[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"doc-detail-82321-en":3,"doc-seo-82321-105":29,"detail-sidebar-cat-0-en-105":90},{"code":4,"msg":5,"data":6},0,"success",{"doc_id":7,"user_id":8,"nickname":9,"user_avatar":10,"doc_module":4,"category_id":11,"category_name":12,"doc_title":13,"doc_description":14,"doc_content":15,"file_id":16,"file_url":17,"file_type":18,"file_size":19,"view_count":4,"is_deleted":4,"is_public":20,"is_downloadable":20,"audit_status":20,"page_count":21,"language":22,"language_code":23,"site_id":24,"html_lang":23,"table_of_contents":25,"faqs":26,"seo_title":13,"seo_description":14,"update_tm":27,"read_time":28},82321,1374391974564,"Clementine","https://ap-avatar.wpscdn.com/avatar/14000253aa45c000a9e?x-image-process=image/resize,m_fixed,w_180,h_180&k=1779874745381141002",6,"Technology","SFDS: Selective File Disclosure System","Networked resource access control remains difficult when authentication-based IAM introduces identity management complexity and added security risk from misconfigurations or implementation flaws. Different file formats also vary in how they provide authenticity and integrity via digital signatures, e.g., PAdES for PDFs while plaintext often lacks standardized signature embedding. The paper proposes an SD-JWT-based architecture that embeds cryptographic signatures and integrity protection directly into read-only shared files. It enables verifiable authenticity and simplifies deployment by removing centralized IAM components while preserving strong security for immutable resources.","SFDS: Selective File Disclosure System  \nAditya Mitra  \nCyberMACSKadir Has University Istanbul, Turkey [aditya.mitra@stu.khas.edu.tr](aditya.mitra@stu.khas.edu.tr)[ ](aditya.mitra@stu.khas.edu.tr)[ORCiD: 0000-0002-9612-0810](ORCiD: 0000-0002-9612-0810)  \nQuazi Fariha Tasnim  \nCyberMACSKadir Has University Istanbul, Turkey [qtasnim@stu.khas.edu.tr](qtasnim@stu.khas.edu.tr)  \nHristina Mihajloska Trpcheska  \nFaculty of Computer Science and Engineering Ss. Cyril and Methodius University Skopje, North Macedonia [hristina.mihajloska@finki.ukim.mk](hristina.mihajloska@finki.ukim.mk)  \narXiv :2607 .09370v 1 [ cs .CR] 10 Jul 2026  \nAbstract—Access control to networked resources has been a longstanding challenge. The conventional solution relies on authentication mechanisms, which introduce additional complexities associated with Identity and Access Management (IAM). Such systems require user authentication, identity management, and authorization services, while also introducing security risks arising from vulnerabilities, misconfigurations, or implementation flaws. Furthermore, different file formats employ different mechanisms for ensuring authenticity and integrity through digital signatures. For example, PDF documents support the PDF Advanced Electronic Signature (PAdES) standard, whereas plaintext files typically lack a standardized mechanism for embedding digital signatures. This paper proposes an architecture based on the Selective Disclosure JSON Web Token (SD-JWT) standard for securely sharing read-only files. The proposed architecture embeds cryptographic signatures and integrity protection directly into the shared resource, providing verifiable authenticity without relying on complex IAM infrastructures, such as centralized user databases, authentication services, or authorization mechanisms. By eliminating these components, the proposed solution simplifies deployment while maintaining strong security guarantees for the distribution of immutable resources.  \nIndex Terms—privacy, decentralize, JWT, SD-JWT, Verifiable credentials  \nI. INTRODUCTION  \nIn many scenarios read-only files are shared but an extensive access control system is used for the process. This involves the use of databases, authentication systems, and authorization lists, followed by extensively securing the authentication systems. But even, once the files are downloaded by the user, proving the integrity of the file and the source requires a whole separate infrastructure for digital signatures.  \nThis scenario is often seen in educational institutions, where they often need to maintain authentication systems for the student grade sheets, ensuring one student cannot access that of another. However, the transcripts still need to be digitally signed, requiring one more digital signature infrastructure and signing the transcript of each student individually.  \nAnother appropriate example would be the medical industry where maintaining the integrity and confidentiality of patient data is very important. However, access control of such Personal Health Information (PHI) often involves creating robust authentication and authorization systems [1] . Further, maintaining the integrity and authenticity of such data is paramount for proper treatment of the patients. However, most  \nmedical reports are generated using legacy medical machines which do not cryptographic digital signatures and integrity checking mechanisms. Further, the file formats used by such legacy machines do not support such digital signature or other methods of maintaining integrity and authenticity.  \nThis study proposes a system to simplify these problems, leveraging the SD-JWT standard [2] for sharing such information. It ensures only the authorized holders holding the Verifiable Presentation corresponding to the information may only be able to access the contents of the information, and at the same time provide authenticity and integrity from the issuer.  \nThe contributions in this study include:  ","cbCaih0Vjc9ewCfT","https://ap.wps.com/l/cbCaih0Vjc9ewCfT","pdf",295203,1,8,"English","en",105,"# Introduction\n# Literature Review","[{\"question\":\"Why are conventional IAM-based access control systems considered complex for sharing read-only files?\",\"answer\":\"They require authentication, identity management, and authorization services, which add complexity and introduce security risks from vulnerabilities, misconfigurations, or implementation flaws.\"},{\"question\":\"How does the proposed SFDS approach avoid relying on centralized IAM infrastructure?\",\"answer\":\"It embeds cryptographic signatures and integrity protection into the shared resource using SD-JWT, enabling verifiable authenticity without centralized user databases, authentication services, or authorization mechanisms.\"},{\"question\":\"What role do SD-JWT and verifiable presentations play in accessing the shared files?\",\"answer\":\"Only authorized holders with the corresponding Verifiable Presentation can access the file contents, while the issuer’s authenticity and the file’s integrity are verifiable.\"}]",1784179597,20,{"code":4,"msg":30,"data":31},"ok",{"site_id":24,"language":23,"slug":32,"title":13,"keywords":33,"description":14,"schema_data":34,"social_meta":85,"head_meta":87,"extra_data":89,"updated_unix":27},"sfds-selective-file-disclosure-system","",{"@graph":35,"@context":84},[36,53,67],{"@type":37,"itemListElement":38},"BreadcrumbList",[39,43,47,50],{"item":40,"name":41,"@type":42,"position":20},"https://docshare.wps.com","Home","ListItem",{"item":44,"name":45,"@type":42,"position":46},"https://docshare.wps.com/document/","Document",2,{"item":48,"name":12,"@type":42,"position":49},"https://docshare.wps.com/document/technology/",3,{"item":51,"name":13,"@type":42,"position":52},"https://docshare.wps.com/document/sfds-selective-file-disclosure-system/82321/",4,{"url":51,"name":13,"@type":54,"author":55,"headline":13,"publisher":57,"fileFormat":60,"inLanguage":23,"description":14,"dateModified":61,"datePublished":61,"encodingFormat":60,"isAccessibleForFree":62,"interactionStatistic":63},"DigitalDocument",{"name":9,"@type":56},"Person",{"url":40,"name":58,"@type":59},"DocShare","Organization","application/pdf","2026-07-16",true,{"@type":64,"interactionType":65,"userInteractionCount":4},"InteractionCounter",{"@type":66},"ViewAction",{"@type":68,"mainEntity":69},"FAQPage",[70,76,80],{"name":71,"@type":72,"acceptedAnswer":73},"Why are conventional IAM-based access control systems considered complex for sharing read-only files?","Question",{"text":74,"@type":75},"They require authentication, identity management, and authorization services, which add complexity and introduce security risks from vulnerabilities, misconfigurations, or implementation flaws.","Answer",{"name":77,"@type":72,"acceptedAnswer":78},"How does the proposed SFDS approach avoid relying on centralized IAM infrastructure?",{"text":79,"@type":75},"It embeds cryptographic signatures and integrity protection into the shared resource using SD-JWT, enabling verifiable authenticity without centralized user databases, authentication services, or authorization mechanisms.",{"name":81,"@type":72,"acceptedAnswer":82},"What role do SD-JWT and verifiable presentations play in accessing the shared files?",{"text":83,"@type":75},"Only authorized holders with the corresponding Verifiable Presentation can access the file contents, while the issuer’s authenticity and the file’s integrity are verifiable.","https://schema.org",{"og:url":51,"og:type":86,"og:title":13,"og:site_name":58,"og:description":14},"article",{"robots":88,"canonical":51},"index,follow",{"doc_id":7,"site_id":24},{"code":4,"msg":5,"data":91},[92,96,100,104,109,112,117,121,125,128,132],{"id":20,"doc_module":4,"doc_module_name":45,"category_name":93,"show_sort_weight":94,"slug":95},"Story & Novel",90,"story-novel",{"id":46,"doc_module":4,"doc_module_name":45,"category_name":97,"show_sort_weight":98,"slug":99},"Literature",80,"literature",{"id":52,"doc_module":4,"doc_module_name":45,"category_name":101,"show_sort_weight":102,"slug":103},"Exam",70,"exam",{"id":105,"doc_module":4,"doc_module_name":45,"category_name":106,"show_sort_weight":107,"slug":108},5,"Comic",60,"comic",{"id":11,"doc_module":4,"doc_module_name":45,"category_name":12,"show_sort_weight":110,"slug":111},50,"technology",{"id":113,"doc_module":4,"doc_module_name":45,"category_name":114,"show_sort_weight":115,"slug":116},7,"Healthcare",40,"healthcare",{"id":21,"doc_module":4,"doc_module_name":45,"category_name":118,"show_sort_weight":119,"slug":120},"Research & Report",30,"research-report",{"id":122,"doc_module":4,"doc_module_name":45,"category_name":123,"show_sort_weight":28,"slug":124},9,"Religion & Spirituality","religion-spirituality",{"id":28,"doc_module":4,"doc_module_name":45,"category_name":126,"show_sort_weight":28,"slug":127},"World Cup","world-cup",{"id":129,"doc_module":4,"doc_module_name":45,"category_name":130,"show_sort_weight":129,"slug":131},10,"Lifestyle","lifestyle",{"id":133,"doc_module":4,"doc_module_name":45,"category_name":134,"show_sort_weight":105,"slug":135},19,"General","general"]