draft-ietf-oauth-selective-disclosure-jwt-12.html#section-1-8>

<https://www.ietf.org/archive/id/draft-ietf-oauth-selective-disclosure-jwt-12.html#section-1-9>

<https://www.ietf.org/archive/id/draft-ietf-oauth-selective-disclosure-jwt-12.html#section-1-10>

<https://www.ietf.org/archive/id/draft-ietf-oauth-selective-disclosure-jwt-12.html#section-1-11>
Fluff -- are there specifications that aim to be difficult to implement?


On Tue, Sep 3, 2024 at 4:06 PM Brian Campbell <bcampbell=
40pingidentity.com@dmarc.ietf.org> wrote:

> Thanks Rifaat & Hannes,
>
> In an effort to make the most up-to-date content available for the WGLC
> period, a -12 revision was just recently published, which contains a number
> of editorial improvements.
>
>
> https://www.ietf.org/archive/id/draft-ietf-oauth-selective-disclosure-jwt-12.html
>
> Respectfully,
>  Brian, Kristina, and Dr. Fett
>
>
>
> On Tue, Sep 3, 2024 at 4:40 AM Rifaat Shekh-Yusef <rifaat.s.ietf@gmail.com>
> wrote:
>
>> All,
>>
>> As per the discussion in Vancouver, this is a WG Last Call for the *SD-JWT
>> *document.
>>
>> https://www.ietf.org/archive/id/draft-ietf-oauth-selective-disclosure-jwt-11.html
>>
>> Please, review this document and reply on the mailing list if you have
>> any comments or concerns, by *Sep 17th*.
>>
>> Regards,
>>   Rifaat & Hannes
>> _______________________________________________
>> OAuth mailing list -- oauth@ietf.org
>> To unsubscribe send an email to oauth-leave@ietf.org
>>
>
> *CONFIDENTIALITY NOTICE: This email may contain confidential and
> privileged material for the sole use of the intended recipient(s). Any
> review, use, distribution or disclosure by others is strictly prohibited.
> If you have received this communication in error, please notify the sender
> immediately by e-mail and delete the message and any file attachments from
> your computer. Thank you.*_______________________________________________
> OAuth mailing list -- oauth@ietf.org
> To unsubscribe send an email to oauth-leave@ietf.org
>