Internet DRAFT - draft-ietf-jose-json-proof-token
draft-ietf-jose-json-proof-token
jose J. Miller
Internet-Draft Ping Identity
Intended status: Standards Track M. Jones
Expires: 2 September 2024 Self-Issued Consulting
D. Waite
Ping Identity
1 March 2024
JSON Proof Token
draft-ietf-jose-json-proof-token-03
Abstract
JSON Proof Token (JPT) is a compact, URL-safe, privacy-preserving
representation of claims to be transferred between three parties.
The claims in a JPT are encoded as base64url-encoded JSON objects
that are used as the payloads of a JSON Web Proof (JWP) structure,
enabling them to be digitally signed and selectively disclosed. JPTs
also support reusability and unlinkability when using Zero-Knowledge
Proofs (ZKPs).
Status of This Memo
This Internet-Draft is submitted in full conformance with the
provisions of BCP 78 and BCP 79.
Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF). Note that other groups may also distribute
working documents as Internet-Drafts. The list of current Internet-
Drafts is at https://datatracker.ietf.org/drafts/current/.
Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress."
This Internet-Draft will expire on 2 September 2024.
Copyright Notice
Copyright (c) 2024 IETF Trust and the persons identified as the
document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents (https://trustee.ietf.org/
license-info) in effect on the date of publication of this document.
Please review these documents carefully, as they describe your rights
Miller, et al. Expires 2 September 2024 [Page 1]
�
Internet-Draft json-proof-token March 2024
and restrictions with respect to this document. Code Components
extracted from this document must include Revised BSD License text as
described in Section 4.e of the Trust Legal Provisions and are
provided without warranty as described in the Revised BSD License.
Table of Contents
1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2
2. Conventions and Definitions . . . . . . . . . . . . . . . . . 3
3. Background . . . . . . . . . . . . . . . . . . . . . . . . . 3
4. Design Considerations . . . . . . . . . . . . . . . . . . . . 3
4.1. Unlinkability . . . . . . . . . . . . . . . . . . . . . . 3
4.2. Selective Disclosure . . . . . . . . . . . . . . . . . . 4
4.3. Familiarity . . . . . . . . . . . . . . . . . . . . . . . 4
4.4. Proofs . . . . . . . . . . . . . . . . . . . . . . . . . 4
5. Claim Names . . . . . . . . . . . . . . . . . . . . . . . . . 4
6. Claims . . . . . . . . . . . . . . . . . . . . . . . . . . . 5
7. Payloads . . . . . . . . . . . . . . . . . . . . . . . . . . 6
7.1. Disclosed . . . . . . . . . . . . . . . . . . . . . . . . 6
7.2. Proof Methods . . . . . . . . . . . . . . . . . . . . . . 6
8. Example JPT . . . . . . . . . . . . . . . . . . . . . . . . . 6
9. Security Considerations . . . . . . . . . . . . . . . . . . . 7
10. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 7
11. References . . . . . . . . . . . . . . . . . . . . . . . . . 7
11.1. Normative References . . . . . . . . . . . . . . . . . . 7
11.2. Informative References . . . . . . . . . . . . . . . . . 7
Appendix A. Acknowledgements . . . . . . . . . . . . . . . . . . 7
Appendix B. Document History . . . . . . . . . . . . . . . . . . 8
Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 8
1. Introduction
JSON Proof Token (JPT) is a compact claims representation format
intended to be used in the same ways as a JSON Web Token (JWT), but
with additional support for selective disclosure and unlinkability.
JPTs encode claim values to be transmitted as payloads of a JSON Web
Proof (JWP) [I-D.ietf-jose-json-web-proof]. JPTs are always
represented using the JWP Compact Serialization. The corresponding
claim names are not transmitted in the payloads and are stored in a
separate structure that can be externalized and shared across
multiple JPTs.
Miller, et al. Expires 2 September 2024 [Page 2]
�
Internet-Draft json-proof-token March 2024
| Editor's Note: This draft is still early and incomplete. There
| will be significant changes to the algorithms as currently defined
| here. Please do not use any of these definitions or examples for
| anything except personal experimentation and learning.
| Contributions and feedback are welcomed at https://github.com/
| json-web-proofs/json-web-proofs (https://github.com/json-web-
| proofs/json-web-proofs).
