Allow verifying SD-JWT VC against type metadata #360
Description
It would be nice to have a feature that checks the presented SD-JWT VC against the (merged) type metadata.
Some checks that it could perform:
- If all fields are declared in the Type Metadata
- I'm not sure this is always needed, since extra claims are not a problem maybe? But according to this issue, that's what the EUDI reference verifier is doing: Unable to verify an sd-jwt that contains nested claims and jti eu-digital-identity-wallet/eudi-srv-verifier-endpoint#400
- If all fields marked as
sd: neverare indeed not-selectively-discloseable - If all fields marked as
sd: alwaysare indeed selectively-discloseable - If all fields marked as
mandatoryare included
I think it should not be a method that throws an error, but just returns the results. So for example it will return:
Naming of keys can be improved ;)
PID Type Metadata exmaple
{
"vct": "urn:eudi:pid:1",
"name": "Type Metadata for Person Identification Data",
"display": [
{
"lang": "en",
"name": "PID",
"description": "Person Identification Data"
}
],
"claims": [
{
"path": [
"iss"
],
"sd": "never"
},
{
"path": [
"nbf"
],
"sd": "never"
},
{
"path": [
"exp"
],
"sd": "never"
},
{
"path": [
"cnf"
],
"sd": "never"
},
{
"path": [
"vct"
],
"sd": "never"
},
{
"path": [
"status"
],
"sd": "never"
},
{
"path": [
"sub"
],
"sd": "never"
},
{
"path": [
"iat"
],
"sd": "never"
},
{
"path": [
"family_name"
],
"display": [
{
"lang": "en",
"label": "Family Name(s)"
}
],
"sd": "always"
},
{
"path": [
"given_name"
],
"display": [
{
"lang": "en",
"label": "Given Name(s)"
}
],
"sd": "always"
},
{
"path": [
"birthdate"
],
"display": [
{
"lang": "en",
"label": "Birth Date"
}
],
"sd": "always"
},
{
"path": [
"place_of_birth"
],
"display": [
{
"lang": "en",
"label": "Birth Place"
}
],
"sd": "always"
},
{
"path": [
"place_of_birth",
"locality"
],
"display": [
{
"lang": "en",
"label": "Locality"
}
],
"sd": "always"
},
{
"path": [
"place_of_birth",
"region"
],
"display": [
{
"lang": "en",
"label": "Region"
}
],
"sd": "always"
},
{
"path": [
"place_of_birth",
"country"
],
"display": [
{
"lang": "en",
"label": "Country"
}
],
"sd": "always"
},
{
"path": [
"nationalities"
],
"display": [
{
"lang": "en",
"label": "Nationality"
}
],
"sd": "always"
},
{
"path": [
"nationalities",
null],
"sd": "always"
},
{
"path": [
"address"
],
"display": [
{
"lang": "en",
"label": "Address"
}
],
"sd": "always"
},
{
"path": [
"address",
"house_number"
],
"display": [
{
"lang": "en",
"label": "House Number"
}
],
"sd": "always"
},
{
"path": [
"address",
"street_address"
],
"display": [
{
"lang": "en",
"label": "Street"
}
],
"sd": "always"
},
{
"path": [
"address",
"locality"
],
"display": [
{
"lang": "en",
"label": "Locality"
}
],
"sd": "always"
},
{
"path": [
"address",
"region"
],
"display": [
{
"lang": "en",
"label": "Region"
}
],
"sd": "always"
},
{
"path": [
"address",
"postal_code"
],
"display": [
{
"lang": "en",
"label": "Postal Code"
}
],
"sd": "always"
},
{
"path": [
"address",
"country"
],
"display": [
{
"lang": "en",
"label": "Country"
}
],
"sd": "always"
},
{
"path": [
"address",
"formatted"
],
"display": [
{
"lang": "en",
"label": "Full Address"
}
],
"sd": "always"
},
{
"path": [
"personal_administrative_number"
],
"display": [
{
"lang": "en",
"label": "Personal Administrative Number"
}
],
"sd": "always"
},
{
"path": [
"picture"
],
"display": [
{
"lang": "en",
"label": "Portrait Image"
}
],
"sd": "always"
},
{
"path": [
"birth_family_name"
],
"display": [
{
"lang": "en",
"label": "Birth Family Name(s)"
}
],
"sd": "always"
},
{
"path": [
"birth_given_name"
],
"display": [
{
"lang": "en",
"label": "Birth Given Name(s)"
}
],
"sd": "always"
},
{
"path": [
"sex"
],
"display": [
{
"lang": "en",
"label": "Sex"
}
],
"sd": "always"
},
{
"path": [
"email"
],
"display": [
{
"lang": "en",
"label": "Email Address"
}
],
"sd": "always"
},
{
"path": [
"phone_number"
],
"display": [
{
"lang": "en",
"label": "Mobile Phone Number"
}
],
"sd": "always"
},
{
"path": [
"date_of_expiry"
],
"display": [
{
"lang": "en",
"label": "Expiry Date"
}
],
"sd": "always"
},
{
"path": [
"issuing_authority"
],
"display": [
{
"lang": "en",
"label": "Issuing Authority"
}
],
"sd": "always"
},
{
"path": [
"issuing_country"
],
"display": [
{
"lang": "en",
"label": "Issuing Country"
}
],
"sd": "always"
},
{
"path": [
"document_number"
],
"display": [
{
"lang": "en",
"label": "Document Number"
}
],
"sd": "always"
},
{
"path": [
"issuing_jurisdiction"
],
"display": [
{
"lang": "en",
"label": "Issuing Jurisdiction"
}
],
"sd": "always"
},
{
"path": [
"date_of_issuance"
],
"display": [
{
"lang": "en",
"label": "Issuance Date"
}
],
"sd": "always"
},
{
"path": [
"trust_anchor"
],
"display": [
{
"lang": "en",
"label": "Trust Anchor"
}
],
"sd": "always"
}
]
}
{ // claims not listed in type metadata "extraClaims": ["jit"], // claims listed as mandatory in the type metadata, but not present in the SD-JWT // might need to split into missing mandatory claims that are vs aren't selectively discloseable (since a verifier can // only determine based on the presented claims). "missingMandatoryClaims": ["address"], // claims that are not selectively discloseable, but should be according to type metadata "invalidNonSelectivelyDisclosableClaims": ["age_over_18"], // claims that are selectively discloseable, but should not be according to type metadat "invalidSelectivelyDisclosableClaims": ["age_over_18"] }