Skip to content

docs: SD-JWT predicate disclosure for mandates#42

Merged
iret77 merged 1 commit into
mainfrom
docs/mandate-selective-disclosure-18
Jun 10, 2026
Merged

docs: SD-JWT predicate disclosure for mandates#42
iret77 merged 1 commit into
mainfrom
docs/mandate-selective-disclosure-18

Conversation

@iret77

@iret77 iret77 commented Jun 10, 2026

Copy link
Copy Markdown
Contributor

What & why

Eleventh PR of the v0.3 draft.

Issue #18 — mandate verification disclosed negotiation-sensitive caps: for an action to be binding, the counterparty must check the Mandate (§5.3) — and a plaintext Mandate hands them max_value (the Principal's reservation price), escalation_threshold, and allowed_counterparties (a business-relationship map). The spec already had the right tool (§6.6 SD-JWT predicates) but never applied it to its most negotiation-sensitive credential.

  • §5.3 (M4) gains a normative bullet: Mandates SHOULD be issued as SD-JWT VCs with predicate support — for contracting-scope Mandates strongly RECOMMENDED — so the Agent proves "this action's value is within my per-action cap" and "this counterparty is within my allowed set" without disclosing the cap or the list.
  • Residual leak stated honestly: a successful escalation co-signature still reveals "threshold ≤ this value" — inherent in threshold semantics, documented as acceptable.
  • §6.6 now cross-references Mandates explicitly so implementers don't ship plaintext mandates by default; new §11 threat row.

Closes #18

Affected spec section(s)

§5.3 (M4), §6.6, §11, Appendix C.

Trust impact

None. No trust root moves; counterparties can verify the same authority predicates as before with strictly less information disclosed. Strengthens design goal §3.1(7) (privacy-preserving, selective disclosure off-chain).

Checklist

  • One logical change, conventional PR title
  • Cited the affected spec section(s)
  • Stated the trust impact (or "none")
  • Normative language uses RFC 2119 keywords correctly
  • docs-check passes

@iret77
docs: SD-JWT predicate disclosure for mandates
52de096 
Issue #18: verifying a plaintext Mandate hands the counterparty the
negotiation envelope (max_value = reservation price,
escalation_threshold, allowed_counterparties = relationship map).
s5.3 (M4) now requires that Mandates SHOULD be issued as SD-JWT VCs
with predicate support — strongly RECOMMENDED for contracting scope —
proving 'value within cap' and 'counterparty in allowed set' without
disclosing cap or list. The inherent escalation-time threshold leak is
documented as acceptable. s6.6 cross-references mandates explicitly;
new s11 threat row; Appendix C updated.
@iret77 iret77 merged commit 5a42332 into main Jun 10, 2026
2 checks passed
@iret77 iret77 deleted the docs/mandate-selective-disclosure-18 branch June 10, 2026 16:26
@iret77 iret77 mentioned this pull request Jun 10, 2026
Closed
19 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

§5.3: Mandate verification discloses negotiation-sensitive caps to the counterparty

1 participant

@iret77