IETF Logo Mail Archive

[OAUTH-WG] Re: SD-JWT architecture feedback

Daniel Fett <mail@danielfett.de> Sat, 21 September 2024 14:28 UTC

Return-Path: <mail@danielfett.de>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3968CC14F5FE for <oauth@ietfa.amsl.com>; Sat, 21 Sep 2024 07:28:16 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.105
X-Spam-Level:
X-Spam-Status: No, score=-2.105 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=danielfett.de
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id p4joBDjrfAAN for <oauth@ietfa.amsl.com>; Sat, 21 Sep 2024 07:28:11 -0700 (PDT)
Received: from mout-p-201.mailbox.org (mout-p-201.mailbox.org [80.241.56.171]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-256) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id BA708C14F5FC for <oauth@ietf.org>; Sat, 21 Sep 2024 07:28:09 -0700 (PDT)
Received: from smtp2.mailbox.org (smtp2.mailbox.org [IPv6:2001:67c:2050:b231:465::2]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by mout-p-201.mailbox.org (Postfix) with ESMTPS id 4X9s6r3T6zz9sQm; Sat, 21 Sep 2024 16:28:04 +0200 (CEST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=danielfett.de; s=MBO0001; t=1726928884; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: in-reply-to:in-reply-to:references:references:autocrypt:autocrypt; bh=ekUJXoLRE+cdSkVu0UFQd7EqBLw1iFztatQv2sM+Xig=; b=I9E89DWMTvvMxOmpTfVA1uM1PeJjCRF9lezv3JlZRwZ7FLyoSmhuyRzbYANhwKhhv9StgJ yu3eq53RX2WC4IylZtNjhTBZgEqCJgMYe3pd1vlVQZ5vGaR+0Bqvr0P5WCIb7OB+MngasP SZfvNTw0IaVmRaI0MINH3iVVCJnDKMzI78BC95oofstB/ZsgpDP8ZPlfQ7BLZ72W2VX9C2 DvMyoRBJ/wJbTqzju4SeXE51ic6rmLpHg0hKi3gsMyWLLEaWs9BXmnB8OXtz9mpubLB6yI N44M4aedBYuwyDXWVkopvBGOWAR//7tTu+bOraJkRnXLdNnewOAagAob5NMN3g==
Content-Type: multipart/alternative; boundary="------------HtRRhhZn8ijYb4f1fNfeRu9r"
Message-ID: <e64eb21d-1ef4-4352-9c74-ffbb853ce3da@danielfett.de>
Date: Sat, 21 Sep 2024 16:28:02 +0200
MIME-Version: 1.0
To: Dick.Hardt@gmail.com, oauth@ietf.org
References: <CAD9ie-s9kricU8_VBBucQMob-n1jWN5xHd5Ymck=biUWqpH9yQ@mail.gmail.com>
From: Daniel Fett <mail@danielfett.de>
Content-Language: en-US
Autocrypt: addr=mail@danielfett.de; keydata= xjMEZVtP1hYJKwYBBAHaRw8BAQdAnfQRnVGKVUpdbc4qBhwIfryncOMAa1XjIFTAysHFgmXN IERhbmllbCBGZXR0IDxtYWlsQGRhbmllbGZldHQuZGU+wo8EExYIADcWIQTZQBZqxnGfR0Z5 iv7gQ6HKpmkhyAUCZVtP1gUJBaOagAIbAwQLCQgHBRUICQoLBRYCAwEAAAoJEOBDocqmaSHI NzcA/iNXFgwxZqvdaCDTRNib4iq82zFwXl3KwKYgL06xityzAQDIe7hIw6KnGaztTZsRXSvi +9srzbMJdDqVtC1n4A+YCs44BGVbT9cSCisGAQQBl1UBBQEBB0AwPb4iR2rn5k5DT4vAbYNK Oe4CMgQnwWexMYZFlAL0MwMBCAfCfgQYFggAJhYhBNlAFmrGcZ9HRnmK/uBDocqmaSHIBQJl W0/XBQkFo5qAAhsMAAoJEOBDocqmaSHI0Z8A/jd8Id2bvz6/D71d6HPvXZ+2z2BXzOd7MemE 9hHN+y6kAP44pe/GY97tvIZQa8aSinFJzDfbIVph6cUDlnPiwLjJDg==
In-Reply-To: <CAD9ie-s9kricU8_VBBucQMob-n1jWN5xHd5Ymck=biUWqpH9yQ@mail.gmail.com>
X-Rspamd-Queue-Id: 4X9s6r3T6zz9sQm
Message-ID-Hash: PXJQSX6FS3AV2Z5AC26FRDDJAT5VVZCS
X-Message-ID-Hash: PXJQSX6FS3AV2Z5AC26FRDDJAT5VVZCS
X-MailFrom: mail@danielfett.de
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-oauth.ietf.org-0; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
CC: kristina@sfc.keio.ac.jp
X-Mailman-Version: 3.3.9rc4
Precedence: list
Subject: [OAUTH-WG] Re: SD-JWT architecture feedback
List-Id: OAUTH WG <oauth.ietf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/oauth/M8p_6Vn55pHCoUYWuujSr2YiqZY>
List-Archive: <https://mailarchive.ietf.org/arch/browse/oauth>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Owner: <mailto:oauth-owner@ietf.org>
List-Post: <mailto:oauth@ietf.org>
List-Subscribe: <mailto:oauth-join@ietf.org>
List-Unsubscribe: <mailto:oauth-leave@ietf.org>

