Feature Friday n°4: Selective Disclosure

Written By Tamino Baumann

Introduction

Hey friends,

Welcome to Feature Friday! Each week, this series highlights new identity features available with the walt.id tooling. Check out last week's lesson on the Status Property in VCs! For feedback or episode suggestions, connect with us on Discord!

Today we explore Selective Disclosure, a privacy-enhancing feature for Verifiable Credentials, that gives individuals granular control on what information they share in a transaction, thereby enhancing trust and reducing identity fraud risks.

Selective Disclosure for Verifiable Credentials brings

  • Enhanced Privacy: It allows individuals to share only required information, minimizing unnecessary exposure of personal data.

  • User Empowerment: It gives users greater control over their personal data, as they can decide what to share during a transaction.

  • Reduced Fraud Risks: By limiting the amount of shared data, selective disclosure reduces the potential for identity theft and other forms of data misuse.

How it works; Our Implementation of SD-JWTs

In line with the industry’s ongoing efforts to create a standard for selective disclosure, we have made a first implementation inspired by the IETF's Selective Disclosure for JWTs (SD-JWT) reference. As this is still a developing field, our implementation is subject to change, but it gives the chance to experiment until the final version based on an official reference arrives.

How it works

  1. Credential Creation: The process begins with the creation of a Verifiable Credential, containing several pieces of data, otherwise known as claims, about the holder.

  2. Conversion to SD-JWT: The VC then gets transformed into a Selective Disclosure JSON Web Token (SD-JWT). Thereby, the claims are hashed, obscuring their original value. Now the original value can only be revealed with the correct disclosure (the plain text value of a hashed claim)

  3. Transfer to Holder: Then the SD-JWT and all disclosures are sent to the holder. With all the disclosures available, the holder can simply read the whole VC in plain text.

  4. Selective Disclosure Sharing: On verification request, the holder can now send the SD-JWT plus one or multiple of the disclosures, depending on the data requirements for the transaction. This limits the amount of data the verifier will be able to read.

  5. Disclosure Verification: By hashing the received disclosures and comparing them to the hashed values in the SD-JWT, the verifier can validate and thereby trust the data.

Illustration comparing a regular credential with an SD-JWT one.

How it works

With our open source tools, you can:

  • Create, Revoke - verifiable SD-JWT credentials and presentations that conform to W3C standards, using different DID methods and revocation options.

  • Verify - SD-JWT credentials with custom and prebuilt verification policies.

  • Distribute - SD-JWT VCs using OpenID Connect for Verifiable Credentials (OIDC4VC and OIDC4VP) from an Issuer to a Holder, or from a Holder to a Verifier.

  • Store - Create wallet solutions for holders

… but wait there’s more:

  • Works Across Programming Languages: You can create, verify and distribute SD-JWT credentials easily with walt.id’s SSI-Kit, offering a CLI tool, a REST service and a Java and Kotlin library.

  • Works Across Ecosystems: Our supported DID methods range from key, web, ebsi, iota, jwk, cheqd and velocity with new ones added continuously.

  • Flexible, Extensible and Open-Source: Using our tools you can leverage the wide range of already supported ecosystems and credential formats or extend our modular system bringing support for your own did:method or credential format.

Demo

Watch our short demo, showcasing how you can work with SD-JWT Credentials using the walt.id SSI-Kit

 
 

Get Started

Please note, that the demo shown used the SSI-Kit which is no longer maintained by walt.id. However, all the features are now available via the community stack.
You can get started with the new libs and APIs here.

Join us for the upcoming Feature Friday to learn more about how to create your own Credential Templates.

Now, here's your dose of tech humour for the day:

How many programmers does it take to change a light bulb?

None, that's a hardware problem.

See you next Friday, and in the meantime, let’s connect on discord!

Best,

Tamino from walt.id

Tamino Baumann
Previous

Feature Friday n°5: Credential Templates
Next

Feature Friday n°3: Status of Verifiable Credentials