Consider using JSON Web Proofs (once standardized)

Issue #1254 on hold

Jeremie Miller created an issue 2021-06-30

There is work being done to support selective disclosure and un-linkable presentations using a container format that closely follows the JOSE primitives.

The initial proposal is called JSON Web Proof (JWP) and is planned to be initially incubated in the new DIF Applied Cryptography Working Group as an Internet Draft, and from there taken to the IETF for standardization discussions.

Once standardized, JWPs are intended to be usable in OpenID Connect protocol flows nearly identically to JWTs while also supporting SIOP privacy use-case requirements by enabling selective disclosure and the use of zero-knowledge proofs instead of traditional correlatable signatures.

Comments (8)

Michael Jones
I agree with this plan.
- 2021-06-30T00:36:11+00:00
Nat Sakimura
- changed status to open
Discussed at June 30 AB/C Call.
- 2021-07-01T14:40:43+00:00
Kristina Yasuda
Details of the initial discussion are documented in SIOP Special call too.

[Openid-specs-ab] SIOP special topic call notes (2021-06-29)
- 2021-07-01T14:42:09+00:00
Torsten Lodderstedt
Thanks for sharing this draft. I‘ve got a couple of questions:
- What object is issued by a credential provider? Is it the JWP? If so, could you please provide a complete example?
- Is the JWP and every chunk of payload signed by the issuer?
- is every payload supposed to be an individual JWT with an issuer claim?
- what claim is used to resent a cryptographic holder binding?
- Does a JWP have a type? I‘m asking since a verifier will typically ask for a certain credential type (which in turn represents a certain set of claims)
thanks.

‌
- 2021-07-04T10:52:37+00:00
Jeremie Miller reporter
Thanks Torsten, I’ll do my best to comment here while we wait for the DIF Crypto WG to become active.

What object is issued by a credential provider? Is it the JWP? If so, could you please provide a complete example?

Yes, a JWP would be issued by a credential provider or issuing authority. We’re working on transitioning the hackmd to a more proper git-hosed internet draft and will definitely be improving the examples.

Is the JWP and every chunk of payload signed by the issuer?

The header and payload chunks are given to the crypto algorithm individually so that it can operate on them as individual messages in order to support a later selective disclosure step.

is every payload supposed to be an individual JWT with an issuer claim?

what claim is used to resent a cryptographic holder binding?

JWPs are analogous to JWSes, they are just the container format and not defining claims. There will need to be work done to define a JWT that uses JWPs instead of JWSes.

Does a JWP have a type? I‘m asking since a verifier will typically ask for a certain credential type (which in turn represents a certain set of claims)

If successful eventually taking this through the IETF I’d expect it to be under the application/jose content type. Any other typing information I expect will be part of the work to map JWTs atop a JWP container.
- 2021-07-05T22:45:42+00:00
Kristina Yasuda
Updated spec is here I believe: https://github.com/json-web-proofs/json-web-proofs/blob/main/draft-jmiller-json-web-proof.md
- 2021-08-30T21:58:04+00:00
Kristina Yasuda
and it has been adopted as a working item in DIF Crypto WG: https://github.com/decentralized-identity/crypto-wg/blob/main/work_items/json_web_proof.md
- 2021-08-30T21:59:47+00:00
Kristina Yasuda
- changed status to on hold
- 2023-01-11T18:24:03+00:00
Log in to comment

Assignee: –

Type: proposal

Priority: major

Status: on hold

Component: SIOP

Milestone: –

Version: –

Votes: 0

Watchers: 1