Hi Dick,

Am 21.09.24 um 06:41 schrieb Dick Hardt:
> Hey Brian, Kristina, Daniel
>
> I appreciate you have been working on this for a while, and this 
> feedback is last minute, and people have already working code that 
> works with it -- so this is unlikely to be welcome feedback -- but in 
> the spirit of wanting what is best long term, here it is.

You are unfortunately correct - not only have we been working on this 
for a while now, we also discussed many of the points you list below 
already. Since not all of those discussions happened here on the mailing 
list, I'll link to the relevant Github issues where appropriate.

>
> *Token Separators*
> It is not clear to me why the disclosures are an arbitrary array of 
> '~' separated items. It seems very odd to me as a developer. Why not 
> have a 4th '.' separated string that is base64 URL encoded JSON array 
> of the disclosures? The header includes the 'typ' so that a parser 
> knows what all the following components are and how many there are.
If you use a JSON array for the disclosures, you need to 
double-base64-url-encode all disclosures, needlessly increasing the size 
of the SD-JWT(-KB). Please read these issues:

https://github.com/oauth-wg/oauth-selective-disclosure-jwt/issues/36

https://github.com/oauth-wg/oauth-selective-disclosure-jwt/issues/180

https://github.com/oauth-wg/oauth-selective-disclosure-jwt/issues/37

>
> *Disclosure Format*
> On the format of the disclosures, the implicit semantics of the order 
> of items in an array is a throwback to data formats of the last 
> century. We are using JSON, let's have it be an object where we name 
> each item.

We had that in the beginning, but the consensus was that we don't want 
to increase the size by using named object properties. Short 
single-letter properties were considered as well, but didn't add much 
value over an array.

>
> *Array Disclosure*
> Is this really needed? The only example I saw was for multiple 
> citizenships. Would the issuer of an SD-JWT that contains a subject's 
> citizenship not be the country who they are a citizen of? Why would 
> another country be authoritative that the subject is a citizen of 
> another country? In the example, it is hard to imagine a 
> verifier trusting the US to say someone is a DE citizen, or vice 
> versa. The array of age claims in example A.3 does not need the non 
> intuitive '...' array mechanism.

Yes, it is needed. First of all, SD-JWT can be used universally, not 
just for credentials. Second, even if used for credentials, there are 
many types of credentials where there is a use case for disclosing only 
some array values. Take an education credential as an example, where the 
holder may want to disclose only relevant courses and grades. You'll 
find more use cases in the examples in the appendix.

A bit besides the point, but in the EU context we do in fact plan for 
credentials attesting other nationalities (and have good reasons to do 
so, here PID credentials derived from the eID card for EU citizens, see 
https://bmi.usercontent.opencode.de/eudi-wallet/eidas-2.0-architekturkonzept/functions/00-pid-issuance-and-presentation/#pid-contents 
for details).

> Taking this out would simplify implementations.
Fluff -- are there features that, when removed, would not simplify 
implementations?
>
> *Claim Names*
> Why do the claims start with '_'? Why not just 'sd' and 'sda'? Why is 
> '_sd_alg' in the payload and not in the header?

While the underscore doesn't officially have any special meaning, adding 
it reduces the chance for collisions with existing claims and makes the 
SD-JWT-related claims sort nicely. All SD-related claims are in the 
payload, that's why we put _sd_alg there as well.

>
> *Explicit Typing*
> Why leave the typing in the header to be determined by the application 
> (10.11), and not just be 'sd-jwt' and be REQUIRED?

We had extensive discussions around typing, please refer to the 
following issues:

- https://github.com/oauth-wg/oauth-selective-disclosure-jwt/issues/267

- https://github.com/oauth-wg/oauth-selective-disclosure-jwt/issues/327

- https://github.com/oauth-wg/oauth-selective-disclosure-jwt/issues/345


-Daniel

v2.37.1 | Report a Bug | By Email | System Status