§ Credential Manifest 1.x Editor’s Draft

Specification Status: Working-Group Approved Draft

Latest Editor’s Draft: identity.foundation/credential-manifest

Stable Working-Group Approved Draft: identity.foundation/credential-manifest/spec/v1.0.0

Editors:
Daniel Buchner (Block)
Brent Zundel (Avast)
Jace Hensley (Bloom)
Daniel McGrogan (Workday)
Gabe Cohen (Block)
Kim Hamilton Duffy (Centre Consortium)
Participate:
GitHub repo
File a bug
Commit history

§ Abstract

For User Agents (e.g. wallets) and other service that wish to engage with Issuers to acquire credentials, there must exist a mechanism for negotiating (via services and interfaces that are out of scope) what inputs are required from a Subject to process a request for credential(s) issuance. The Credential Manifest is a common data format for describing the inputs a Subject must provide to an Issuer for subsequent evaluation and issuance of the credential(s) indicated in the Credential Manifest, i.e. for a Subject to become a Holder.

Credential Manifests do not themselves define the contents of the output credential(s), the process the Issuer uses to evaluate the submitted inputs, or the protocol Issuers, Subjects, and their User Agents rely on to negotiate credential issuance. Instead, Credential Manifests are a data model for issuers to publish and/or send individually to would-be holders, allowing the software of the latter to understand and negotiate an issuance process.

§ Status of This Document

Credential Manifest is a draft specification being developed within the Decentralized Identity Foundation (DIF). Design work on the Credential Manifest data model is ongoing, and participants are encouraged to open issues or otherwise contribute at the DIF-hosted github repository, whether as input to stable versions or as recommendations for future versions.

§ Terminology

Decentralized Identifiers
Unique ID URI string and PKI metadata document format for describing the cryptographic keys and other fundamental PKI values linked to a unique, user-controlled, self-sovereign identifier in a target system (i.e. blockchain, distributed ledger).
Claim
An assertion made about a Subject. Used as an umbrella term for Credential, Assertion, Attestation, etc.
Issuer
Issuers are entities that issue credentials to a Holder.
Holder
Holders are entities that receive credentials from Issuers, possibly first submitting proofs to the Issuer to satisfy the requirements described in a Presentation Definition. These interactions are facilitated by User Agents.
Credential Manifest
A Credential Manifest is a document, hosted by an Issuer and consumed by [[User Agents]], codifying the credentials that it issues in terms of pre-requisites and inputs. These can be static or dynamic, but their form and usage are detailed in this specification.
Presentation Definition
Presentation Exchange is a specification codifying a Presentation Definition data format Verifiers can use to articulate proof requirements in a Presentation Request, and a Presentation Submission data format Holders can use to describe proofs submitted in accordance with them.
Output Descriptor
Output Descriptors are used by an Issuer to describe the credentials they are offering to a Holder. See Output Descriptor
Output Descriptor Object
Output Descriptor Objects are populated with properties describing the Claims the Issuer is offering the Holder
Output Descriptor Display Object
Output Descriptor Display Objects are populated with Data Display properties from the Wallet Rendering specification.
Credential Application
Credential Application are objects embedded within target claim negotiation formats that pass information from the Holder to the Issuer. See Credential Application
Credential Response
Credential Responses are objects embedded within target claim negotiation formats that enable a binary response to a Credential Application. Fulfillments unify the presentation of Claims to a Holder in accordance with the output an Issuer specified in a Credential. Denials provide insight into why a given application did not result in a fulfillment. See Credential Response.
User Agent
User Agents are software, such as wallets or other services, acting on behalf of Holders, to facilitate credential acquisition and exchange. In the context of this specification, they retrieve Credential Manifests and interpret them to determine issuance requirements, construct Credential to satisfy issuance requirements and submit them to Issuers, and receive and interpret Credential Responses.

§ Overview

The following representative sequence contextualizes the top-level objects described in this specification:

sequenceDiagram Issuer->>User Agent: Credential Manifest User Agent->>Issuer: Send Credential Application alt Application accepted ("fulfillment") Issuer->>Issuer: Issue Claim(s) and wrap in Credential Response Issuer-->>User Agent: Send Credential Response else Application rejected ("denial") Issuer-->>User Agent: Send Credential Response with denial reason end

This specification covers only the data models of these objects and not the exchange protocols or architectural assumptions about how they get transported. Specifically:

§ Versioning

As this specification evolves, so will its object models. Future iterations of the specifications should aim to provide backwards-compatibility and minimize breaking changes. To track the evolution of this specification, all object models this specification defines MUST include a spec_version property, corresponding to the URI of the specification revision the object models conform to.

