§ Credential Manifest 1.x Editor’s Draft
Specification Status: Working-Group Approved Draft
Latest Editor’s Draft: identity.foundation/credential-manifest
Stable Working-Group Approved Draft: identity.foundation/credential-manifest/spec/v1.0.0
- Editors:
- Daniel Buchner (Block)
- Brent Zundel (Avast)
- Jace Hensley (Bloom)
- Daniel McGrogan (Workday)
- Gabe Cohen (Block)
- Kim Hamilton Duffy (Centre Consortium)
- Participate:
- GitHub repo
- File a bug
- Commit history
§ Abstract
For User Agents (e.g. wallets) and other service that wish to engage with Issuers to acquire credentials, there must exist a mechanism for negotiating (via services and interfaces that are out of scope) what inputs are required from a Subject to process a request for credential(s) issuance. The Credential Manifest is a common data format for describing the inputs a Subject must provide to an Issuer for subsequent evaluation and issuance of the credential(s) indicated in the Credential Manifest, i.e. for a Subject to become a Holder.
Credential Manifests do not themselves define the contents of the output credential(s), the process the Issuer uses to evaluate the submitted inputs, or the protocol Issuers, Subjects, and their User Agents rely on to negotiate credential issuance. Instead, Credential Manifests are a data model for issuers to publish and/or send individually to would-be holders, allowing the software of the latter to understand and negotiate an issuance process.
§ Status of This Document
Credential Manifest is a draft specification being developed within the Decentralized Identity Foundation (DIF). Design work on the Credential Manifest data model is ongoing, and participants are encouraged to open issues or otherwise contribute at the DIF-hosted github repository, whether as input to stable versions or as recommendations for future versions.
§ Terminology
- Decentralized Identifiers
- Unique ID URI string and PKI metadata document format for describing the cryptographic keys and other fundamental PKI values linked to a unique, user-controlled, self-sovereign identifier in a target system (i.e. blockchain, distributed ledger).
- Claim
- An assertion made about a Subject. Used as an umbrella term for Credential, Assertion, Attestation, etc.
- Issuer
- Issuers are entities that issue credentials to a Holder.
- Holder
- Holders are entities that receive credentials from Issuers, possibly first submitting proofs to the Issuer to satisfy the requirements described in a Presentation Definition. These interactions are facilitated by User Agents.
- Credential Manifest
- A Credential Manifest is a document, hosted by an Issuer and consumed by [[User Agents]], codifying the credentials that it issues in terms of pre-requisites and inputs. These can be static or dynamic, but their form and usage are detailed in this specification.
- Presentation Definition
- Presentation Exchange is a specification codifying a Presentation Definition data format Verifiers can use to articulate proof requirements in a Presentation Request, and a Presentation Submission data format Holders can use to describe proofs submitted in accordance with them.
- Output Descriptor
- Output Descriptors are used by an Issuer to describe the credentials they are offering to a Holder. See Output Descriptor
- Output Descriptor Object
- Output Descriptor Objects are populated with properties describing the Claims the Issuer is offering the Holder
- Output Descriptor Display Object
- Output Descriptor Display Objects are populated with Data Display properties from the Wallet Rendering specification.
- Credential Application
- Credential Application are objects embedded within target claim negotiation formats that pass information from the Holder to the Issuer. See Credential Application
- Credential Response
- Credential Responses are objects embedded within target claim negotiation formats that enable a binary response to a Credential Application. Fulfillments unify the presentation of Claims to a Holder in accordance with the output an Issuer specified in a Credential. Denials provide insight into why a given application did not result in a fulfillment. See Credential Response.
- User Agent
- User Agents are software, such as wallets or other services, acting on behalf of Holders, to facilitate credential acquisition and exchange. In the context of this specification, they retrieve Credential Manifests and interpret them to determine issuance requirements, construct Credential to satisfy issuance requirements and submit them to Issuers, and receive and interpret Credential Responses.
§ Overview
The following representative sequence contextualizes the top-level objects described in this specification:
This specification covers only the data models of these objects and not the exchange protocols or architectural assumptions about how they get transported. Specifically:
- User Agent discovery of the Credential Manifest is determined by the protocol. For example, the Issuer may post a QR code which, when scanned, allows a User Agent to retrieve the Credential
- The Credential Response may be delivered in a synchronous or asynchronous manner, depending on the protocol. As an example of an asynchronous flow, the Issuer may define an endpoint at which the User Agent may check the issuance status and/or obtain Credential Response
§ Versioning
As this specification evolves, so will its object models. Future iterations of
the specifications should aim to provide backwards-compatibility and minimize
breaking changes. To track the evolution of this specification, all object
models this specification defines MUST include a spec_version
property, corresponding to the URI of the specification revision the object
models conform to.
{
"spec_version": "https://identity.foundation/credential-manifest/spec/v1.0.0/"
}
§ Credential Manifest
Credential Manifests are a resource format that defines preconditional requirements, Issuer style preferences, and other facets User Agents utilize to help articulate and select the inputs necessary for processing and issuance of a specified credential.
{
"id": "WA-DL-CLASS-A",
"spec_version": "https://identity.foundation/credential-manifest/spec/v1.0.0/",
"issuer": {
"id": "did:example:123?linked-domains=3",
"name": "Washington State Government",
"styles": {
"thumbnail": {
"uri": "https://dol.wa.com/logo.png",
"alt": "Washington State Seal"
},
"hero": {
"uri": "https://dol.wa.com/people-working.png",
"alt": "People working on serious things"
},
"background": {
"color": "#ff0000"
},
"text": {
"color": "#d4d400"
}
}
},
"output_descriptors": [
{
"id": "driver_license_output",
"schema": "https://schema.org/EducationalOccupationalCredential",
"display": {
"title": {
"path": ["$.name", "$.vc.name"],
"schema": {
"type": "string"
},
"fallback": "Washington State Driver License"
},
"subtitle": {
"path": ["$.class", "$.vc.class"],
"schema": {
"type": "string"
},
"fallback": "Class A, Commercial"
},
"description": {
"text": "License to operate a vehicle with a gross combined weight rating (GCWR) of 26,001 or more pounds, as long as the GVWR of the vehicle(s) being towed is over 10,000 pounds."
},
"properties": [
{
"path": ["$.donor", "$.vc.donor"],
"schema": {
"type": "boolean"
},
"fallback": "Unknown",
"label": "Organ Donor"
}
]
},
"styles": {
"thumbnail": {
"uri": "https://dol.wa.com/logo.png",
"alt": "Washington State Seal"
},
"hero": {
"uri": "https://dol.wa.com/happy-people-driving.png",
"alt": "Happy people driving"
},
"background": {
"color": "#ff0000"
},
"text": {
"color": "#d4d400"
}
}
}
],
"presentation_definition": {
"id": "test",
"input_descriptors": [
{
"id": "test input descriptor"
}
]
}
}
§ General Composition
Credential Manifests are JSON objects composed as follows:
- The object MUST contain an
id
property, and it’s value MUST be a string. The string SHOULD provide a unique ID for the desired context. For example, a UUID such as32f54163-7166-48f1-93d8-f f217bdb0653
could provide an ID that is unique in a global context, while a simple string such asmy_credential_manifest_1
could be suitably unique in a local context. - The object MAY contain a
name
property, and its value MUST be a string that acts as a summarizing title for the Manifest in question. - The object MAY contain a
description
property, and its value MUST be a string that explains what the Manifest in question is generally offering in exchange for meeting its requirements. - The object MUST contain a
spec_version
property, and its value MUST be a valid spec URI according to the rules set in the versioning section. - The object MUST contain an
issuer
property, and its value MUST be an object composed as follows:- The object MUST contain a
id
property, and its value MUST be a valid URI string that identifies who the issuer of the credential(s) will be. - The object MAY contain a
name
property, and its value MUST be a string that SHOULD reflect the human-readable name the Issuer wishes to be recognized by. - The object MAY contain a
styles
property, and its value MUST be an object or URI, as defined by the DIF Entity Styles specification.
