slides: https://cvs.data.kit.edu/talks/2404-gn-di-cred-flow/

SD-JWT

• JWT for Selective Disclosure. https://www.ietf.org/archive/id/draft-fett-oauth-selective-disclosure-jwt-02.html
• Flow:
  • Issuer passes two objects to the holder:
    • SD-JWT (signed JWT, contains CLAIMs, HASHES OF VALUES, and a signature)
    • SD-JWT-SVC (Salt Value Container, contains CLAIMs, SALTS, and JSON-Encoded VALUES)
  • Holder
    • creates SD-JWT-R (unsigned subset of the SD-JWT-SVC) i.e. holder can see the values of the claims that are released.
    • passes SD-JWT and SD-JWT-R to the verifier
  • Verifier
    • Uses salts to verify hashes
    • Can then trust the SD-JWT
• Extensions allow for "holder binding" to eliminate replay attacks.
• Pros:
  • User sees values that are passed on
  • User is in charge of the selection of claims
• Cons:
  • Breaks existing JWT flows

JSON-LD

• JSON for Linked Data https://json-ld.org/
• Extension of JSON with "@-Claims" that point to external resources
• Most prominent: "@context" which links to a schema that describes the JSON at hand
• Why is this relevant?: (I think) it provides a way to pass around arbitrary JSONs from Issuer via Holder to Verifier.
  • The wallet software does not need to understand the JSON a-priori (e.g. at development time)

ELM-V3

• European Learning Model https://htmlpreview.github.io/?https://github.com/european-commission-empl/European-Learning-Model/blob/master/rdf/ap/edc/documentation/EDC-generic-no-cv.html#evidence
• Extensive (extremely overly complicated) model to define all kinds of learning: over 480 properties to capture and validate all types of learning
• Based on
  • JSON-LD
  • Verifiable Credentials: https://www.w3.org/2018/credentials/

OpenBadges-2.0

• https://www.imsglobal.org/sites/default/files/Badges/OBv2p0Final
• json-ld specification: https://openbadgespec.org/v2/context.json
• Less complex than ELM
• Focussed on learning, attesting an achievement
• Signed (is it a JWT?)
• Typical quote:
  • "The Assertion issuer is authorized to award Assertions of the declared BadgeClass (typically by being the issuer of the BadgeClass.)"

  • "Additional checks may ensure that:  The issuer Profile awarding the Assertion is trusted to have declared accurate information about its identity (typically via Endorsement)."

  • => freely translated by Marcus: "We do not have a trust model yet"

Trust Modelling

• Nice read: https://medium.com/@leifj/trust-does-not-scale-94bab5b67f5c
• eduGAIN
• EBSI
• OID-Fed
• ToIP Whitepaper
  • Intermediaries (as in Federated Identities) are bad: "Trust Gap" from scaling up
  • Intermediaries (as in DI) are good
  • Describes the trust between Issuer and Verifier
    • Pretty much a "cloudy" kind of thing => This is where (IMO) eduGAIN and OID-Fed have strongest points
• New concept: Holder Binding