2. Conventions and Definitions
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
"SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and
"OPTIONAL" in this document are to be interpreted as described in BCP
14 [RFC2119] [RFC8174] when, and only when, they appear in all
capitals, as shown here.
3. Background
JWP defines a container binding together a protected header, one or
more payloads, and a cryptographic proof. It does not define how
claims are organized into payloads and what formats they are in.
JPTs are intended to be as close to a JWT as possible, while also
supporting the selective disclosure and unlinkability of JWPs.
4. Design Considerations
The rationale behind the design for JSON Proof Tokens is important
when considering how it is structured. These sections detail the
underlying reasoning informing the JPT design.
4.1. Unlinkability
Supporting unlinkability is perhaps the most challenging design
constraint for JPTs. Even the smallest oversight can introduce a
subtle vector for relying parties to collude and correlate one or
more subjects across their usage.
The principal tools to prevent this are data minimization and
uniformity. The data included in a JPT SHOULD be minimized to remove
potential correlation points. The data SHOULD contain only values
that are able to be selectively disclosed with consent or transformed
by the proof algorithm when presented.
Any other data that is repeated across multiple JPTs is externalized
so that it is uniform across every issuance. This includes
preventing the usage of optional headers, dynamic mapping of claims
to payloads, changes to how many payloads are included, and the
ordering of the payloads.
Miller, et al. Expires 2 September 2024 [Page 3]
�
Internet-Draft json-proof-token March 2024
4.2. Selective Disclosure
While JWPs provide the underling structure for easily supporting
selective disclosure, JPTs must go a step further to ensure that
holders can effectively provide choice and consent on exactly what is
being disclosed. Software using JWPs MUST know the mappings from
payloads to claims. All disclosed payloads MUST be mapped to claims
and made accessible to the application. Holders SHOULD understand
the semantics of all potentially disclosed claims to the extent
needed to decide whether to disclose them. JPTs SHOULD NOT contain
claims that are intended only for a specific verifier.
4.3. Familiarity
JPTs are intended to be as close to a JWT as possible in order to
provide the simplest transition for any JWT-based system to add
support for JPTs.
Although there are some stark differences in the lifecycle of a JPT,
from the application's perspective, the interface to a JPT can be
made fairly similar: a JSON object containing a mix of required and
optional claims with well-understood values.
The most significant divergence required by JPTs is that of
supporting values that may be disclosed or may instead only be a
proof about the value. Applications are required to interact with
the JPT on a payload-by-payload basis instead of just verifying a JWT
and then being able to interact with the JSON body directly.
4.4. Proofs
To generate a variety of efficient ZKPs of knowledge, range,
membership, or other predicates, it is essential that each individual
payload is only a single claim value. This greatly simplifies the
task of linking a derived proof of a given claim to the specific
payload that was also signed by the issuer. While JPTs support
claims that have complex object or array compound values, they also
allow for simple claim values such as JSON strings, numbers, and
booleans that can be used directly in generating predicate proofs.
5. Claim Names
It is RECOMMENDED that the claim names used with JPTs come from those
in the IANA JSON Web Token Claims Registry [IANA.JWT.Claims]
established by [RFC7519], when those fit the application's needs.
Miller, et al. Expires 2 September 2024 [Page 4]
�
Internet-Draft json-proof-token March 2024
6. Claims
A JSON Proof Token assigns each playload a claim name. Payloads MUST
each have a negotiated and understood claim name within the
application context. The simplest solution to establish payload
claim names is as an ordered array that aligns with the included
payloads. This claims array can be conveniently included in the
Issuer Protected Header using the claims key.
All payloads are claim values and MUST be the base64url encoding of
the UTF-8 representation of a JSON value. That said, predicate
proofs derived from payload values are not represented as claims;
they are contained in the presentation proof using algorithm-specific
representations.
The following is an example JWP Issuer Protected Header that includes
a claims property:
{
"kid": "HjfcpyjuZQ-O8Ye2hQnNbT9RbbnrobptdnExR0DUjU8",
"alg": "BBS-DRAFT-5",
"claims": [
"iat",
"exp",
"family_name",
"given_name",
"email",
"address",
"age_over_21"
]
}
In this example, the "iat" and "exp" would be JSON-formatted numbers,
"family_name", "given_name" and "email" would be JSON strings (in
quotes), "address" would be a JSON object and "age_over_21" would be
expected to be either true or false.