- The object MUST contain a
- The object MUST contain an
output_descriptors
property. Its value MUST be an array of Output Descriptor Objects, the composition of which are described in theOutput Descriptor
section below. - The Credential Manifest MAY include a
format
property. If present, its value MUST be the same structure as Presentation Definition’sformat
property. This property informs the Holder of the Claim format the Issuer can issuer in. For example:
{
"credential_manifest": {
"id": "WA-DL-CLASS-A",
"name": "Washington State Class A Driver's License Application",
"description": "This application is for the Washington State Class A Driver's License, which requires an applicant to be of at least 18 years of age and provide proof of CDL training completion.",
"output_descriptors": [],
"spec_version": "https://identity.foundation/credential-manifest/spec/v1.0.0/",
"issuer": {
"id": "did:example:123?linked-domains=3",
"name": "Washington State Government",
"styles": {
"thumbnail": {
"uri": "https://dol.wa.com/logo.png",
"alt": "Washington State Seal"
},
"hero": {
"uri": "https://dol.wa.com/people-working.png",
"alt": "People working on serious things"
},
"background": {
"color": "#ff0000"
},
"text": {
"color": "#d4d400"
}
}
},
"format": {
"jwt": {
"alg": ["EdDSA", "ES256K", "ES384"]
},
"jwt_vc": {
"alg": ["ES256K", "ES384"]
},
"jwt_vp": {
"alg": ["EdDSA", "ES256K"]
},
"ldp_vc": {
"proof_type": [
"JsonWebSignature2020",
"Ed25519Signature2018",
"EcdsaSecp256k1Signature2019",
"RsaSignature2018"
]
},
"ldp_vp": {
"proof_type": ["Ed25519Signature2018"]
},
"ldp": {
"proof_type": ["RsaSignature2018"]
}
}
}
}
- The object MAY contain a
presentation_definition
object, and its value MUST be a Presentation Definition object, as defined by the Presentation Exchange specification.
§ Output Descriptor
Output Descriptors are objects used to describe the Claims an Issuer is offering to a Holder.
Output Descriptor Objects contain type URI that links to the type of the offered output data, and information about how to display the output to the Holder.
{
"output_descriptors": [
{
"id": "driver_license_output",
"schema": "https://schema.org/EducationalOccupationalCredential",
"display": {
"title": {
"path": ["$.name", "$.vc.name"],
"schema": {
"type": "string"
},
"fallback": "Washington State Driver License"
},
"subtitle": {
"path": ["$.class", "$.vc.class"],
"schema": {
"type": "string"
},
"fallback": "Class A, Commercial"
},
"description": {
"text": "License to operate a vehicle with a gross combined weight rating (GCWR) of 26,001 or more pounds, as long as the GVWR of the vehicle(s) being towed is over 10,000 pounds."
},
"properties": [
{
"path": ["$.donor", "$.vc.donor"],
"schema": {
"type": "boolean"
},
"fallback": "Unknown",
"label": "Organ Donor"
}
]
},
"styles": {
"thumbnail": {
"uri": "https://dol.wa.com/logo.png",
"alt": "Washington State Seal"
},
"hero": {
"uri": "https://dol.wa.com/happy-people-driving.png",
"alt": "Happy people driving"
},
"background": {
"color": "#ff0000"
},
"text": {
"color": "#d4d400"
}
}
}
]
}
§ Output Descriptor Object
Output Descriptor Objects are composed as follows:
- The Output Descriptor Object MUST contain an
id
property. The value of theid
property MUST be a string that does not conflict with theid
of another Output Descriptor Object in the same Credential Manifest. For example, theid
could be a UUID or a URI. - The Output Descriptor Object MUST contain a
schema
property, and its value MUST be a string specifying the schema of the credential to be issued. - The Output Descriptor Object MAY contain a
name
property, and if present its value SHOULD be a human-friendly name that describes what the credential represents. - The Output Descriptor Object MAY contain a
description
property, and if present its value MUST be a string that describes what the credential is in greater detail. - The Output Descriptor Object MAY contain a
styles
property, and its value MUST be an object or URI string, whose content is adherent to the Entity Styles JSON objects defined in the DIF Wallet Rendering specification. - The Output Descriptor Object MAY contain a
display
property, and its value MUSTbe an object or URI string, whose content is adherent to the Display Mapping JSON objects defined in the DIF Wallet Rendering specification.
§ JSON Schema
The JSON Schema Draft 7 definition that summarizes the rules above for Output Descriptors can be found after the appendix here.
§ JSON Schema
The JSON Schema Draft 7 definition that summarizes the rules above for Credential Manifest can be found after the appendix here.
§ Resource Location
Credential Manifests SHOULD be retrievable at known, semantic locations that are generalized across all entities, protocols, and transports. This specification does not stipulate how Credential Manifests must be located, hosted, or retrieved, but does advise that Issuers SHOULD make their Credential Manifests available via an instance of the forthcoming semantic personal data-store standard being developed by DIF, W3C, and other groups (e.g. Decentralized Web Nodes).
§ Credential Application
Credential Application are objects embedded within target claim negotiation formats that pass information from the Holder to the Issuer.
Credential Applications are JSON objects composed as follows:
- The object MUST contain an
id
property. The value of this property MUST be a unique identifier, such as a UUID. - The object MUST contain a
spec_version
property, and its value MUST be a valid spec URI according to the rules set in the versioning section. - The object MUST contain an
applicant
property, and its value MUST be a string. The value of this property MUST be a URI which uniquely identifies the applicant. - The object MUST contain a
manifest_id
property. The value of this property MUST be the id of a valid Credential Manifest. - The object MUST have a
format
property if the related Credential Manifest specifies aformat
property. Its value MUST be a subset of theformat
property in the Credential that this Credential Submission is related to. This object informs the Issuer which formats the Holder wants to receive the Claims in. - The Credential Application object MUST contain a
presentation_submission
property IF the related Credential Manifest contains apresentation_definition
. Its value MUST be a valid Presentation Submission as defined in the Presentation Exchange specification:
VP, OIDC, DIDComm, or CHAPI outer wrapper properties would be at outer layer
{
"id": "9b1deb4d-3b7d-4bad-9bdd-2b0d7b3dcb6d",
"spec_version": "https://identity.foundation/credential-manifest/spec/v1.0.0/",
"applicant": "did:example:123",
"manifest_id": "WA-DL-CLASS-A",
"format": {
"ldp_vc": {
"proof_type": [
"JsonWebSignature2020",
"EcdsaSecp256k1Signature2019"
]
}
},
"presentation_submission": {
"id": "a30e3b91-fb77-4d22-95fa-871689c322e2",
"definition_id": "32f54163-7166-48f1-93d8-ff217bdb0653",
"descriptor_map": [
{
"id": "input_1",
"format": "jwt_vc",
"path": "$.verifiableCredential[0]"
},
{
"id": "input_2",
"format": "ldp_vc",
"path": "$.verifiableCredential[1]"
},
{
"id": "input_3",
"format": "ldp_vc",
"path": "$.verifiableCredential[2]"
}
]
}
}
§ Embed Targets
The following section details where the credential_application
object is to be
embedded within a target data structure.
§ Embed Locations
The following are the locations at which the Credential Application object MUST be embedded for known target formats. For any location besides the top level of the embed target, the location is described in JSONPath syntax.
Target | Location |
---|---|
OpenID | top-level |
DIDComms | $.presentations~attach.data.json |
VP | top-level |
CHAPI | $.data |
§ JSON Schema
The JSON Schema Draft 7 definition that summarizes the rules above for Credential Application can be found after the appendix here.
§ Credential Response
Credential Responses are objects that encapsulate possible responses
from a Credential Application, with two possible outcomes: fulfillment
or denial. Fulfillment is the case where a Credential Application is
accepted, and results in credential issuance. Fulfillments are embedded within
target Claim negotiation formats that express how the outputs presented
as proofs to a Holder are provided in accordance with the outputs
specified in a Credential Manifest. Rejection is the case where a
Credential Application is denied, and results in a response of
pertitent information about the rejection. Embedded Credential Response
objects MUST be located within target data format as the value of a
credential_response
property, which is composed and embedded as follows:
- The object MUST be included at the top-level of an Embed Target, or in the specific location described in the Embed Locations table in the Embed Target section below.
- The object MUST contain an
id
property. The value of this property MUST be a unique identifier, such as a UUID. - The object MUST contain a
spec_version
property, and its value MUST be a valid spec URI according to the rules set in the versioning section. - The object MUST contain an
applicant
property, and its valueMUST be a string. The value of this property MUST be a URI which uniquely identifies the applicant. - The object MUST contain a
manifest_id
property. The value of this property MUST be theid
value of a valid Credential. - The object MAY contain an
application_id
property. If present, the value of this property MUST be theid
value of a valid Credential Application. - The object MUST contain one of the following properties depending
on whether the application is to be fulfilled or rejected.
- For fulfillment the object MUST contain a
fulfillment
property and its value MUST be an object composed as follows:- The object MUST include a
descriptor_map
property. The value of this property MUST be an array of Output Descriptor Mapping Objects, just like Presentation Submission’sdescriptor_map
property as defined in the Presentation Exchange specification.
