DSR contributed a reference implementation of Selective Disclosure for JWTs (SD-JWT) in Rust to OpenWallet Foundation

February 7th, 2024

DSR actively supports the open-source community and regularly contributes to open-source projects. Recently, the company developed a reference implementation of Selective Disclosure for JWTs (SD-JWT) in Rust that addresses an important need in the Rust and Self-sovereign Identity ecosystems. The library aims to provide an enhanced representation of a user's identity, focusing on privacy in information sharing.

In fall 2023, the DSR team identified the need for a Selective Disclosure JWT (SD-JWT) implementation in Rust. Upon discovering that, at that time, the open-source community needed an up-to-date, maintained, and reusable solution, DSR leveraged our experience in creating and maintaining similar libraries. Consequently, the DSR team chose to develop and open source a reference implementation of SD-JWT in Rust. 

OpenWallet Foundation (a part of the Linux Foundation) is providing a safe space for developers to work together on open source components for interoperable wallets and already has a hub for SD-JWT implementations in various languages. In 2023, DSR became a member of the Foundation and proposed the SD-JWT code contribution, committing DSR's team to the ongoing maintenance and preservation as a reference implementation.

The code is now available in https://github.com/openwallet-foundation-labs/sd-jwt-rust and released as https://crates.io/crates/sd-jwt-rs.

 Solution Benefits

Although there were several other SD-JWT implementations in Rust, our contribution offers significant benefits and distinctive advantages:

  • Reference implementation. An up-to-date and complete implementation of the recent specification version (version 7 at the time of writing this post).
  • Permissive free software license. The code is open sourced under an Apache 2 license, allowing users to use the software for any purpose, distribute it, modify it, and distribute modified versions of the software under the terms of the license without concern for royalties.
  • Visibility and Adoption. The code is part of the OpenWallet Foundation labs, making it easily discoverable and usable by OpenWallet Foundation and Linux Foundation projects and any other open-source or proprietary software. OpenWallet provides effective collaboration tools and community feedback mechanisms (GitHub issuesDiscord channel, etc.).
  • Code Maintenance. DSR is committed to continually maintaining the code, ensuring it remains a reference implementation of the SD-JWT standard. It will stay interoperable with other implementations and support the latest version of the SD-JWT specification.
  • Modularity. The implementation is organized as a small library with minimal dependencies, easily integrating it into other frameworks or projects.
  • Ready for adoption. Regular releases are published to creates.io (https://crates.io/crates/sd-jwt-rs). 
  • Interoperability. The implementation has extensive test coverage and is interoperable with other implementations, as tested against the provided test vectors. 

JSON Web Token (JWT) is an open standard (RFC 7519) used to securely transmit information between parties as a JSON object. Commonly used in web applications for authentication and information exchange, it can be digitally signed or encrypted to ensure data integrity.

SD-JWT is a type of JWT designed for enhanced privacy and security in identity management. In Self-Sovereign Identity (SSI), individuals or entities control their identity data without relying on centralized authorities, using Verifiable Credentials (VC): https://www.w3.org/TR/vc-data-model/. JWT is one of the standard and well-adopted VC-proof formats, which is easy to use and applicable to many cases. However, classical JWT doesn't provide any privacy-preserving features. SD-JWT is an extension to the JWT standard being developed by IETF (https://datatracker.ietf.org/doc/html/draft-ietf-oauth-selective-disclosure-jwt) that allows the personal information holder to expose only the necessary information for verification, not their entire array of personal data. 

Key aspects of Selective Disclosure JWT include:

  • Privacy-Preserving, Selective Disclosure: Tailored for situations where privacy is paramount, SD-JWT allows individuals to share verifiable credentials without exposing unnecessary data. It enables the token holder to reveal only specific information contained in the JWT. For example, an individual can prove their age without disclosing their name or address, even if that information is part of the same credential.
  • Compatibility with Decentralized Identities (DIDs): Often used with DIDs, SD-JWT can be a mechanism for proving claims associated with these new identifiers for verifiable, self-sovereign digital identities.
  • Use in Verifiable Credentials: In the SSI model, SD-JWT serves as a format for verifiable credentials - digital claims verifiable by third parties.

The DSR team has more than seven years of experience using Rust for writing production code and complex components, and the company sees many benefits in using Rust, especially for such libraries as SD-JWT.

Here are some key advantages of Rust:

  1. Memory Safety: Rust's ownership system ensures memory safety without the need for a garbage collector. This prevents common programming errors like null pointer dereferencing, buffer overflows, and data races.
  2. Concurrency without Data Races: Rust's ownership model and borrowing system allow for safe concurrent programming. It eliminates data races by enforcing strict ownership rules at compile-time.
  3. Performance: Rust provides performance comparable to low-level languages like C and C++ due to its emphasis on zero-cost abstractions. It allows fine-grained control over system resources without sacrificing performance.
  4. Cross-Platform Support: Rust supports cross-compilation, allowing developers to build applications for different target platforms. 
  5. Interoperability, language wrappers: Rust is designed to be easily interoperable with other languages. It has a Foreign Function Interface (FFI) that allows it to call functions from other languages and be called from them. This makes it straightforward to create language wrappers or bindings for libraries written in Rust.
  6. Community and Documentation: Rust has a growing and active community that contributes to its development. The language has excellent documentation, making it easier for developers to learn and use effectively.
  7. Ecosystem: Rust has a thriving ecosystem of libraries and frameworks known as "crates." These crates cover a wide range of domains, making it easier for developers to find reusable components for their projects.
  8. Safety Without Sacrificing Control: Rust achieves a balance between low-level control over system resources and high-level safety features. Developers can write low-level code without compromising safety.

Why DSR Corporation

It was a natural decision for the DSR team to implement a reference implementation of a SD-JWT library in Rust for several reasons:

  • With over seven years of experience in Self-sovereign Identity (SSI), the DSR team has actively worked on and contributed to SSI standards and implementations.
  • Possesses extensive expertise in using Rust for writing multi-platform production code and complex components, including libraries (SDKs), Web Backends, Blockchain applications, and language wrappers for Rust libraries. Significant examples of using Rust in open-source projects include the Hyperledger Indy SDKIndy BesuAries VCXHyperledger UrsaHyperledger AnonCredsDIDComm v2 libraries, etc.
  • Brings significant experience in contributing to open source (more than 50 open source projects).
  • Having a comprehensive background in open source project maintenance, including participation in the maintenance of projects such as Hyperledger Indy, Hyperledger Ursa, CSA DCL, cheqd ledger, etc.
  • Demonstrating broad experience in implementing reference implementations of open standards. For example, the DSR team has implemented reference implementations of DIDComm v2 specificationCL AnonCredsdid:peer, etc.
  • Offering profound experience in working with privacy-preserving SSI standards. The DSR team is one of the core authors of CL AnonCreds reference implementations in Hyperledger Indy, Hyperledger Ursa, Hyperledger AnonCreds.
  • Possessing profound experience in working with JOSE/JWT standards and implementations. For example, the DSR team has contributed ECDH-1PU support to popular open-source JOSE implementations such as Nimbus JOSE/JWTauthlib, etc.  
  • Being a member of the OpenWallet Foundation.