Credential format - SD-JWT

• The PID is issued in the format defined in the ARF Annex 6, with the changes from ARF PR 160 applied.
• SD-JWT VC Draft 11 is used:
• Use of a test root certificate used for credential signing. The root certificate is available on the main page. The chain is written to the x5c header.
• The signing key is also made available at the jwt-vc-issuer well-known endpoint for web based key resolution. Transfer of the jwt-vc-issuer metadata is secured by a browser validatable TLS certificate used for displaying this technical details page as well.
• SD-JWT Final (RFC 9901) is used:
• The compact serialization is used.
• Recursive disclosures are used.
• The leaf elements in the JSON tree are made selectively disclosable.
• Array element disclosures are used.

Sample PID

Claims (data returned when using the fixed set of test data):

            
{
    "vct": "urn:eudi:pid:de:1",
    "iss": "https://demo.pid-provider.bundesdruckerei.de",
    "cnf": {
        "jwk": {
        "kty": "EC",
        "use": "sig",
        "crv": "P-256",
        "kid": "H9Gv4SoKQMiiHhlTW4NdTcJ42wR72eYe7i0ND6c0RJRB",
        "x": "pHzm7PSSlqdvNsdxHEvNcAGJIRHfTW18pxN7y9FAa1c",
        "y": "GkuGNS15bBUu8sfRECm_jka-AYlzVdnsLF9OLu_GiTA",
        "alg": "ES256"
        }
    },
    "exp": 1764054633,
    "iat": 1762845033,
    "status": {
        "status_list": {
        "uri": "https://demo.pid-provider.bundesdruckerei.de/status/7b700bce-0560-4f03-82db-51aa6448d72f",
        "idx": 31
        }
    },
    "issuing_country": "DE",
    "issuing_authority": "DE",
    "source_document_type": "ID",
    "given_name": "ERIKA",
    "family_name": "MUSTERMANN",
    "birthdate": "1964-08-12"
    "age_equal_or_over": {
        "12": true,
        "14": true,
        "16": true,
        "18": true,
        "21": true,
        "65": false
    },
    "place_of_birth": {
        "locality": "BERLIN"
    },
    "address": {
        "street_address": "HEIDESTRAẞE 17",
        "locality": "KÖLN",
        "country": "DE",
        "postal_code": "51147"
    },
    "nationalities": [
        "DE"
    ],
}
            
        

Raw SD-JWT VCs in compact serialization form are shown in the manual. See the credentials property in the response. Note that this raw SD-JWT is generated during local testing, and therefore the issuer is set to localhost instead of the actual production URL.