_
Registry Context
`_sd` is the object-property slot in an SD-JWT payload that carries disclosure digests instead of revealed claim values.
Technical Summary
RFC 9901 defines `_sd` as an array-valued member used for selectively disclosable object properties. Its elements are disclosure digests, and it can also include decoy digests. The array may be empty, but the issuer must not preserve the original claim order in the array.
When Used
Use when encoding selectively disclosable object properties in an SD-JWT payload.
Normative Requirements
Issuer
RFC 9901 - Section 4.2.4.1
Make `_sd` an array of strings, where each string is a disclosure digest or a decoy digest..
`_sd` key MUST refer to an array of strings
RFC 9901 - Section 4.2.4.1
Do not preserve the original order of claims when constructing the `_sd` array..
Issuer MUST hide the original order
RFC 9901 - Section 4.2.4.1
Allow `_sd` to be empty when there are no selectively disclosable claims at that level..
Condition: When the issuer decides not to selectively disclose any claims at that level.
The array MAY be empty
Validation Guidance
Reject `_sd` values that are not arrays of strings.
Accept empty `_sd` arrays, but do not require them when there are no disclosures.
Do not infer or preserve the source claim order from `_sd` array ordering.
Reference
Details
- Entry Id
_sd - Claim Name
_sd - Claim Description
Digests of Disclosures for object properties- Change Controller
IETF- Reference
RFC9901 - Section 4.2.4.1