- The object MUST include a
- For denial the object MUST contain a
denial
property and its value MUST be an object composed as follows:- The object MUST contain a
reason
property . The value of this property MUST be a string which states why the Credential was not successful. - The object MAY contain an
input_descriptors
property IF the related Credential Application contains apresentation_submission
. It’s value MUST be an array ofinput_descriptor
string identifiers from thedescriptor_map
property of a Presentation Submission, as defined in the Presentation Exchange specification, corresponding to the claims that failed to fulfill the Credential Application.
- The object MUST contain a
- For fulfillment the object MUST contain a
// NOTE: VP, OIDC, DIDComm, or CHAPI outer wrapper properties would be at outer layer
{
"id": "a30e3b91-fb77-4d22-95fa-871689c322e2",
"spec_version": "https://identity.foundation/credential-manifest/spec/v1.0.0/",
"applicant": "did:example:123",
"manifest_id": "32f54163-7166-48f1-93d8-ff217bdb0653",
"application_id": "b6385066-147c-49d0-9783-261a2154b1fd",
"fulfillment": {
"descriptor_map": [
{
"id": "banking_output_2",
"format": "jwt_vc",
"path": "$.verifiableCredential[0]"
},
{
"id": "employment_output",
"format": "ldp_vc",
"path": "$.verifiableCredential[1]"
},
{
"id": "citizenship_output_1",
"format": "ldp_vc",
"path": "$.verifiableCredential[2]"
}
]
}
}
{
"id": "a30e3b91-fb77-4d22-95fa-871689c322e2",
"spec_version": "https://identity.foundation/credential-manifest/spec/v1.0.0/",
"applicant": "did:example:123",
"manifest_id": "32f54163-7166-48f1-93d8-ff217bdb0653",
"application_id": "b6385066-147c-49d0-9783-261a2154b1fd",
"denial": {
"reason": "Input descriptors 1 and 3 use non-matching schemas.",
"input_descriptors": ["id-1", "id-3"]
}
}
§ Embed Targets
The following section details where the Credential Response is to be embedded within a target data structure, as well as how to formulate the JSONPath expressions to select the Claims within the target data structure.
§ Embed Locations
The following are the locations at which the credential_response
object
MUST be embedded for known target formats. For any location besides the
top level of the embed target, the location is described in JSONPath syntax.
Target | Location |
---|---|
OpenID | top-level |
DIDComms | $.presentations~attach.data.json |
VP | top-level |
CHAPI | $.data |
§ JSON Schema
The JSON Schema Draft 7 definition that summarizes the rules above for Credential Response can be found after the appendix here.
§ Input Evaluation
Input is evaluated from two perspectives: that of the Issuer, who creates a Credential Manifest and from that of the User Agent, who responds to a Manifest with a Credential Application.
A User Agent first processes a Credential Manifest in order to
generate a valid Credential Application. If a
Credential Manifest includes a presentation_definition
property, the
User Agent MUST include a valid Presentation
Submission
in the presentation_submission
property of its corresponding Credential.
An Issuer MUST evaluate the input against the associated Credential Manifest. If the Credential Application contains a Presentation Submission, it MUST be processed as specified in Presentation Exchange: Input Evaluation.
§ Appendix
§ Embed Target Examples
§ Credential Manifest
eyJhbGciOiJFZERTQSIsImtpZCI6ImRpZDpleGFtcGxlOmViZmViMWY3MTJlYmM2ZjFjMjc2ZTEyZWMyMSIsInR5cCI6IkpXVCJ9.eyJjcmVkZW50aWFsX21hbmlmZXN0Ijp7ImZvcm1hdCI6eyJqd3RfdmMiOnsiYWxnIjpbIkVkRFNBIl19fSwiaWQiOiIzMmY1NDE2My03MTY2LTQ4ZjEtOTNkOC1mZjIxN2JkYjA2NTMiLCJpc3N1ZXIiOnsiaWQiOiJkaWQ6ZXhhbXBsZTplYmZlYjFmNzEyZWJjNmYxYzI3NmUxMmVjMjEifSwib3V0cHV0X2Rlc2NyaXB0b3JzIjpbeyJkZXNjcmlwdGlvbiI6ImRyaXZlcnMgbGljZW5zZSBjcmVkZW50aWFsIiwiaWQiOiJkcml2ZXJzX2xpY2Vuc2UiLCJzY2hlbWEiOiJodHRwczovL2V1LmNvbS9jbGFpbXMvRHJpdmVyc0xpY2Vuc2UifSx7ImRlc2NyaXB0aW9uIjoiZW1wbG95bWVudCBoaXN0b3J5IGNyZWRlbnRpYWwiLCJpZCI6ImVtcGxveW1lbnRfaGlzdG9yeSIsInNjaGVtYSI6Imh0dHBzOi8vYnVzaW5lc3Mtc3RhbmRhcmRzLm9yZy9zY2hlbWFzL2VtcGxveW1lbnQtaGlzdG9yeS5qc29uIn1dLCJwcmVzZW50YXRpb25fZGVmaW5pdGlvbiI6eyJpZCI6ImZmMjE3YmRiMDY1My0zMmY1NDE2My03MTY2LTQ4ZjEtOTNkOCIsImlucHV0X2Rlc2NyaXB0b3JzIjpbeyJjb25zdHJhaW50cyI6eyJmaWVsZHMiOlt7ImlkIjoibGljZW5zZV9zY2hlbWEiLCJwYXRoIjpbIiQuY3JlZGVudGlhbFNjaGVtYS5pZCJdfSx7ImlkIjoibGljZW5zZV9udW1iZXIiLCJwYXRoIjpbIiQuY3JlZGVudGlhbFN1YmplY3QubGljZW5zZU51bWJlciJdfSx7ImlkIjoibGljZW5zZV9zdGF0ZSIsInBhdGgiOlsiJC5jcmVkZW50aWFsU3ViamVjdC5saWNlbnNlU3RhdGUiXX1dfSwiaWQiOiJsaWNlbnNlX2lucHV0In0seyJjb25zdHJhaW50cyI6eyJmaWVsZHMiOlt7ImlkIjoiZW1wbG95bWVudF9zY2hlbWEiLCJwYXRoIjpbIiQuY3JlZGVudGlhbFNjaGVtYS5pZCJdfSx7ImlkIjoiZW1wbG95ZXJfbmFtZSIsInBhdGgiOlsiJC5jcmVkZW50aWFsU3ViamVjdC5lbXBsb3llck5hbWUiXX1dfSwiaWQiOiJlbXBsb3ltZW50X2lucHV0In1dLCJuYW1lIjoiUmVxdWlyZW1lbnRzIGZvciBhIG5ldyBsaWNlbnNlIGFuZCBlbXBsb3ltZW50IGhpc3RvcnkifSwic3BlY192ZXJzaW9uIjoiaHR0cHM6Ly9pZGVudGl0eS5mb3VuZGF0aW9uL2NyZWRlbnRpYWwtbWFuaWZlc3Qvc3BlYy92MS4wLjAvIn0sImlhdCI6MTY2NzUzMTc5NiwiaXNzIjoiZGlkOmV4YW1wbGU6ZWJmZWIxZjcxMmViYzZmMWMyNzZlMTJlYzIxIn0.PCrXyRHOglEBpDPcqCkNo8BSURcEVVgp0ukJGHzvhjeTTYHXB0V5Fu-G6jLx1JVMXcXHlwaDTXitxpnc9ULBBg
{
"credential_application": {
"format": {
"jwt_vc": {
"alg": [
"EdDSA"
]
}