EXAMPLE
{
  "spec_version": "https://identity.foundation/credential-manifest/spec/v1.0.0/"
}

§ Credential Manifest

Credential Manifests are a resource format that defines preconditional requirements, Issuer style preferences, and other facets User Agents utilize to help articulate and select the inputs necessary for processing and issuance of a specified credential.

EXAMPLE
{
  "id": "WA-DL-CLASS-A",
  "spec_version": "https://identity.foundation/credential-manifest/spec/v1.0.0/",
  "issuer": {
    "id": "did:example:123?linked-domains=3",
    "name": "Washington State Government",
    "styles": {
      "thumbnail": {
        "uri": "https://dol.wa.com/logo.png",
        "alt": "Washington State Seal"
      },
      "hero": {
        "uri": "https://dol.wa.com/people-working.png",
        "alt": "People working on serious things"
      },
      "background": {
        "color": "#ff0000"
      },
      "text": {
        "color": "#d4d400"
      }
    }
  },
  "output_descriptors": [
    {
      "id": "driver_license_output",
      "schema": "https://schema.org/EducationalOccupationalCredential",
      "display": {
        "title": {
          "path": ["$.name", "$.vc.name"],
          "schema": {
            "type": "string"
          },
          "fallback": "Washington State Driver License"
        },
        "subtitle": {
          "path": ["$.class", "$.vc.class"],
          "schema": {
            "type": "string"
          },
          "fallback": "Class A, Commercial"
        },
        "description": {
          "text": "License to operate a vehicle with a gross combined weight rating (GCWR) of 26,001 or more pounds, as long as the GVWR of the vehicle(s) being towed is over 10,000 pounds."
        },
        "properties": [
          {
            "path": ["$.donor", "$.vc.donor"],
            "schema": {
              "type": "boolean"
            },
            "fallback": "Unknown",
            "label": "Organ Donor"
          }
        ]
      },
      "styles": {
        "thumbnail": {
          "uri": "https://dol.wa.com/logo.png",
          "alt": "Washington State Seal"
        },
        "hero": {
          "uri": "https://dol.wa.com/happy-people-driving.png",
          "alt": "Happy people driving"
        },
        "background": {
          "color": "#ff0000"
        },
        "text": {
          "color": "#d4d400"
        }
      }
    }
  ],
  "presentation_definition": {
    "id": "test",
    "input_descriptors": [
      {
        "id": "test input descriptor"
      }
    ]
  }
}

§ General Composition

Credential Manifests are JSON objects composed as follows:

EXAMPLE
{
  "credential_manifest": {
    "id": "WA-DL-CLASS-A",
    "name": "Washington State Class A Driver's License Application",
    "description": "This application is for the Washington State Class A Driver's License, which requires an applicant to be of at least 18 years of age and provide proof of CDL training completion.",
    "output_descriptors": [],
    "spec_version": "https://identity.foundation/credential-manifest/spec/v1.0.0/",
    "issuer": {
      "id": "did:example:123?linked-domains=3",
      "name": "Washington State Government",
      "styles": {
        "thumbnail": {
          "uri": "https://dol.wa.com/logo.png",
          "alt": "Washington State Seal"
        },
        "hero": {
          "uri": "https://dol.wa.com/people-working.png",
          "alt": "People working on serious things"
        },
        "background": {
          "color": "#ff0000"
        },
        "text": {
          "color": "#d4d400"
        }
      }
    },
    "format": {
      "jwt": {
        "alg": ["EdDSA", "ES256K", "ES384"]
      },
      "jwt_vc": {
        "alg": ["ES256K", "ES384"]
      },
      "jwt_vp": {
        "alg": ["EdDSA", "ES256K"]
      },
      "ldp_vc": {
        "proof_type": [
          "JsonWebSignature2020",
          "Ed25519Signature2018",
          "EcdsaSecp256k1Signature2019",
          "RsaSignature2018"
        ]
      },
      "ldp_vp": {
        "proof_type": ["Ed25519Signature2018"]
      },
      "ldp": {
        "proof_type": ["RsaSignature2018"]
      }
    }
  }
}

§ Output Descriptor

Output Descriptors are objects used to describe the Claims an Issuer is offering to a Holder.

