π€ AI Summary
This work proposes a read-only file security sharing architecture based on Selective Disclosure JWT (SD-JWT), addressing limitations of traditional identity and access management (IAM) systemsβsuch as complex configuration, security vulnerabilities, and the absence of a unified cross-format digital signature mechanism. By embedding digitally signed, integrity-protected metadata directly within files, the approach enables decentralized, verifiable authenticity at the file level without relying on centralized authentication or user databases. This is the first application of SD-JWT to file-level secure sharing, offering strong security guarantees for immutable resources while supporting cross-format distribution and significantly simplifying deployment.
π Abstract
Access control to networked resources has been a longstanding challenge. The conventional solution relies on authentication mechanisms, which introduce additional complexities associated with Identity and Access Management (IAM). Such systems require user authentication, identity management, and authorization services, while also introducing security risks arising from vulnerabilities, misconfigurations, or implementation flaws. Furthermore, different file formats employ different mechanisms for ensuring authenticity and integrity through digital signatures. For example, PDF documents support the PDF Advanced Electronic Signature (PAdES) standard, whereas plain text files typically lack a standardized mechanism for embedding digital signatures. This paper proposes an architecture based on the Selective Disclosure JSON Web Token (SD-JWT) standard for securely sharing read-only files. The proposed architecture embeds cryptographic signatures and integrity protection directly into the shared resource, providing verifiable authenticity without relying on complex IAM infrastructures, such as centralized user databases, authentication services, or authorization mechanisms. By eliminating these components, the proposed solution simplifies deployment while maintaining strong security guarantees for the distribution of immutable resources.