diff --git a/draft-ietf-oauth-sd-jwt-vc.md b/draft-ietf-oauth-sd-jwt-vc.md index dad0f50d..dd5ee6a6 100644 --- a/draft-ietf-oauth-sd-jwt-vc.md +++ b/draft-ietf-oauth-sd-jwt-vc.md @@ -277,13 +277,13 @@ MUST NOT have any Disclosures. ## Example {#vc-sd-jwt-example} -The following is a non-normative example of an unsecured payload of an +The following is a non-normative example of the user data of an unsecured payload of an SD-JWT VC. <{{examples/01/user_claims.json}} The following is a non-normative example of how the unsecured payload of the -SD-JWT VC above can be used in a SD-JWT where the resulting SD-JWT VC contains +SD-JWT VC above can be used in an SD-JWT where the resulting SD-JWT VC contains only claims about the Subject that are selectively disclosable: <{{examples/01/sd_jwt_payload.json}} @@ -299,6 +299,8 @@ The SD-JWT and the Disclosures would then be serialized by the Issuer into the f <{{examples/01/sd_jwt_issuance.txt}} +Examples of what presentations of SD-JWT VCs might look like are provided in (#presentation-examples). + ## Verification and Processing {#vc-sd-jwt-verification-and-processing} The recipient (Holder or Verifier) of an SD-JWT VC MUST process and verify an @@ -356,19 +358,27 @@ JWT MUST adhere to the rules defined in Section 5.3 of The Key Binding JWT MAY include additional claims which, when not understood, MUST be ignored by the Verifier. -## Examples +## Examples {#presentation-examples} The following is a non-normative example of a presentation of the SD-JWT shown in (#vc-sd-jwt-example) including a Key Binding JWT. -In this presentation, the Holder provides only the Disclosure for the `address` claim. +In this presentation, the Holder provides only the Disclosures for the `address` and `is_over_65` claims. Other claims are not disclosed to the Verifier. <{{examples/01/sd_jwt_presentation.txt}} -The following example shows a presentation of a (different) SD-JWT without a +After validation, the Verifier will have the following processed SD-JWT payload available for further handling: + +<{{examples/01/verified_contents.json}} + +The following example shows a presentation of a (similar but different) SD-JWT without a Key Binding JWT: <{{examples/02/sd_jwt_presentation.txt}} +The Verifier will have the following processed SD-JWT payload after validation: + +<{{examples/02/verified_contents.json}} + # JWT VC Issuer Metadata {#jwt-vc-issuer-metadata} This specification defines the JWT VC Issuer Metadata to retrieve the JWT VC @@ -1101,7 +1111,7 @@ be used to represent the concept of a Person Identification Data (PID) Key Binding is applied using the Holder's public key passed in a `cnf` claim in the SD-JWT. -The Issuer is using the following input claims set: +The following data about the citizen comprises the input JWT Claims Set used by the Issuer: <{{examples/03-pid/user_claims.json}} @@ -1109,15 +1119,15 @@ The following is the issued SD-JWT: <{{examples/03-pid/sd_jwt_issuance.txt}} -The following payload is used for the SD-JWT: +This is the payload of that SD-JWT: <{{examples/03-pid/sd_jwt_payload.json}} -The following Disclosures are created by the Issuer: +The digests in the SD-JWT payload reference the following Disclosures: {{examples/03-pid/disclosures.md}} -The following shows a presentation of the SD-JWT with a Key Binding JWT that discloses only nationality and the fact that the person is over 18 years old: +This shows a presentation of the SD-JWT with a Key Binding JWT that discloses only nationality and the fact that the person is over 18 years old: <{{examples/03-pid/sd_jwt_presentation.txt}} @@ -1125,7 +1135,7 @@ The following is the payload of a corresponding Key Binding JWT: <{{examples/03-pid/kb_jwt_payload.json}} -After the validation, the Verifier will have the following data for further processing: +After validation, the Verifier will have the following processed SD-JWT payload available for further handling: <{{examples/03-pid/verified_contents.json}} @@ -1148,6 +1158,10 @@ for their contributions (some of which substantial) to this draft and to the ini # Document History +-05 + +* Clarify, add context, or otherwise improved the examples + -04 * update reference to IETF Status List diff --git a/examples/01/specification.yml b/examples/01/specification.yml index 8fb8a387..041a57c7 100644 --- a/examples/01/specification.yml +++ b/examples/01/specification.yml @@ -16,6 +16,7 @@ user_claims: holder_disclosed_claims: address: true + is_over_65: true key_binding: true diff --git a/examples/02/specification.yml b/examples/02/specification.yml index c9016e38..b16b137c 100644 --- a/examples/02/specification.yml +++ b/examples/02/specification.yml @@ -18,6 +18,7 @@ user_claims: holder_disclosed_claims: address: true + is_over_65: true key_binding: false