},
"id": "9b1deb4d-3b7d-4bad-9bdd-2b0d7b3dcb6d",
"manifest_id": "WA-DL-CLASS-A",
"presentation_submission": {
"definition_id": "32f54163-7166-48f1-93d8-ff217bdb0653",
"descriptor_map": [
{
"format": "jwt_vc",
"id": "input_1",
"path": "$.verifiableCredential[0]"
},
{
"format": "jwt_vc",
"id": "input_2",
"path": "$.verifiableCredential[1]"
}
],
"id": "a30e3b91-fb77-4d22-95fa-871689c322e2"
},
"spec_version": "https://identity.foundation/credential-manifest/spec/v1.0.0/"
},
"iat": 1667533138,
"iss": "did:example:ebfeb1f712ebc6f1c276e12ec21",
"verifiableCredentials": [
"eyJhbGciOiJFZERTQSIsImtpZCI6ImRpZDpleGFtcGxlOmViZmViMWY3MTJlYmM2ZjFjMjc2ZTEyZWMyMSIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJkaWQ6ZXhhbXBsZToxMjMiLCJqdGkiOiJodHRwczovL2V1LmNvbS9jbGFpbXMvRHJpdmVyc0xpY2Vuc2UiLCJuYmYiOjE2Njc1MzMxMzgxNzAxNjYwMDAsInN1YiI6ImRpZDpleGFtcGxlOmViZmViMWY3MTJlYmM2ZjFjMjc2ZTEyZWMyMSIsInZjIjp7IkBjb250ZXh0IjpbImh0dHBzOi8vd3d3LnczLm9yZy8yMDE4L2NyZWRlbnRpYWxzL3YxIl0sImlkIjoiaHR0cHM6Ly9ldS5jb20vY2xhaW1zL0RyaXZlcnNMaWNlbnNlIiwidHlwZSI6WyJFVURyaXZlcnNMaWNlbnNlIl0sImlzc3VlciI6ImRpZDpleGFtcGxlOjEyMyIsImlzc3VhbmNlRGF0ZSI6IjIwMTAtMDEtMDFUMTk6NzM6MjRaIiwiY3JlZGVudGlhbFN1YmplY3QiOnsiYWNjb3VudHMiOlt7ImlkIjoiMTIzNDU2Nzg5MCIsInJvdXRlIjoiREUtOTg3NjU0MzIxMCJ9LHsiaWQiOiIyNDU3OTEzNTcwIiwicm91dGUiOiJERS0wNzUzMTk3NTQyIn1dLCJpZCI6ImRpZDpleGFtcGxlOmViZmViMWY3MTJlYmM2ZjFjMjc2ZTEyZWMyMSJ9fX0.0Zs5pTrsndwqbrMVwSUUbL04u1lRM7knmCbAshXwPP1c_sPpqn9sBakPNOdAgD_AXLXPg8K0CZVl5mFdQ_eBDQ",
"eyJhbGciOiJFZERTQSIsImtpZCI6ImRpZDpleGFtcGxlOmViZmViMWY3MTJlYmM2ZjFjMjc2ZTEyZWMyMSIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJkaWQ6Zm9vOjEyMyIsImp0aSI6Imh0dHBzOi8vYnVzaW5lc3Mtc3RhbmRhcmRzLm9yZy9zY2hlbWFzL2VtcGxveW1lbnQtaGlzdG9yeS5qc29uIiwibmJmIjoxNjY3NTMzMTM4MTcwMzcyMDAwLCJzdWIiOiJkaWQ6ZXhhbXBsZTplYmZlYjFmNzEyZWJjNmYxYzI3NmUxMmVjMjEiLCJ2YyI6eyJAY29udGV4dCI6WyJodHRwczovL3d3dy53My5vcmcvMjAxOC9jcmVkZW50aWFscy92MSJdLCJpZCI6Imh0dHBzOi8vYnVzaW5lc3Mtc3RhbmRhcmRzLm9yZy9zY2hlbWFzL2VtcGxveW1lbnQtaGlzdG9yeS5qc29uIiwidHlwZSI6WyJWZXJpZmlhYmxlQ3JlZGVudGlhbCIsIkdlbmVyaWNFbXBsb3ltZW50Q3JlZGVudGlhbCJdLCJpc3N1ZXIiOiJkaWQ6Zm9vOjEyMyIsImlzc3VhbmNlRGF0ZSI6IjIwMTAtMDEtMDFUMTk6NzM6MjRaIiwiY3JlZGVudGlhbFN1YmplY3QiOnsiYWN0aXZlIjp0cnVlLCJpZCI6ImRpZDpleGFtcGxlOmViZmViMWY3MTJlYmM2ZjFjMjc2ZTEyZWMyMSJ9fX0.VzSo1f2LaCuGkSDeiIXbQsONbRI_75LYCNHCSVwOkY05oGj6kgxagHUW-8Qii5BheWCcBh3EU8jYrfqnNtFMAQ"
]
}
§ Credential Application
{
"@context": [
"https://www.w3.org/2018/credentials/v1",
"https://identity.foundation/credential-manifest/application/v1"
],
"type": [
"VerifiablePresentation",
"CredentialApplication"
],
"credential_application": {
"id": "9b1deb4d-3b7d-4bad-9bdd-2b0d7b3dcb6d",
"spec_version": "https://identity.foundation/credential-manifest/spec/v1.0.0/",
"applicant": "did:example:123",
"manifest_id": "WA-DL-CLASS-A",
"format": {
"ldp_vc": {
"proof_type": [
"JsonWebSignature2020",
"EcdsaSecp256k1Signature2019"
]
}
},
"presentation_submission": {
"id": "a30e3b91-fb77-4d22-95fa-871689c322e2",
"definition_id": "32f54163-7166-48f1-93d8-ff217bdb0653",
"descriptor_map": [
{
"id": "input_1",
"format": "jwt_vc",
"path": "$.verifiableCredential[0]"
},
{
"id": "input_2",
"format": "ldp_vc",
"path": "$.verifiableCredential[1]"
},
{
"id": "input_3",
"format": "ldp_vc",
"path": "$.verifiableCredential[2]"
}
]
}
},
"verifiableCredential": [
{
"comment": "IN REALWORLD VPs, THIS WILL BE A BIG UGLY OBJECT INSTEAD OF THE DECODED JWT PAYLOAD THAT FOLLOWS",
"vc": {
"@context": "https://www.w3.org/2018/credentials/v1",
"id": "https://eu.com/claims/DriversLicense",
"type": ["EUDriversLicense"],
"issuer": "did:example:123",
"issuanceDate": "2010-01-01T19:73:24Z",
"credentialSubject": {
"id": "did:example:ebfeb1f712ebc6f1c276e12ec21",
"accounts": [
{
"id": "1234567890",
"route": "DE-9876543210"
},
{
"id": "2457913570",
"route": "DE-0753197542"
}
]
}
}
},
{
"@context": "https://www.w3.org/2018/credentials/v1",
"id": "https://business-standards.org/schemas/employment-history.json",
"type": ["VerifiableCredential", "GenericEmploymentCredential"],
"issuer": "did:foo:123",
"issuanceDate": "2010-01-01T19:73:24Z",
"credentialSubject": {
"id": "did:example:ebfeb1f712ebc6f1c276e12ec21",
"active": true
},
"proof": {
"type": "EcdsaSecp256k1VerificationKey2019",
"created": "2017-06-18T21:19:10Z",
"proofPurpose": "assertionMethod",
"verificationMethod": "https://example.edu/issuers/keys/1",
"jws": "..."
}
},
{
"@context": "https://www.w3.org/2018/credentials/v1",
"id": "https://eu.com/claims/DriversLicense",
"type": ["EUDriversLicense"],
"issuer": "did:foo:123",
"issuanceDate": "2010-01-01T19:73:24Z",
"credentialSubject": {
"id": "did:example:ebfeb1f712ebc6f1c276e12ec21",
"license": {
"number": "34DGE352",
"dob": "07/13/80"
}
},
"proof": {
"type": "RsaSignature2018",
"created": "2017-06-18T21:19:10Z",
"proofPurpose": "assertionMethod",
"verificationMethod": "https://example.edu/issuers/keys/1",
"jws": "..."
}
}
],
"proof": {
"type": "RsaSignature2018",
"created": "2018-09-14T21:19:10Z",
"proofPurpose": "authentication",
"verificationMethod": "did:example:ebfeb1f712ebc6f1c276e12ec21#keys-1",
"challenge": "1f44d55f-f161-4938-a659-f8026467f126",
"domain": "4jt78h47fh47",
"jws": "..."