When the claims array is transferred as a property in the Issuer
Protected Header, any variations of that array between JWP will be
visible to the verifier, and can leak information about the subject
or provide an additional vector for linkability. Given the privacy
design considerations around linkability, it is RECOMMENDED that the
claims are defined external to an individual JPT and either
referenced or known by the application context.
To facilitate this external definition of the claim names, an
additional cid key is defined with a required digest value calculated
as defined here. This cid can be used similar to a kid in order to
Miller, et al. Expires 2 September 2024 [Page 5]
�
Internet-Draft json-proof-token March 2024
ensure that is it possible to externally resolve and then verify that
the correct list of claim names is being used when processing the
payloads containing the claim values.
If there is an associated JWK containing the signing key information,
the claims key is also registered there as a convenient location for
the claim names.
The following is an example JWP Protected Header that includes a cid:
{
"kid": "HjfcpyjuZQ-O8Ye2hQnNbT9RbbnrobptdnExR0DUjU8",
"alg": "BBS",
"cid": "guA8PAI14Gkn4273f1rR606yMbRMFg4y"
}
7. Payloads
| Editor's Note: This section is incomplete. Use it only as an
| indicator of the intended direction.
Application resolves each claim as required when processing the JPT.
Resolution can result in one of three things: 1. A disclosed JSON
value 2. A custom proof method 3. A null value
7.1. Disclosed
Always an octet string of valid JSON text.
7.2. Proof Methods
* proof methods can be returned instead of a disclosed payload
* these are generated by the algorithm from information in the JWP's
proof value
* a proof method may be custom based on the capabilities of the
algorithm
* define common proof method types available?
- range
- membership
- time
- knowledge
- linking
8. Example JPT
See the [I-D.ietf-jose-json-web-proof] appendix.
Miller, et al. Expires 2 September 2024 [Page 6]
�
Internet-Draft json-proof-token March 2024
9. Security Considerations
* Protected Header Minimization
10. IANA Considerations
This document has no IANA actions.
11. References
11.1. Normative References
[I-D.ietf-jose-json-web-proof]
Miller, J., Waite, D., and M. B. Jones, "JSON Web Proof",
Work in Progress, Internet-Draft, draft-ietf-jose-json-
web-proof-02, 21 October 2023,
<https://datatracker.ietf.org/doc/html/draft-ietf-jose-
json-web-proof-02>.
[RFC7519] Jones, M., Bradley, J., and N. Sakimura, "JSON Web Token
(JWT)", RFC 7519, DOI 10.17487/RFC7519, May 2015,
<https://www.rfc-editor.org/info/rfc7519>.
11.2. Informative References
[IANA.JWT.Claims]
IANA, "JSON Web Token Claims",
<https://www.iana.org/assignments/jwt>.
[RFC2119] Bradner, S., "Key words for use in RFCs to Indicate
Requirement Levels", BCP 14, RFC 2119,
DOI 10.17487/RFC2119, March 1997,
<https://www.rfc-editor.org/info/rfc2119>.
[RFC8174] Leiba, B., "Ambiguity of Uppercase vs Lowercase in RFC
2119 Key Words", BCP 14, RFC 8174, DOI 10.17487/RFC8174,
May 2017, <https://www.rfc-editor.org/info/rfc8174>.
Appendix A. Acknowledgements
This work was incubated in the DIF Applied Cryptography Working Group
(https://identity.foundation/working-groups/crypto.html).
We would like to thank Brent Zundel for his valuable contributions to
this specification.
Miller, et al. Expires 2 September 2024 [Page 7]
�
Internet-Draft json-proof-token March 2024
Appendix B. Document History
[[ To be removed from the final specification ]]
-03
* Improvements resulting from a full proofreading.
* Added examples of JSON object and JSON boolean claims.
-02
* Update example to use the current BBS algorithm
-01
* Correct cross-references within group.
-00
* Created initial working group draft based on draft-jmiller-jose-
json-proof-token-01
Authors' Addresses
Jeremie Miller
Ping Identity
Email: jmiller@pingidentity.com
Michael B. Jones
Self-Issued Consulting
Email: michael_b_jones@hotmail.com
URI: https://self-issued.info/
David Waite
Ping Identity
Email: dwaite+jwp@pingidentity.com
Miller, et al. Expires 2 September 2024 [Page 8]