Output Descriptor Objects contain type URI that links to the type of the offered output data, and information about how to display the output to the Holder.

EXAMPLE
{
  "output_descriptors": [
    {
      "id": "driver_license_output",
      "schema": "https://schema.org/EducationalOccupationalCredential",
      "display": {
        "title": {
          "path": ["$.name", "$.vc.name"],
          "schema": {
            "type": "string"
          },
          "fallback": "Washington State Driver License"
        },
        "subtitle": {
          "path": ["$.class", "$.vc.class"],
          "schema": {
            "type": "string"
          },
          "fallback": "Class A, Commercial"
        },
        "description": {
          "text": "License to operate a vehicle with a gross combined weight rating (GCWR) of 26,001 or more pounds, as long as the GVWR of the vehicle(s) being towed is over 10,000 pounds."
        },
        "properties": [
          {
            "path": ["$.donor", "$.vc.donor"],
            "schema": {
              "type": "boolean"
            },
            "fallback": "Unknown",
            "label": "Organ Donor"
          }
        ]
      },
      "styles": {
        "thumbnail": {
          "uri": "https://dol.wa.com/logo.png",
          "alt": "Washington State Seal"
        },
        "hero": {
          "uri": "https://dol.wa.com/happy-people-driving.png",
          "alt": "Happy people driving"
        },
        "background": {
          "color": "#ff0000"
        },
        "text": {
          "color": "#d4d400"
        }
      }
    }
  ]
}

§ Output Descriptor Object

Output Descriptor Objects are composed as follows:

§ JSON Schema

The JSON Schema Draft 7 definition that summarizes the rules above for Output Descriptors can be found after the appendix here.

§ JSON Schema

The JSON Schema Draft 7 definition that summarizes the rules above for Credential Manifest can be found after the appendix here.

§ Resource Location

Credential Manifests SHOULD be retrievable at known, semantic locations that are generalized across all entities, protocols, and transports. This specification does not stipulate how Credential Manifests must be located, hosted, or retrieved, but does advise that Issuers SHOULD make their Credential Manifests available via an instance of the forthcoming semantic personal data-store standard being developed by DIF, W3C, and other groups (e.g. Decentralized Web Nodes).

§ Credential Application

Credential Application are objects embedded within target claim negotiation formats that pass information from the Holder to the Issuer.

Credential Applications are JSON objects composed as follows:

NOTE

VP, OIDC, DIDComm, or CHAPI outer wrapper properties would be at outer layer

EXAMPLE
{
  "id": "9b1deb4d-3b7d-4bad-9bdd-2b0d7b3dcb6d",
  "spec_version": "https://identity.foundation/credential-manifest/spec/v1.0.0/",
  "applicant": "did:example:123",
  "manifest_id": "WA-DL-CLASS-A",
  "format": {
    "ldp_vc": {
      "proof_type": [
        "JsonWebSignature2020",
        "EcdsaSecp256k1Signature2019"
      ]
    }
  },
  "presentation_submission": {
    "id": "a30e3b91-fb77-4d22-95fa-871689c322e2",
    "definition_id": "32f54163-7166-48f1-93d8-ff217bdb0653",
    "descriptor_map": [
      {
        "id": "input_1",
        "format": "jwt_vc",
        "path": "$.verifiableCredential[0]"
      },
      {
        "id": "input_2",
        "format": "ldp_vc",
        "path": "$.verifiableCredential[1]"
      },
      {
        "id": "input_3",
        "format": "ldp_vc",
        "path": "$.verifiableCredential[2]"
      }
    ]
  }
}

§ Embed Targets

The following section details where the credential_application object is to be embedded within a target data structure.

§ Embed Locations

The following are the locations at which the Credential Application object MUST be embedded for known target formats. For any location besides the top level of the embed target, the location is described in JSONPath syntax.

Target Location
OpenID top-level
DIDComms $.presentations~attach.data.json
VP top-level
CHAPI $.data

§ JSON Schema

The JSON Schema Draft 7 definition that summarizes the rules above for Credential Application can be found after the appendix here.

§ Credential Response

Credential Responses are objects that encapsulate possible responses from a Credential Application, with two possible outcomes: fulfillment or denial. Fulfillment is the case where a Credential Application is accepted, and results in credential issuance. Fulfillments are embedded within target Claim negotiation formats that express how the outputs presented as proofs to a Holder are provided in accordance with the outputs specified in a Credential Manifest. Rejection is the case where a Credential Application is denied, and results in a response of pertitent information about the rejection. Embedded Credential Response objects MUST be located within target data format as the value of a credential_response property, which is composed and embedded as follows:

// NOTE: VP, OIDC, DIDComm, or CHAPI outer wrapper properties would be at outer layer
EXAMPLE
{
  "id": "a30e3b91-fb77-4d22-95fa-871689c322e2",
  "spec_version": "https://identity.foundation/credential-manifest/spec/v1.0.0/",
  "applicant": "did:example:123",
  "manifest_id": "32f54163-7166-48f1-93d8-ff217bdb0653",
  "application_id": "b6385066-147c-49d0-9783-261a2154b1fd",
  "fulfillment": {
    "descriptor_map": [
      {
        "id": "banking_output_2",
        "format": "jwt_vc",
        "path": "$.verifiableCredential[0]"
      },
      {
        "id": "employment_output",
        "format": "ldp_vc",
        "path": "$.verifiableCredential[1]"
      },
      {
        "id": "citizenship_output_1",
        "format": "ldp_vc",
        "path": "$.verifiableCredential[2]"
      }
    ]
  }
}
EXAMPLE
{
  "id": "a30e3b91-fb77-4d22-95fa-871689c322e2",
  "spec_version": "https://identity.foundation/credential-manifest/spec/v1.0.0/",
  "applicant": "did:example:123",
  "manifest_id": "32f54163-7166-48f1-93d8-ff217bdb0653",
  "application_id": "b6385066-147c-49d0-9783-261a2154b1fd",
  "denial": {
    "reason": "Input descriptors 1 and 3 use non-matching schemas.",
    "input_descriptors": ["id-1", "id-3"]
  }
}

§ Embed Targets

The following section details where the Credential Response is to be embedded within a target data structure, as well as how to formulate the JSONPath expressions to select the Claims within the target data structure.

§ Embed Locations

The following are the locations at which the credential_response object MUST be embedded for known target formats. For any location besides the top level of the embed target, the location is described in JSONPath syntax.

Target Location
OpenID top-level
DIDComms $.presentations~attach.data.json
VP top-level
CHAPI $.data

§ JSON Schema

The JSON Schema Draft 7 definition that summarizes the rules above for Credential Response can be found after the appendix here.

§ Input Evaluation

Input is evaluated from two perspectives: that of the Issuer, who creates a Credential Manifest and from that of the User Agent, who responds to a Manifest with a Credential Application.

A User Agent first processes a Credential Manifest in order to generate a valid Credential Application. If a Credential Manifest includes a presentation_definition property, the User Agent MUST include a valid Presentation Submission in the presentation_submission property of its corresponding Credential.

An Issuer MUST evaluate the input against the associated Credential Manifest. If the Credential Application contains a Presentation Submission, it MUST be processed as specified in Presentation Exchange: Input Evaluation.