}
}
eyJhbGciOiJFZERTQSIsImtpZCI6ImRpZDpleGFtcGxlOmViZmViMWY3MTJlYmM2ZjFjMjc2ZTEyZWMyMSIsInR5cCI6IkpXVCJ9.eyJjcmVkZW50aWFsX2FwcGxpY2F0aW9uIjp7ImZvcm1hdCI6eyJqd3RfdmMiOnsiYWxnIjpbIkVkRFNBIl19fSwiaWQiOiI5YjFkZWI0ZC0zYjdkLTRiYWQtOWJkZC0yYjBkN2IzZGNiNmQiLCJtYW5pZmVzdF9pZCI6IldBLURMLUNMQVNTLUEiLCJwcmVzZW50YXRpb25fc3VibWlzc2lvbiI6eyJkZWZpbml0aW9uX2lkIjoiMzJmNTQxNjMtNzE2Ni00OGYxLTkzZDgtZmYyMTdiZGIwNjUzIiwiZGVzY3JpcHRvcl9tYXAiOlt7ImZvcm1hdCI6Imp3dF92YyIsImlkIjoiaW5wdXRfMSIsInBhdGgiOiIkLnZlcmlmaWFibGVDcmVkZW50aWFsWzBdIn0seyJmb3JtYXQiOiJqd3RfdmMiLCJpZCI6ImlucHV0XzIiLCJwYXRoIjoiJC52ZXJpZmlhYmxlQ3JlZGVudGlhbFsxXSJ9XSwiaWQiOiJhMzBlM2I5MS1mYjc3LTRkMjItOTVmYS04NzE2ODljMzIyZTIifSwic3BlY192ZXJzaW9uIjoiaHR0cHM6Ly9pZGVudGl0eS5mb3VuZGF0aW9uL2NyZWRlbnRpYWwtbWFuaWZlc3Qvc3BlYy92MS4wLjAvIn0sImlhdCI6MTY2NzUzMzEzOCwiaXNzIjoiZGlkOmV4YW1wbGU6ZWJmZWIxZjcxMmViYzZmMWMyNzZlMTJlYzIxIiwidmVyaWZpYWJsZUNyZWRlbnRpYWxzIjpbImV5SmhiR2NpT2lKRlpFUlRRU0lzSW10cFpDSTZJbVJwWkRwbGVHRnRjR3hsT21WaVptVmlNV1kzTVRKbFltTTJaakZqTWpjMlpURXlaV015TVNJc0luUjVjQ0k2SWtwWFZDSjkuZXlKcGMzTWlPaUprYVdRNlpYaGhiWEJzWlRveE1qTWlMQ0pxZEdraU9pSm9kSFJ3Y3pvdkwyVjFMbU52YlM5amJHRnBiWE12UkhKcGRtVnljMHhwWTJWdWMyVWlMQ0p1WW1ZaU9qRTJOamMxTXpNeE16Z3hOekF4TmpZd01EQXNJbk4xWWlJNkltUnBaRHBsZUdGdGNHeGxPbVZpWm1WaU1XWTNNVEpsWW1NMlpqRmpNamMyWlRFeVpXTXlNU0lzSW5aaklqcDdJa0JqYjI1MFpYaDBJanBiSW1oMGRIQnpPaTh2ZDNkM0xuY3pMbTl5Wnk4eU1ERTRMMk55WldSbGJuUnBZV3h6TDNZeElsMHNJbWxrSWpvaWFIUjBjSE02THk5bGRTNWpiMjB2WTJ4aGFXMXpMMFJ5YVhabGNuTk1hV05sYm5ObElpd2lkSGx3WlNJNld5SkZWVVJ5YVhabGNuTk1hV05sYm5ObElsMHNJbWx6YzNWbGNpSTZJbVJwWkRwbGVHRnRjR3hsT2pFeU15SXNJbWx6YzNWaGJtTmxSR0YwWlNJNklqSXdNVEF0TURFdE1ERlVNVGs2TnpNNk1qUmFJaXdpWTNKbFpHVnVkR2xoYkZOMVltcGxZM1FpT25zaVlXTmpiM1Z1ZEhNaU9sdDdJbWxrSWpvaU1USXpORFUyTnpnNU1DSXNJbkp2ZFhSbElqb2lSRVV0T1RnM05qVTBNekl4TUNKOUxIc2lhV1FpT2lJeU5EVTNPVEV6TlRjd0lpd2ljbTkxZEdVaU9pSkVSUzB3TnpVek1UazNOVFF5SW4xZExDSnBaQ0k2SW1ScFpEcGxlR0Z0Y0d4bE9tVmlabVZpTVdZM01USmxZbU0yWmpGak1qYzJaVEV5WldNeU1TSjlmWDAuMFpzNXBUcnNuZHdxYnJNVndTVVViTDA0dTFsUk03a25tQ2JBc2hYd1BQMWNfc1BwcW45c0Jha1BOT2RBZ0RfQVhMWFBnOEswQ1pWbDVtRmRRX2VCRFEiLCJleUpoYkdjaU9pSkZaRVJUUVNJc0ltdHBaQ0k2SW1ScFpEcGxlR0Z0Y0d4bE9tVmlabVZpTVdZM01USmxZbU0yWmpGak1qYzJaVEV5WldNeU1TSXNJblI1Y0NJNklrcFhWQ0o5LmV5SnBjM01pT2lKa2FXUTZabTl2T2pFeU15SXNJbXAwYVNJNkltaDBkSEJ6T2k4dlluVnphVzVsYzNNdGMzUmhibVJoY21SekxtOXlaeTl6WTJobGJXRnpMMlZ0Y0d4dmVXMWxiblF0YUdsemRHOXllUzVxYzI5dUlpd2libUptSWpveE5qWTNOVE16TVRNNE1UY3dNemN5TURBd0xDSnpkV0lpT2lKa2FXUTZaWGhoYlhCc1pUcGxZbVpsWWpGbU56RXlaV0pqTm1ZeFl6STNObVV4TW1Wak1qRWlMQ0oyWXlJNmV5SkFZMjl1ZEdWNGRDSTZXeUpvZEhSd2N6b3ZMM2QzZHk1M015NXZjbWN2TWpBeE9DOWpjbVZrWlc1MGFXRnNjeTkyTVNKZExDSnBaQ0k2SW1oMGRIQnpPaTh2WW5WemFXNWxjM010YzNSaGJtUmhjbVJ6TG05eVp5OXpZMmhsYldGekwyVnRjR3h2ZVcxbGJuUXRhR2x6ZEc5eWVTNXFjMjl1SWl3aWRIbHdaU0k2V3lKV1pYSnBabWxoWW14bFEzSmxaR1Z1ZEdsaGJDSXNJa2RsYm1WeWFXTkZiWEJzYjNsdFpXNTBRM0psWkdWdWRHbGhiQ0pkTENKcGMzTjFaWElpT2lKa2FXUTZabTl2T2pFeU15SXNJbWx6YzNWaGJtTmxSR0YwWlNJNklqSXdNVEF0TURFdE1ERlVNVGs2TnpNNk1qUmFJaXdpWTNKbFpHVnVkR2xoYkZOMVltcGxZM1FpT25zaVlXTjBhWFpsSWpwMGNuVmxMQ0pwWkNJNkltUnBaRHBsZUdGdGNHeGxPbVZpWm1WaU1XWTNNVEpsWW1NMlpqRmpNamMyWlRFeVpXTXlNU0o5ZlgwLlZ6U28xZjJMYUN1R2tTRGVpSVhiUXNPTmJSSV83NUxZQ05IQ1NWd09rWTA1b0dqNmtneGFnSFVXLThRaWk1QmhlV0NjQmgzRVU4allyZnFuTnRGTUFRIl19.zyfAs5yD_N5W-6WSwRABuNtKaMQA0YImiAIOBU9fKV51KA4AORlvvA_3svWAsDZFK6ZvH-fKzF70k4OYS04vBQ
{
"credential_application": {
"id": "9b1deb4d-3b7d-4bad-9bdd-2b0d7b3dcb6d",
"spec_version": "https://identity.foundation/credential-manifest/spec/v1.0.0/",
"applicant": "did:example:123",
"manifest_id": "WA-DL-CLASS-A",
"format": {
"ldp_vc": {
"proof_type": [
"JsonWebSignature2020",
"EcdsaSecp256k1Signature2019"
]
}
},
"presentation_submission": {
"id": "a30e3b91-fb77-4d22-95fa-871689c322e2",
"definition_id": "32f54163-7166-48f1-93d8-ff217bdb0653",
"descriptor_map": [
{
"id": "input_1",
"format": "jwt_vc",
"path": "$.verifiableCredential[0]"
},
{
"id": "input_2",
"format": "ldp_vc",
"path": "$.verifiableCredential[1]"
},
{
"id": "input_3",
"format": "ldp_vc",
"path": "$.verifiableCredential[2]"
}
]
}
},
"verifiableCredential": [
{
"comment": "IN REALWORLD VPs, THIS WILL BE A BIG UGLY OBJECT INSTEAD OF THE DECODED JWT PAYLOAD THAT FOLLOWS",
"vc": {
"@context": "https://www.w3.org/2018/credentials/v1",
"id": "https://eu.com/claims/DriversLicense",
"type": ["EUDriversLicense"],
"issuer": "did:example:123",
"issuanceDate": "2010-01-01T19:73:24Z",
"credentialSubject": {
"id": "did:example:ebfeb1f712ebc6f1c276e12ec21",
"accounts": [
{
"id": "1234567890",
"route": "DE-9876543210"
},
{
"id": "2457913570",
"route": "DE-0753197542"
}
]
}
}
},
{
"@context": "https://www.w3.org/2018/credentials/v1",
"id": "https://business-standards.org/schemas/employment-history.json",
"type": ["VerifiableCredential", "GenericEmploymentCredential"],
"issuer": "did:foo:123",
"issuanceDate": "2010-01-01T19:73:24Z",
"credentialSubject": {
"id": "did:example:ebfeb1f712ebc6f1c276e12ec21",
"active": true
},
"proof": {
"type": "EcdsaSecp256k1VerificationKey2019",
"created": "2017-06-18T21:19:10Z",
"proofPurpose": "assertionMethod",
"verificationMethod": "https://example.edu/issuers/keys/1",
"jws": "..."
