You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 3 Next »

SD-JWT

  • JWT for Selective Disclosure. https://www.ietf.org/archive/id/draft-fett-oauth-selective-disclosure-jwt-02.html
  • Flow:
    • Issuer passes two objects to the holder:
      • SD-JWT (signed JWT, contains CLAIMs, HASHES OF VALUES, and a signature)
      • SD-JWT-SVC (Salt Value Container, contains CLAIMs, SALTS, and JSON-Encoded VALUES)
    • Holder
      • creates SD-JWT-R (unsigned subset of the SD-JWT-SVC) i.e. holder can see the values of the claims that are released.
      • passes SD-JWT and SD-JWT-R to the verifier
    • Verifier
      • Uses salts to verify hashes
      • Can then trust the SD-JWT
  • Extensions allow for "holder binding" to eliminate replay attacks.
  • Pros:
    • User sees values that are passed on
    • User is in charge of the selection of claims
  • Cons:
    • Breaks existing JWT flows

ELM-V3

OpenBadges-2.0

  • https://www.imsglobal.org/sites/default/files/Badges/OBv2p0Final
  • json-ld specification: https://openbadgespec.org/v2/context.json
  • Less complex than ELM
  • Focussed on learning, attesting an achievement
  • Signed (is it a JWT?)
  • Typical quote:
    • "The Assertion issuer is authorized to award Assertions of the declared BadgeClass (typically by being the issuer of the BadgeClass.)"

    • "Additional checks may ensure that:  The issuer Profile awarding the Assertion is trusted to have declared accurate information about its identity (typically via Endorsement)."

    • => freely translated by Marcus: "We do not have a trust model yet"


Trust Modelling



  • No labels