New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Adapt PID rulebook to latest SD-JWT VC #160
base: main
Are you sure you want to change the base?
Adapt PID rulebook to latest SD-JWT VC #160
Conversation
Co-authored-by: Giuseppe De Marco <giuseppe.demarco@teamdigitale.governo.it>
Co-authored-by: Christian Bormann <8774236+c2bo@users.noreply.github.com>
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
only editorials by my side, some further readings makes me more sensible from the reader perspective. I consider this approved even If I'm requesting these trivial editorials
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I don't think I have any power to approve here but looks good to me
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Looks great to me.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
IMO, this looks good and fills an important gap in the specification. I really appreciate this addition.
Co-authored-by: Oliver Terbu <o.terbu@gmail.com>
Co-authored-by: Giuseppe De Marco <giuseppe.demarco@teamdigitale.governo.it>
respective URLs as defined in the SD-JWT VC specification. | ||
|
||
Note: It is to be discussed whether the EU-wide PID type should be | ||
defined using a URN or a URL. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Here I suggest to add this a note: PID rulebook has been adapted to be compatible with SD-JWT VC and to work in the direction proposed in SD-JWT VC DM.
Co-authored-by: Daniel Fett <mail@danielfett.de>
| `age_over_NN` | `age_equal_or_over/NN` | NN property name is a string. *) | | ||
| `family_name_birth` | `birth_family_name` | | | ||
| `given_name_birth` | `birth_given_name` | | | ||
| `birth_place` | `place_of_birth/locality` | *) | |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
birth_place
and birth_city
are both mapped to place_of_birth/locality
Is this correct?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Have we truly identified a use case that necessitates the birth_city
field when we already have birth_place
?
Are there legal documents that simultaneously capture both the city and another place, and if so, is the place in this case more or less generic than the city (part of the city or region the city belongs to)?
If not, it appears that the birth_city
field is redundant since birth_place
could adequately contain its value.
Removing the birth_city
field aligns this table with IANA's place_of_birth
definition (locality
).
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
That would require changes to 5.1.1.2 first which seems to be outside of the scope of this PR (but I do believe would be a good idea)
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I agree and would support a separate PR for that.
The proposed claim set does not seem to include a claim that would specify the namespace/credential type Consider the following presentation definition with which an RP requests {
"id": "foobar",
"vp_formats": {
"vc+sd-jwt": {
"sd-jwt_alg_values": [
"ES256"
],
"kb-jwt_alg_values": [
"ES256"
]
}
},
"input_descriptors": [
{
"id": "given_name",
"constraints": {
"fields": [
{
"path": [
"$.credential_type"
],
"filter": {
"const": "eu.europa.ec.eudi.pid.1"
}
},
{
"path": [
"$.given_name"
],
"filter": {
"type": "string"
}
}
]
}
}
]
} Also, the claim set does not include
If the RPs instead selected using {
"id": "foobar",
"vp_formats": {
"vc+sd-jwt": {
"sd-jwt_alg_values": [
"ES256"
],
"kb-jwt_alg_values": [
"ES256"
]
}
},
"input_descriptors": [
{
"id": "given_name",
"constraints": {
"fields": [
{
"path": [
"$.credential_type"
],
"filter": {
"const": "eu.europa.ec.eudi.pid.1"
}
},
{
"path": [
"$.issuing_country"
],
"filter": {
"const": "DE"
}
},
{
"path": [
"$.given_name"
],
"filter": {
"type": "string"
}
}
]
}
}
]
} |
The current description of the usage of SD-JWT in the PID rulebook is not sufficient to result in PID attestations that are compatible to existing conventions and standards like JWTs and SD-JWT VC in particular. The changes proposed here adapt the PID rulebook to be compatible with SD-JWT VC and to work in the direction proposed in SD-JWT VC DM.
The goal is also to make the best usage of SD-JWT VC Type Metadata, even though not all parts of that have made it into SD-JWT VC yet. This allows for automated discovery and processing of type metadata, like schemas (e.g., for relying parties) and rendering information