}
},
{
"@context": "https://www.w3.org/2018/credentials/v1",
"id": "https://eu.com/claims/DriversLicense",
"type": ["EUDriversLicense"],
"issuer": "did:foo:123",
"issuanceDate": "2010-01-01T19:73:24Z",
"credentialSubject": {
"id": "did:example:ebfeb1f712ebc6f1c276e12ec21",
"license": {
"number": "34DGE352",
"dob": "07/13/80"
}
},
"proof": {
"type": "RsaSignature2018",
"created": "2017-06-18T21:19:10Z",
"proofPurpose": "assertionMethod",
"verificationMethod": "https://example.edu/issuers/keys/1",
"jws": "..."
}
}
]
}
§ Credential Response
{
"@context": [
"https://www.w3.org/2018/credentials/v1",
"https://identity.foundation/credential-manifest/response/v1"
],
"type": [
"VerifiablePresentation",
"CredentialResponse"
],
"credential_response": {
"id": "a30e3b91-fb77-4d22-95fa-871689c322e2",
"spec_version": "https://identity.foundation/credential-manifest/spec/v1.0.0/",
"applicant": "did:example:123",
"manifest_id": "32f54163-7166-48f1-93d8-ff217bdb0653",
"application_id": "9b1deb4d-3b7d-4bad-9bdd-2b0d7b3dcb6d",
"fulfillment": {
"descriptor_map": [
{
"id": "banking_output_2",
"format": "jwt_vc",
"path": "$.verifiableCredential[0]"
},
{
"id": "employment_output",
"format": "ldp_vc",
"path": "$.verifiableCredential[1]"
},
{
"id": "citizenship_output_1",
"format": "ldp_vc",
"path": "$.verifiableCredential[2]"
}
]
}
},
"verifiableCredential": [
{
"comment": "IN REALWORLD VPs, THIS WILL BE A BIG UGLY OBJECT INSTEAD OF THE DECODED JWT PAYLOAD THAT FOLLOWS",
"vc": {
"@context": "https://www.w3.org/2018/credentials/v1",
"id": "https://eu.com/claims/DriversLicense",
"type": [
"EUDriversLicense"
],
"issuer": "did:example:123",
"issuanceDate": "2010-01-01T19:73:24Z",
"credentialSubject": {
"id": "did:example:ebfeb1f712ebc6f1c276e12ec21",
"accounts": [
{
"id": "1234567890",
"route": "DE-9876543210"
},
{
"id": "2457913570",
"route": "DE-0753197542"
}
]
}
}
},
{
"@context": "https://www.w3.org/2018/credentials/v1",
"id": "https://business-standards.org/schemas/employment-history.json",
"type": [
"VerifiableCredential",
"GenericEmploymentCredential"
],
"issuer": "did:foo:123",
"issuanceDate": "2010-01-01T19:73:24Z",
"credentialSubject": {
"id": "did:example:ebfeb1f712ebc6f1c276e12ec21",
"active": true
},
"proof": {
"type": "EcdsaSecp256k1VerificationKey2019",
"created": "2017-06-18T21:19:10Z",
"proofPurpose": "assertionMethod",
"verificationMethod": "https://example.edu/issuers/keys/1",
"jws": "..."
}
},
{
"@context": "https://www.w3.org/2018/credentials/v1",
"id": "https://eu.com/claims/DriversLicense",
"type": [
"EUDriversLicense"
],
"issuer": "did:foo:123",
"issuanceDate": "2010-01-01T19:73:24Z",
"credentialSubject": {
"id": "did:example:ebfeb1f712ebc6f1c276e12ec21",
"license": {
"number": "34DGE352",
"dob": "07/13/80"
}
},
"proof": {
"type": "RsaSignature2018",
"created": "2017-06-18T21:19:10Z",
"proofPurpose": "assertionMethod",
"verificationMethod": "https://example.edu/issuers/keys/1",
"jws": "..."
}
}
],
"proof": {
"type": "RsaSignature2018",
"created": "2018-09-14T21:19:10Z",
"proofPurpose": "authentication",
"verificationMethod": "did:example:ebfeb1f712ebc6f1c276e12ec21#keys-1",
"challenge": "1f44d55f-f161-4938-a659-f8026467f126",
"domain": "4jt78h47fh47",
"jws": "..."
}
}
eyJhbGciOiJFZERTQSIsImtpZCI6ImRpZDpleGFtcGxlOmViZmViMWY3MTJlYmM2ZjFjMjc2ZTEyZWMyMSIsInR5cCI6IkpXVCJ9.eyJjcmVkZW50aWFsX3Jlc3BvbnNlIjp7ImFwcGxpY2F0aW9uX2lkIjoiOWIxZGViNGQtM2I3ZC00YmFkLTliZGQtMmIwZDdiM2RjYjZkIiwiZnVsZmlsbG1lbnQiOnsiZGVzY3JpcHRvcl9tYXAiOlt7ImZvcm1hdCI6Imp3dF92YyIsImlkIjoibGljZW5zZV9vdXRwdXQiLCJwYXRoIjoiJC52ZXJpZmlhYmxlQ3JlZGVudGlhbFswXSJ9LHsiZm9ybWF0Ijoiand0X3ZjIiwiaWQiOiJlbXBsb3ltZW50X291dHB1dCIsInBhdGgiOiIkLnZlcmlmaWFibGVDcmVkZW50aWFsWzFdIn1dfSwiaWQiOiJhMzBlM2I5MS1mYjc3LTRkMjItOTVmYS04NzE2ODljMzIyZTIiLCJtYW5pZmVzdF9pZCI6IjMyZjU0MTYzLTcxNjYtNDhmMS05M2Q4LWZmMjE3YmRiMDY1MyIsInNwZWNfdmVyc2lvbiI6Imh0dHBzOi8vaWRlbnRpdHkuZm91bmRhdGlvbi9jcmVkZW50aWFsLW1hbmlmZXN0L3NwZWMvdjEuMC4wLyJ9LCJpYXQiOjE2Njc1MzM2MTUsImlzcyI6ImRpZDpleGFtcGxlOmViZmViMWY3MTJlYmM2ZjFjMjc2ZTEyZWMyMSIsInZlcmlmaWFibGVDcmVkZW50aWFscyI6WyJleUpoYkdjaU9pSkZaRVJUUVNJc0ltdHBaQ0k2SW1ScFpEcGxlR0Z0Y0d4bE9tVmlabVZpTVdZM01USmxZbU0yWmpGak1qYzJaVEV5WldNeU1TSXNJblI1Y0NJNklrcFhWQ0o5LmV5SnBjM01pT2lKa2FXUTZaWGhoYlhCc1pUb3hNak1pTENKcWRHa2lPaUpvZEhSd2N6b3ZMMlYxTG1OdmJTOWpiR0ZwYlhNdlJISnBkbVZ5YzB4cFkyVnVjMlVpTENKdVltWWlPakUyTmpjMU16TTJNVFV6TURVMk16a3dNREFzSW5OMVlpSTZJbVJwWkRwbGVHRnRjR3hsT21WaVptVmlNV1kzTVRKbFltTTJaakZqTWpjMlpURXlaV015TVNJc0luWmpJanA3SWtCamIyNTBaWGgwSWpwYkltaDBkSEJ6T2k4dmQzZDNMbmN6TG05eVp5OHlNREU0TDJOeVpXUmxiblJwWVd4ekwzWXhJbDBzSW1sa0lqb2lhSFIwY0hNNkx5OWxkUzVqYjIwdlkyeGhhVzF6TDBSeWFYWmxjbk5NYVdObGJuTmxJaXdpZEhsd1pTSTZXeUpGVlVSeWFYWmxjbk5NYVdObGJuTmxJbDBzSW1semMzVmxjaUk2SW1ScFpEcGxlR0Z0Y0d4bE9qRXlNeUlzSW1semMzVmhibU5sUkdGMFpTSTZJakl3TVRBdE1ERXRNREZVTVRrNk56TTZNalJhSWl3aVkzSmxaR1Z1ZEdsaGJGTjFZbXBsWTNRaU9uc2lZV05qYjNWdWRITWlPbHQ3SW1sa0lqb2lNVEl6TkRVMk56ZzVNQ0lzSW5KdmRYUmxJam9pUkVVdE9UZzNOalUwTXpJeE1DSjlMSHNpYVdRaU9pSXlORFUzT1RFek5UY3dJaXdpY205MWRHVWlPaUpFUlMwd056VXpNVGszTlRReUluMWRMQ0pwWkNJNkltUnBaRHBsZUdGdGNHeGxPbVZpWm1WaU1XWTNNVEpsWW1NMlpqRmpNamMyWlRFeVpXTXlNU0o5ZlgwLlJkS2E1NldDT0V2SlFxNnp0QmhEZHJDUlNtLXpYeWFBbnlWTVJsclcwV1RsdkUyMjV3OHVuZDl2U2g2V1h6cGVxQnpXemhlMzBRc3kwekd3dzZkcUNRIiwiZXlKaGJHY2lPaUpGWkVSVFFTSXNJbXRwWkNJNkltUnBaRHBsZUdGdGNHeGxPbVZpWm1WaU1XWTNNVEpsWW1NMlpqRmpNamMyWlRFeVpXTXlNU0lzSW5SNWNDSTZJa3BYVkNKOS5leUpwYzNNaU9pSmthV1E2Wm05dk9qRXlNeUlzSW1wMGFTSTZJbWgwZEhCek9pOHZZblZ6YVc1bGMzTXRjM1JoYm1SaGNtUnpMbTl5Wnk5elkyaGxiV0Z6TDJWdGNHeHZlVzFsYm5RdGFHbHpkRzl5ZVM1cWMyOXVJaXdpYm1KbUlqb3hOalkzTlRNek5qRTFNekExTnpneU1EQXdMQ0p6ZFdJaU9pSmthV1E2WlhoaGJYQnNaVHBsWW1abFlqRm1OekV5WldKak5tWXhZekkzTm1VeE1tVmpNakVpTENKMll5STZleUpBWTI5dWRHVjRkQ0k2V3lKb2RIUndjem92TDNkM2R5NTNNeTV2Y21jdk1qQXhPQzlqY21Wa1pXNTBhV0ZzY3k5Mk1TSmRMQ0pwWkNJNkltaDBkSEJ6T2k4dlluVnphVzVsYzNNdGMzUmhibVJoY21SekxtOXlaeTl6WTJobGJXRnpMMlZ0Y0d4dmVXMWxiblF0YUdsemRHOXllUzVxYzI5dUlpd2lkSGx3WlNJNld5SldaWEpwWm1saFlteGxRM0psWkdWdWRHbGhiQ0lzSWtkbGJtVnlhV05GYlhCc2IzbHRaVzUwUTNKbFpHVnVkR2xoYkNKZExDSnBjM04xWlhJaU9pSmthV1E2Wm05dk9qRXlNeUlzSW1semMzVmhibU5sUkdGMFpTSTZJakl3TVRBdE1ERXRNREZVTVRrNk56TTZNalJhSWl3aVkzSmxaR1Z1ZEdsaGJGTjFZbXBsWTNRaU9uc2lZV04wYVhabElqcDBjblZsTENKcFpDSTZJbVJwWkRwbGVHRnRjR3hsT21WaVptVmlNV1kzTVRKbFltTTJaakZqTWpjMlpURXlaV015TVNKOWZYMC4ycFNKNllKb0hlUDlNbkNDTzhiV25GelBrbEZiUFQwS05kRHR6UGd1NGRONG9paTV3MkZEOG1mblVjWnl5MDJMaTdwVjhsUTdOMG9QdHBVcXlGODVEUSJdfQ.n2k0Na7lHaAVGiJof4xB1s5Z8aUS5UIvwtqGrb1MEa6o2OMdetMCtMODlYc__EnfH8J-ADT6k5mLsnI4vlT4DQ
{
"credential_response": {
"application_id": "9b1deb4d-3b7d-4bad-9bdd-2b0d7b3dcb6d",
"applicant": "did:example:123",
"fulfillment": {
"descriptor_map": [
{
"format": "jwt_vc",
"id": "license_output",
"path": "$.verifiableCredential[0]"
},
{
"format": "jwt_vc",
"id": "employment_output",
"path": "$.verifiableCredential[1]"
}
]
},
"id": "a30e3b91-fb77-4d22-95fa-871689c322e2",
"manifest_id": "32f54163-7166-48f1-93d8-ff217bdb0653",
"spec_version": "https://identity.foundation/credential-manifest/spec/v1.0.0/"
},
"iat": 1667533615,
"iss": "did:example:ebfeb1f712ebc6f1c276e12ec21",
"verifiableCredentials": [
"eyJhbGciOiJFZERTQSIsImtpZCI6ImRpZDpleGFtcGxlOmViZmViMWY3MTJlYmM2ZjFjMjc2ZTEyZWMyMSIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJkaWQ6ZXhhbXBsZToxMjMiLCJqdGkiOiJodHRwczovL2V1LmNvbS9jbGFpbXMvRHJpdmVyc0xpY2Vuc2UiLCJuYmYiOjE2Njc1MzM2MTUzMDU2MzkwMDAsInN1YiI6ImRpZDpleGFtcGxlOmViZmViMWY3MTJlYmM2ZjFjMjc2ZTEyZWMyMSIsInZjIjp7IkBjb250ZXh0IjpbImh0dHBzOi8vd3d3LnczLm9yZy8yMDE4L2NyZWRlbnRpYWxzL3YxIl0sImlkIjoiaHR0cHM6Ly9ldS5jb20vY2xhaW1zL0RyaXZlcnNMaWNlbnNlIiwidHlwZSI6WyJFVURyaXZlcnNMaWNlbnNlIl0sImlzc3VlciI6ImRpZDpleGFtcGxlOjEyMyIsImlzc3VhbmNlRGF0ZSI6IjIwMTAtMDEtMDFUMTk6NzM6MjRaIiwiY3JlZGVudGlhbFN1YmplY3QiOnsiYWNjb3VudHMiOlt7ImlkIjoiMTIzNDU2Nzg5MCIsInJvdXRlIjoiREUtOTg3NjU0MzIxMCJ9LHsiaWQiOiIyNDU3OTEzNTcwIiwicm91dGUiOiJERS0wNzUzMTk3NTQyIn1dLCJpZCI6ImRpZDpleGFtcGxlOmViZmViMWY3MTJlYmM2ZjFjMjc2ZTEyZWMyMSJ9fX0.RdKa56WCOEvJQq6ztBhDdrCRSm-zXyaAnyVMRlrW0WTlvE225w8und9vSh6WXzpeqBzWzhe30Qsy0zGww6dqCQ",
"eyJhbGciOiJFZERTQSIsImtpZCI6ImRpZDpleGFtcGxlOmViZmViMWY3MTJlYmM2ZjFjMjc2ZTEyZWMyMSIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJkaWQ6Zm9vOjEyMyIsImp0aSI6Imh0dHBzOi8vYnVzaW5lc3Mtc3RhbmRhcmRzLm9yZy9zY2hlbWFzL2VtcGxveW1lbnQtaGlzdG9yeS5qc29uIiwibmJmIjoxNjY3NTMzNjE1MzA1NzgyMDAwLCJzdWIiOiJkaWQ6ZXhhbXBsZTplYmZlYjFmNzEyZWJjNmYxYzI3NmUxMmVjMjEiLCJ2YyI6eyJAY29udGV4dCI6WyJodHRwczovL3d3dy53My5vcmcvMjAxOC9jcmVkZW50aWFscy92MSJdLCJpZCI6Imh0dHBzOi8vYnVzaW5lc3Mtc3RhbmRhcmRzLm9yZy9zY2hlbWFzL2VtcGxveW1lbnQtaGlzdG9yeS5qc29uIiwidHlwZSI6WyJWZXJpZmlhYmxlQ3JlZGVudGlhbCIsIkdlbmVyaWNFbXBsb3ltZW50Q3JlZGVudGlhbCJdLCJpc3N1ZXIiOiJkaWQ6Zm9vOjEyMyIsImlzc3VhbmNlRGF0ZSI6IjIwMTAtMDEtMDFUMTk6NzM6MjRaIiwiY3JlZGVudGlhbFN1YmplY3QiOnsiYWN0aXZlIjp0cnVlLCJpZCI6ImRpZDpleGFtcGxlOmViZmViMWY3MTJlYmM2ZjFjMjc2ZTEyZWMyMSJ9fX0.2pSJ6YJoHeP9MnCCO8bWnFzPklFbPT0KNdDtzPgu4dN4oii5w2FD8mfnUcZyy02Li7pV8lQ7N0oPtpUqyF85DQ"
]
}
§ JSON Schemas
§ Vocabulary Definition
The Wallet Rendering specification adopts and defines the following JSON Schema data format and processing variant. If Wallet is used, the implementers MUST support for evaluation of the portions of the Wallet Rendering specification that call for JSON validation.
Wallet Rendering is still under development (also at DIF) and should be considered unstable until a stable version is released.
§ Credential Manifest
{
"$schema": "http://json-schema.org/draft-07/schema",
"title": "Credential Manifest",
"type": "object",
"properties": {
"id": {
"type": "string"
},
"name": {
"type": "string"
},
"description": {
"type": "string"
},
"spec_version": {
"type": "string"
},
"issuer": {
"type": "object",
"required": [
"id"
],
"properties": {
"id": {
"type": "string"
},
"name": {
"type": "string"
},
"styles": {
"$ref": "https://identity.foundation/wallet-rendering/schemas/entity-styles.json"
}
},
"additionalProperties": false
},
"output_descriptors": {
"type": "array",
"items": {
"type": "object",
"required": [
"id",
"schema"
],
"properties": {
"id": {
"type": "string"
},
"name": {
"type": "string"
},
"description": {
"type": "string"
},
"schema": {
"type": "string"
},
"display": {
"type": "object",
"properties": {
"title": {
"$ref": "https://identity.foundation/wallet-rendering/schemas/display-mapping-object.json"
},
"subtitle": {
"$ref": "https://identity.foundation/wallet-rendering/schemas/display-mapping-object.json"
},
"description": {
"$ref": "https://identity.foundation/wallet-rendering/schemas/display-mapping-object.json"
},
"properties": {
"type": "array",
"items": {
"$ref": "https://identity.foundation/wallet-rendering/schemas/labeled-display-mapping-object.json"
}
}
},
"additionalProperties": false
},
"styles": {
"$ref": "https://identity.foundation/wallet-rendering/schemas/entity-styles.json"
}
},
"additionalProperties": false
}
},
"presentation_definition": {
"$ref": "https://identity.foundation/presentation-exchange/schemas/presentation-definition.json"
},
"format": {
"$ref": "https://identity.foundation/claim-format-registry/schemas/presentation-definition-claim-format-designations.json"
}
},
"required": [
"id",
"spec_version",
"issuer",
"output_descriptors"
],
"additionalProperties": false
}
§ Output Descriptors
{
"$schema": "http://json-schema.org/draft-07/schema",
"title": "Output Descriptors",
"type": "object",
"properties": {
"output_descriptors": {
"type": "array",
"items": {
"type": "object",
"properties": {
"id": { "type": "string" },
"name": { "type": "string" },
"description": { "type": "string" },
"schema": { "type": "string" },
"display": {
"type": "object",
"properties": {
"title": {
"$ref": "https://identity.foundation/wallet-rendering/schemas/display-mapping-object.json"
},
"subtitle": {
"$ref": "https://identity.foundation/wallet-rendering/schemas/display-mapping-object.json"
},
"description": {
"$ref": "https://identity.foundation/wallet-rendering/schemas/display-mapping-object.json"
},
"properties": {
"type": "array",
"items": {
"$ref": "https://identity.foundation/wallet-rendering/schemas/labeled-display-mapping-object.json"
}
}
},
"additionalProperties": false
},
"styles": {
"$ref": "https://identity.foundation/wallet-rendering/schemas/entity-styles.json"
}
},
"required": ["id", "schema"],
"additionalProperties": false
}
}
},
"required": ["output_descriptors"],
"additionalProperties": false
}
§ Credential Application
{
"$schema": "http://json-schema.org/draft-07/schema#",
"title": "Credential Application",
"type": "object",
"properties": {
"id": { "type": "string" },
"spec_version": { "type" : "string" },
"manifest_id": { "type": "string" },
"applicant": { "type": "string" },
"format": {
"type": "object",
"patternProperties": {
"^jwt$|^jwt_vc$|^jwt_vp$": {
"type": "object",
"properties": {
"alg": {
"type": "array",
"minItems": 1,
"items": { "type": "string" }
}
},
"required": ["alg"],
"additionalProperties": false
},
"^ldp_vc$|^ldp_vp$|^ldp$": {
"type": "object",
"properties": {
"proof_type": {
"type": "array",
"minItems": 1,
"items": { "type": "string" }
}
},
"required": ["proof_type"],
"additionalProperties": false
}
},
"additionalProperties": false
},
"presentation_submission": {
"type": "object",
"properties": {
"id": { "type": "string" },
"definition_id": { "type": "string" },
"descriptor_map": {
"type": "array",
"items": { "$ref": "#/definitions/descriptor" }
}
},
"required": ["id", "definition_id", "descriptor_map"],
"additionalProperties": false
}
},
"definitions": {
"descriptor": {
"type": "object",
"properties": {
"id": { "type": "string" },
"path": { "type": "string" },
"path_nested": {
"type": "object",
"$ref": "#/definitions/descriptor"
},
"format": {
"type": "string",
"enum": ["jwt", "jwt_vc", "jwt_vp", "ldp", "ldp_vc", "ldp_vp"]
}
},
"required": ["id", "path", "format"],
"additionalProperties": false
}
},
"required": ["id", "spec_version", "manifest_id", "format"],
"additionalProperties": false
}
§ Credential Response
{
"$schema": "http://json-schema.org/draft-07/schema#",
"title": "Credential Response",
"type": "object",
"properties": {
"id": { "type": "string" },
"spec_version": { "type" : "string" },
"applicant": { "type": "string" },
"manifest_id": { "type": "string" },
"application_id": { "type": "string" },
"fulfillment": {
"type": "object",
"properties": {
"descriptor_map": {
"type": "array",
"items": { "$ref": "#/definitions/descriptor" }
}
},
"required": ["descriptor_map"],
"additionalProperties": false
},
"denial": {
"type": "object",
"properties": {
"reason": { "type": "string" },
"input_descriptors": {
"type": "array",
"minItems": 1,
"items": { "type": "string" }
}
},
"required": ["reason"],
"additionalProperties": false
}
},
"oneOf": [
{
"required": ["fulfillment"]
},
{
"required": ["denial"]
}
],
"definitions": {
"descriptor": {
"type": "object",
"properties": {
"id": { "type": "string" },
"path": { "type": "string" },
"path_nested": {
"type": "object",
"$ref": "#/definitions/descriptor"
},
"format": {
"type": "string",
"enum": ["jwt", "jwt_vc", "jwt_vp", "ldp", "ldp_vc", "ldp_vp"]
}
},
"required": ["id", "path", "format"],
"additionalProperties": false
}
},
"required": ["id", "spec_version", "manifest_id"],
"additionalProperties": false
}
§ Use Cases
§ Credential Issuance Discovery
As an Issuer, I want to publish a list of credentials I offer, for wallets and other entities to find and digest.
§ Credential Requirement Discovery
As an Issuer, I want to provide a description of the information that a Holder would need to submit to acquire a given credential.
§ Credential Display
Note: This set of use cases requires Wallet Rendering. Wallet Rendering is still under development (also at DIF) and should be considered unstable until a stable version is released.
As a Wallet Implementer, I want to know how to display a credential to the user.
As a Holder, I want my wallet to be able to display the credential (i.e. contents or payload) of a future verifiable credential in UI before I apply for it and after it is issued to me:
- Before applying for a credential:
- Show the user examples of information contained in the VC.
- Include the type of credential, how long it’s valid for, etc.
- Generate a interactive modal, form, etc. for user-inputted fields that can interact with other software (such as a password manager or form-filler)
- After taking possession of a credential:
- Display information from the VC that is pertinent to the user.
- Provide a way to show Issuer branding and other differentiating UI features.
As a Wallet Implementer, I want to display formatted data values.
§ References
- Presentation Exchange
- Presentation Exchange 2.0.0. Daniel Buchner, Brent Zundel, Martin Riedel, Kim Hamilton Duffy. Status: Working Group Draft
- Wallet Rendering
- Wallet Rendering. Daniel Buchner, Brent Zundel, Jace Hensley, Daniel McGrogan. Status: Strawman
- JSON Schema
- JSON Schema: A Media Type for Describing JSON Documents. A. Wright, H. Andrews, B. Hutton, G. Dennis. Status: 28 January 2020. Status: Internet-Draft.
- JSON Schema Validation
- JSON Schema Validation. A. Wright, H. Andrews, B. Hutton. March 19, 2020. Status: Internet Draft.