Skip to content

Concepts & Architecture

Audience & Purpose
Audience Developers, architects, and security engineers working with the SD-JWT .NET ecosystem
Purpose Understand the architecture, design decisions, and technical details of each component
Scope All implemented packages and their interactions
Success Reader understands how components fit together and can make informed design decisions

Reading Order

Start with the ecosystem architecture, then dive into the specific area you need.

1. Ecosystem Overview

Document Topic Read Time
Ecosystem Architecture Master architecture, package map, deployment patterns 20 min
Selective Disclosure Mechanics How salts, hashes, and key binding work 10 min

2. Core Credential Formats

Document Topic Read Time
SD-JWT Deep Dive RFC 9901 token format, issuance, presentation, verification 25 min
Verifiable Credential Deep Dive SD-JWT VC profile, claims, lifecycle 15 min
mdoc Deep Dive ISO 18013-5 CBOR/COSE structures, mDL 20 min

3. Protocols

Document Topic Read Time
OpenID4VCI Deep Dive Credential issuance protocol 20 min
OpenID4VP Deep Dive Presentation protocol 20 min
Presentation Exchange Deep Dive DIF PEX query language 15 min
DC API Deep Dive W3C Digital Credentials API 15 min

4. Trust & Compliance

Document Topic Read Time
HAIP Deep Dive High Assurance Interoperability Profile 15 min
HAIP Compliance Integration guide and policy engine 15 min
Status List Deep Dive Revocation, suspension, status checking 15 min

5. Wallet & Regional

Document Topic Read Time
Wallet Deep Dive Generic wallet architecture and plugin model 20 min
EUDIW Deep Dive EU Digital Identity Wallet and eIDAS 2.0 20 min

6. Agent Trust

Document Topic Read Time
Agent Trust Kits Deep Dive Capability tokens, policy engine, M2M trust 25 min

Architecture at a Glance

graph TB
    subgraph Application["Application Layer"]
        Issuer["Issuer Service"]
        Verifier["Verifier Service"]
        WalletApp["Wallet App"]
        AgentRuntime["Agent Runtime"]
    end

    subgraph Protocol["Protocol Layer"]
        OID4VCI["SdJwt.Net.Oid4Vci"]
        OID4VP["SdJwt.Net.Oid4Vp"]
        PEX["SdJwt.Net.PresentationExchange"]
        Fed["SdJwt.Net.OidFederation"]
    end

    subgraph Compliance["Compliance Layer"]
        HAIP["SdJwt.Net.HAIP"]
        Eudiw["SdJwt.Net.Eudiw"]
    end

    subgraph Core["Core Layer"]
        SdJwt["SdJwt.Net (RFC 9901)"]
        Vc["SdJwt.Net.Vc"]
        Status["SdJwt.Net.StatusList"]
        Mdoc["SdJwt.Net.Mdoc"]
        Wallet["SdJwt.Net.Wallet"]
    end

    subgraph AgentTrust["Agent Trust Layer"]
        ATCore["AgentTrust.Core"]
        ATPolicy["AgentTrust.Policy"]
        ATAsp["AgentTrust.AspNetCore"]
        ATMaf["AgentTrust.Maf"]
    end

    Issuer --> OID4VCI
    Verifier --> OID4VP
    Verifier --> PEX
    WalletApp --> Wallet
    AgentRuntime --> ATMaf

    OID4VCI --> HAIP
    OID4VP --> HAIP
    Fed --> HAIP

    HAIP --> SdJwt
    HAIP --> Vc
    HAIP --> Status
    HAIP --> Mdoc
    Eudiw --> Mdoc
    Eudiw --> Vc
    Wallet --> SdJwt
    Wallet --> Mdoc

    ATCore --> SdJwt
    ATPolicy --> ATCore
    ATAsp --> ATCore
    ATMaf --> ATCore

    style HAIP fill:#d62828,color:#fff
    style SdJwt fill:#1b4332,color:#fff
    style Mdoc fill:#2a6478,color:#fff
    style ATCore fill:#7b2d8e,color:#fff