_ sd
Registry Context
`_sd` is an object member in an SD-JWT payload that contains digests for selectively disclosable object properties rather than the properties themselves.
Technical Summary
RFC 9901 defines `_sd` as an array of strings, each containing a Disclosure digest or decoy digest. The array may be empty, although omitting `_sd` is recommended in that case. The issuer must hide the claims' original order and is recommended to shuffle the digest array using a method independent of that order.
When Used
Used to embed Disclosure digests for selectively disclosable object properties in an SD-JWT.
Normative Requirements
Issuer
RFC 9901 - Section 4.2.4.1
Make the `_sd` value an array of strings, with each string containing a Disclosure digest or decoy digest..
The _sd key MUST refer to an array of strings
RFC 9901 - Section 4.2.4.1
Hide the original order of claims represented in the `_sd` array..
The Issuer MUST hide the original order of the claims in the array
RFC 9901 - Section 4.2.4.1
Omit the `_sd` member to save space instead of including an empty array..
Condition: When no claims at that object level are made selectively disclosable.
it is RECOMMENDED to omit the _sd key in this case
RFC 9901 - Section 4.2.4.1
Shuffle the digest array after potentially adding decoy digests, using an ordering method that does not depend on the original claim order..
it is RECOMMENDED to shuffle the array of hashes
RFC 9901 - Section 4.2.4.1
Use an empty `_sd` array..
Condition: When no claims at that object level are made selectively disclosable.
The array MAY be empty
Validation Guidance
Reject an `_sd` value that is not an array containing only strings.
Accept an empty `_sd` array when no claims at that level are selectively disclosable.
Warn when an empty `_sd` member is retained instead of omitted.
When validating issuer construction, report an error if `_sd` ordering preserves or depends on the original claim order.
When validating issuer construction, warn if the digest array was not shuffled after any decoy digests were added.
Reference
Details
- Entry Id
_sd - Claim Name
_sd - Claim Description
Digests of Disclosures for object properties- Change Controller
IETF- Reference
RFC9901 - Section 4.2.4.1