Clarification on transaction_data_hashes

[babisRoutis]

Currently, on d23/d24 the specification contains the following description:

transaction_data_hashes: Array of hashes, where each hash is calculated using a hash function over the strings received in the transaction_data request parameter. Each hash value ensures the integrity of, and maps to, the respective transaction data object. Where in the response this parameter is included is defined by each Credential Format, but it has to be included in the mechanism used for the proof of possession of the Credential that is signed using the user-controlled key

In addition, in the SD-JWT-VC section there is the following (I guess non-normative) example of a KB-JWT

{
  "nonce": "n-0S6_WzA2Mj",
  "aud": "x509_san_dns:client.example.org",
  "iat": 1709838604,
  "sd_hash": "Dy-RYwZfaaoC3inJbLslgPvMp09bH-clYP_3qbRqtW4",
  "transaction_data_hashes": [ "fOBUSQvo46yQO-wRwXBcGqvnbKIueISEL961_Sjd4do" ]
}

I guess that each element of transaction_data_hashes should be calculated as described in the above text, but it also needs to be encoded using Base64 URL encoded (no padding).

I don't know if it is implied, yet I miss a reference on the base64 encoding transaction_data_hashes to the KB-JWT.

[Sakurann]

i think this might be fixed/clarified/changed with #423

[babisRoutis]

i think this might be fixed/clarified/changed with #423

Thanks @Sakurann .

In general, I think that is not clear to the reader how holder-signed transaction_data should be include to the wallet response.

For SD-JWT-VC there is the example, yet it misses an explicit definition of how to represent transaction_data_hashes within the KB-JWT.

For other formats, like mso_mdoc, specification doesn't provide any hint or reference.

Added a relevant comment #423 (comment)