New: Passkey Benchmark 2026 - 8 production KPIs to compare your passkey rolloutcompare your passkey rollout
Back to Overview

What is SD-JWT (Selective Disclosure JWT)?

Discover what SD-JWT (Selective Disclosure JWT) is, how it works, its advantages for privacy, security, and flexible data sharing, with clear examples.

Blog-Post-Author
Max

Created: June 6, 2025

Updated: May 11, 2026

Term Definition Image for Selective Disclosure ( SD-JWT)

What is SD-JWT (Selective Disclosure JWT)?#

A Selective Disclosure JWT (SD-JWT) is a specialized form of JSON Web Token designed to enhance user privacy by allowing selective sharing of specific pieces of information without revealing the full dataset. SD-JWT leverages cryptographic techniques to provide strong assurances that the disclosed data is authentic and untampered, without unnecessarily exposing sensitive details.

Key aspects of SD-JWT include:

  • Selective Disclosure: Enables users to reveal only required attributes, protecting privacy.
  • Cryptographic Assurance: Uses digital signatures to guarantee authenticity and data integrity.
  • Standards-based: Built on JWT/JWS concepts (RFC 7519), but introduces new data formats and processing requirements for handling selective disclosure.
  • Privacy-by-design: Aligns with modern data privacy regulations, like GDPR.

SD-JWTs are particularly valuable in scenarios like identity verification, digital credentials, and access management, allowing secure and controlled sharing of user attributes.

Key Takeaways:

  • A Selective Disclosure JWT (SD-JWT) is a JSON Web Token variant allowing selective attribute sharing while preserving user privacy.
  • Provides cryptographic proof of authenticity and integrity of the selectively disclosed data.
  • Enables compliance with privacy regulations by minimizing unnecessary data exposure.
  • Widely applicable in identity management, digital credentials, and secure access scenarios.

How Selective Disclosure JWT (SD-JWT) Works#

SD-JWT extends traditional JWTs to allow selective disclosure of claims (user attributes) by employing cryptographic techniques such as hashing and digital signatures. Here's a simplified overview:

Structure and Components:#
  • Claims: Information about a user or entity encoded within the token (e.g., name, date of birth, citizenship status).
  • Disclosure: Users or holders decide which claims they reveal to third parties, protecting sensitive data.
  • Hash Commitments: Each claim is hashed individually, allowing selective revelation without exposing the entire dataset.

Cryptographic Foundations:#
  • Digital Signatures: Issuers digitally sign the token, enabling verification of authenticity and preventing tampering.
  • Hashing: Claims are cryptographically hashed to ensure hidden claims remain secure, even when others are disclosed.
  • Key Binding (KB-JWT): An optional but important security mechanism where a Key Binding JWT can be used to bind the SD-JWT presentation to a cryptographic key controlled by the holder. This prevents a party other than the intended holder from presenting the SD-JWT, protecting against presentation attacks. When key binding is used (SD-JWT+KB mode), the holder proves possession of their key during presentation.

Use Cases and Examples#

SD-JWT is particularly useful in various practical scenarios:

  • Digital Identity Verification: Imagine presenting proof of age without sharing your exact birthdate. If the issuer has included a predicate claim (e.g., "age_equal_or_over": {"18": true}) in the SD-JWT at issuance, you can selectively disclose that claim to verify you're over a certain age threshold without exposing your actual date of birth.

  • Financial Services: Sharing your verified income bracket for loan approvals without revealing detailed salary history or employment details.

  • Healthcare: Providing proof of vaccination without exposing unrelated medical history.

Technical and Regulatory Advantages#

Using SD-JWT brings both technical and regulatory advantages:

  • Enhanced Privacy: Minimizes unnecessary data disclosure, reducing identity theft risks.
  • Compliance with GDPR and Similar Regulations: Aligns well with principles of data minimization and user consent.
  • Interoperability: Builds upon established JWT/JWS concepts (RFC 7519), though implementing SD-JWT requires updates to processing logic and systems to handle the new presentation format and disclosure mechanisms.

Implementing SD-JWT: Key Considerations#

When implementing SD-JWT in your system, consider:

  • Issuer Infrastructure: Ensure a robust and secure system for issuing and managing cryptographic keys and digital signatures.

  • Verification Processes: Develop seamless verification processes, supporting verification across multiple applications and platforms.

  • User Experience: Prioritize an intuitive user interface to clearly communicate the selective disclosure options available, ensuring users understand and manage their data sharing effectively.

The Future of SD-JWT#

Selective Disclosure JWT is increasingly adopted due to its effectiveness in balancing data security, user privacy, and regulatory compliance. Its widespread applicability in secure credential management and digital identity ecosystems positions SD-JWT as a pivotal technology for privacy-centric solutions.

SD-JWT FAQs#

What is SD-JWT used for?#

SD-JWT is used to selectively disclose specific attributes or claims from a digital token, preserving privacy and limiting data exposure.

How does SD-JWT enhance privacy?#

SD-JWT enhances privacy by allowing users to disclose only essential data required for verification, keeping sensitive or unnecessary information confidential.

Is SD-JWT compatible with standard JWT?#

SD-JWT builds on standard JWT/JWS concepts (RFC 7519), but requires implementation updates to handle the new presentation format, disclosure processing, and verification steps. It is not a drop-in replacement for systems that only expect standard compact JWTs.

What industries benefit most from SD-JWT?#

Industries like finance, healthcare, digital identity verification, and regulated sectors benefit significantly by reducing data exposure while maintaining compliance.

How does SD-JWT ensure data integrity?#

SD-JWT uses cryptographic hashing and digital signatures to guarantee authenticity, integrity, and protection against tampering of selectively disclosed data.

Corbado

About Corbado

Corbado is the Passkey Intelligence Platform for CIAM teams running consumer authentication at scale. We help you see what IDP logs and generic analytics tools can't: which devices, OS versions, browsers and credential managers support passkeys, why enrollments don't turn into logins, where the WebAuthn flow fails and when an OS / browser update silently breaks login, all without replacing Okta, Auth0, Ping, Cognito or your in-house IDP. Two products: Corbado Observe layers observability for passkeys and any other login method. Corbado Connect adds managed passkeys with analytics built in (alongside your IDP). VicRoads runs passkeys for 5M+ users with Corbado (+80% passkey activation). Talk to a Passkey Expert

See what's really happening in your passkey rollout.

Explore the Console

Share this article

LinkedInTwitterFacebook

Table of Contents

Related Terms

Related Articles

Digital Credentials & Passkeys: How they align & differ

Digital Credentials & Passkeys: How they align & differ

Vincent Delitz - May 25, 2025

digital credentials thumbnail

Digital Credentials API (2026): Chrome, Safari & Firefox

Vincent Delitz - May 11, 2025

3DS and WebAuthn banner

3-D Secure (3DS) & WebAuthn for Payment Providers

Alex - May 15, 2025

access control server passkeys

EMV 3DS Access Control Server: Passkeys, FIDO and SPC

Vincent Delitz - May 1, 2025

payment provider passkeys third party sdk

Payment Provider Passkeys: How to Build a 3rd Party SDK

Vincent Delitz - March 24, 2025

Mastercard identity check

Mastercard Identity Check: Everything Issuers & Merchants Need to Know

Max - May 7, 2025