Credential format - SD-JWT

• The PID is issued in the format defined in the ARF Annex 6, with the changes from ARF PR 160 applied.
• SD-JWT VC Draft 03 is used:
• Use of a test root certificate used for credential signing. The root certificate is available on the main page. The chain is written to the x5c header.
• The signing key is also made available at the jwt-vc-issuer well-known endpoint for web based key resolution. Transfer of the jwt-vc-issuer metadata is secured by a browser validatable TLS certificate used for displaying this technical details page as well.
• SD-JWT Draft 08 is used:
• The compact serialization is used.
• No recursive disclosures are used.
• The leaf elements in the JSON tree are made selectively discloseable.
• No array element disclosures are used. The nationalities array is made discloseable as a whole.

Sample PID

Claims (data returned when using the fixed set of testdata):

{
    "vct": "https://example.bmi.bund.de/credential/pid/1.0",
    "iss": "https://demo.pid-issuer.bundesdruckerei.de/c",
    "issuing_country": "DE",
    "issuing_authority": "DE",
    "given_name": "ERIKA",
    "family_name": "MUSTERMANN",
    "birth_family_name": "GABLER",
    "birthdate": "1964-08-12",
    "age_birth_year": 1964,
    "age_in_years": 59,
    "age_equal_or_over": {
        "12": true,
        "14": true,
        "16": true,
        "18": true,
        "21": true,
        "65": false
    },
    "place_of_birth": {
        "locality": "BERLIN"
    },
    "address": {
        "locality": "KÖLN",
        "postal_code": "51147",
        "street_address": "HEIDESTRAẞE 17"
    },
    "nationalities": ["DE"]
}
        

Raw SD-JWT VC in compact serialization form: