LogoLogo
ProductsCommunityGitHubShare Feedback
SSI Kit
SSI Kit
  • General
    • Introduction
    • Transition To The Community Stack
    • SSI Kit | Basics
      • Overview
      • Functionality
      • Components
    • SSI Kit
      • SSI Flavors & Ecosystems
        • Trust Registries
        • Keys
        • Decentralized Identifiers (DIDs)
        • Verifiable Credentials (VCs)
        • Data Exchange Protocols
      • Architecture
        • Low-Level Service Abstraction
        • Ecosystem Abstraction
        • High-Level Interfaces / APIs
      • Use Cases
      • Self-Sovereign Identity (SSI)
        • SSI | Basics
        • Technologies & Concepts
          • Registries
          • Decentralised Identifiers (DIDs)
          • Verifiable Credentials (VCs)
          • Verifiable Presentations (VPs)
          • Data Exchange (Protocols)
  • Getting started
    • Quick Start
    • REST API
      • Signatory API - For Issuers
      • Custodian API - For Holders
        • Key management
        • Did management
        • Credentials management
      • Auditor API - For Verifiers
      • Core API
        • Cryptographic keys
        • Decentralised-Identifiers
        • Verifiable-Credentials
      • API Serving Configs
    • Dependency (JVM)
      • Java Examples
      • Kotlin Examples
    • CLI | Command Line Interface
      • Key Management
      • Decentralized Identifiers
      • Verifiable Credentials
      • OpenID Connect (OIDC)
    • Building the Project
      • Docker Build
      • Local Build
    • Project Configurations
    • Demo
  • Ecosystems
    • EBSI
      • Basics
      • Use Cases & Flow Diagrams
      • Command line interface
        • DID Registration
      • REST API
      • Usage / examples
        • Onboarding & DIDs
        • Build end-to-end use cases
    • IOTA
      • OIDC4VP profile for Login-with-IOTA
      • Login With IOTA Demo
    • Velocity
      • Basics
        • Onboarding
        • Issuing
        • Inspection
      • Integration with SSIKit
      • Command line interface
        • Onboarding
        • Issuing
        • Inspection
    • cheqd
      • Integration architecture
      • Create DID
      • Issue VC
      • Verify VC
  • Tutorials
    • My First VC
    • Advanced VC
  • Concepts
    • Credential Templates
    • Verification Policies
      • Static Policies
      • Parameterized Policies
      • Dynamic/Custom Policies
        • Creating Dynamic Policies
        • Using Dynamic Policies
        • Removing Dynamic Policies
        • Dynamic Policies | Data Classes
    • Selective Disclosure
      • Intro
      • Issuing a SD-JWT Credential
      • Verifying a SD-JWT Credential
    • Credential Statuses
      • StatusList2021Entry
      • SimpleCredentialStatus2022
      • Issue credentials with credentialStatus
      • REST API
        • Check the status of a credential
        • Revoke a credential
      • CLI
        • Check the status of a credential
        • Revoke a credential
    • DID Web
    • Open Policy Agent (OPA)
      • Setup
    • OpenID Connect (OIDC)
      • Credential Issuance
        • OIDC4CI | Example
      • Presentation Exchange
        • OIDC4VP | Example
    • Delegation and Mandates
  • Community
    • Discord
    • Twitter
    • Newsletter
    • GitHub Discussions
  • DEVELOPER RELATIONS
    • Contribute
    • Roadmap
    • Share Feedback
    • Contact
  • Product Editions
    • Open Source | Always Free
    • Enterprise | Self-Managed
    • Cloud Platform | Managed
Powered by GitBook
On this page
  • What is Selective Disclosure?
  • The importance of Selective Disclosure
  • SD-JWTs: A Mechanism for Selective Disclosure

Was this helpful?

Export as PDF
  1. Concepts
  2. Selective Disclosure

Intro

Selective Disclosure allows holders to reveal only necessary information.

PreviousSelective DisclosureNextIssuing a SD-JWT Credential

Last updated 1 month ago

Was this helpful?

What is Selective Disclosure?

Selective disclosure enables a holder to choose which pieces of information contained in a Verifiable Credential will be revealed to a verifier, rather than being forced to reveal all the data present in a Verifiable Credential.

For example, Alice could now only share her age to verify being old enough to purchase products offered in an ecommerce shop, without revealing other personal information present in her Verifiable ID document used for verification. This allows for greater privacy and control over personal data.

The importance of Selective Disclosure

Selective disclosure is a critical aspect of SSI because it enables individuals to share only the minimum amount of personal information necessary to complete a transaction or interaction, while keeping the rest of their personal data private. This reduces the risk of identity theft and other types of fraud.

SD-JWTs: A Mechanism for Selective Disclosure

Our implementation of selective disclosure currently does not follow any specific standard, as standards in the field are still under development. As reference, we used the reference by IETF. Please note that our implementation is subject to change.

What is an SD-JWT

A Selective Disclosure JSON Web Token (SD-JWT) is a type of in which the claims in the body are hashed, making them unreadable without disclosure. By providing the necessary disclosures, the original values of the claims can be revealed.

How it works

When presenting a classical credential via JWT, claims are visible to the verifier in plain text. With an SD-JWT credential, claims are encrypted in a hashed format, making them unreadable. This allows the holder to choose which claims to reveal to the verifier by providing the plain text key-value pairs (known as disclosures) next to the SD-JWT. The verifier can then hash these disclosures and compare them to the values in the SD-JWT, verifying that the claim was part of the SD-JWT. Additionally, SD-JWTs also allow for decoy hashes to be included in the credential, which are dummy values to conceal the actual number of claims in the credential.

In the following section, we will see how to issue and verify SD-JWT credentials.

Selective Disclosure for JWTs (SD-JWT)
Comparison of normal and SD-JWT credential