generated from martinthomson/internet-draft-template
-
Notifications
You must be signed in to change notification settings - Fork 2
/
Copy pathgeneric-sd-cwt.cddl
55 lines (50 loc) · 1.26 KB
/
generic-sd-cwt.cddl
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
sd-cwt = #6.18([
protected: bstr .cbor sd-protected,
unprotected,
payload: bstr .cbor sd-payload,
signature: bstr
])
sd-protected = {
&(alg: 1): int,
&(typ: 16): text,
* key => any
}
unprotected = {
? &(sd_claims: TBD1): [ +salted ],
? &(sd_kbt: TBD2): bstr, ;.cbor sd-cwt-kbt,
* key => any
}
sd-payload = {
; standard claims
? &(iss: 1): tstr, ; "https://issuer.example"
? &(sub: 2): tstr, ; "https://device.example"
&(aud: 3): tstr, ; "https://verifier.example"
? &(exp: 4): int, ; 1883000000
? &(nbf: 5): int, ; 1683000000
&(iat: 6): int, ; 1683000000
? &(cnf: 8): { * key => any }, ; key confirmation
? &(cnonce: 39): bstr
;
; sd-cwt new claims
? &(sd_hash: TBD3): bstr, ;
? &(sd_alg: TBD4): int, ; -16 for sha-256
? &(redacted_keys: TBD5): [ * bstr ]
* key => any
}
;redacted_element = { "...": bstr }
salted = salted-claim / salted-element
salted-claim = bstr .cbor [
bstr ;.size 16, ; 128-bit salt
(int / text), ; claim name
any ; claim value
]
salted-element = bstr .cbor [
bstr ;.size 16, ; 128-bit salt
any ; claim value
]
key = int / text
TBD1 = 1111
TBD2 = 1112
TBD3 = 1113
TBD4 = 1114
TBD5 = 1115