§ Appendix

§ Embed Target Examples

§ Credential Manifest

EXAMPLE
eyJhbGciOiJFZERTQSIsImtpZCI6ImRpZDpleGFtcGxlOmViZmViMWY3MTJlYmM2ZjFjMjc2ZTEyZWMyMSIsInR5cCI6IkpXVCJ9.eyJjcmVkZW50aWFsX21hbmlmZXN0Ijp7ImZvcm1hdCI6eyJqd3RfdmMiOnsiYWxnIjpbIkVkRFNBIl19fSwiaWQiOiIzMmY1NDE2My03MTY2LTQ4ZjEtOTNkOC1mZjIxN2JkYjA2NTMiLCJpc3N1ZXIiOnsiaWQiOiJkaWQ6ZXhhbXBsZTplYmZlYjFmNzEyZWJjNmYxYzI3NmUxMmVjMjEifSwib3V0cHV0X2Rlc2NyaXB0b3JzIjpbeyJkZXNjcmlwdGlvbiI6ImRyaXZlcnMgbGljZW5zZSBjcmVkZW50aWFsIiwiaWQiOiJkcml2ZXJzX2xpY2Vuc2UiLCJzY2hlbWEiOiJodHRwczovL2V1LmNvbS9jbGFpbXMvRHJpdmVyc0xpY2Vuc2UifSx7ImRlc2NyaXB0aW9uIjoiZW1wbG95bWVudCBoaXN0b3J5IGNyZWRlbnRpYWwiLCJpZCI6ImVtcGxveW1lbnRfaGlzdG9yeSIsInNjaGVtYSI6Imh0dHBzOi8vYnVzaW5lc3Mtc3RhbmRhcmRzLm9yZy9zY2hlbWFzL2VtcGxveW1lbnQtaGlzdG9yeS5qc29uIn1dLCJwcmVzZW50YXRpb25fZGVmaW5pdGlvbiI6eyJpZCI6ImZmMjE3YmRiMDY1My0zMmY1NDE2My03MTY2LTQ4ZjEtOTNkOCIsImlucHV0X2Rlc2NyaXB0b3JzIjpbeyJjb25zdHJhaW50cyI6eyJmaWVsZHMiOlt7ImlkIjoibGljZW5zZV9zY2hlbWEiLCJwYXRoIjpbIiQuY3JlZGVudGlhbFNjaGVtYS5pZCJdfSx7ImlkIjoibGljZW5zZV9udW1iZXIiLCJwYXRoIjpbIiQuY3JlZGVudGlhbFN1YmplY3QubGljZW5zZU51bWJlciJdfSx7ImlkIjoibGljZW5zZV9zdGF0ZSIsInBhdGgiOlsiJC5jcmVkZW50aWFsU3ViamVjdC5saWNlbnNlU3RhdGUiXX1dfSwiaWQiOiJsaWNlbnNlX2lucHV0In0seyJjb25zdHJhaW50cyI6eyJmaWVsZHMiOlt7ImlkIjoiZW1wbG95bWVudF9zY2hlbWEiLCJwYXRoIjpbIiQuY3JlZGVudGlhbFNjaGVtYS5pZCJdfSx7ImlkIjoiZW1wbG95ZXJfbmFtZSIsInBhdGgiOlsiJC5jcmVkZW50aWFsU3ViamVjdC5lbXBsb3llck5hbWUiXX1dfSwiaWQiOiJlbXBsb3ltZW50X2lucHV0In1dLCJuYW1lIjoiUmVxdWlyZW1lbnRzIGZvciBhIG5ldyBsaWNlbnNlIGFuZCBlbXBsb3ltZW50IGhpc3RvcnkifSwic3BlY192ZXJzaW9uIjoiaHR0cHM6Ly9pZGVudGl0eS5mb3VuZGF0aW9uL2NyZWRlbnRpYWwtbWFuaWZlc3Qvc3BlYy92MS4wLjAvIn0sImlhdCI6MTY2NzUzMTc5NiwiaXNzIjoiZGlkOmV4YW1wbGU6ZWJmZWIxZjcxMmViYzZmMWMyNzZlMTJlYzIxIn0.PCrXyRHOglEBpDPcqCkNo8BSURcEVVgp0ukJGHzvhjeTTYHXB0V5Fu-G6jLx1JVMXcXHlwaDTXitxpnc9ULBBg
EXAMPLE
{
  "credential_application": {
    "format": {
      "jwt_vc": {
        "alg": [
          "EdDSA"
        ]
      }
    },
    "id": "9b1deb4d-3b7d-4bad-9bdd-2b0d7b3dcb6d",
    "manifest_id": "WA-DL-CLASS-A",
    "presentation_submission": {
      "definition_id": "32f54163-7166-48f1-93d8-ff217bdb0653",
      "descriptor_map": [
        {
          "format": "jwt_vc",
          "id": "input_1",
          "path": "$.verifiableCredential[0]"
        },
        {
          "format": "jwt_vc",
          "id": "input_2",
          "path": "$.verifiableCredential[1]"
        }
      ],
      "id": "a30e3b91-fb77-4d22-95fa-871689c322e2"
    },
    "spec_version": "https://identity.foundation/credential-manifest/spec/v1.0.0/"
  },
  "iat": 1667533138,
  "iss": "did:example:ebfeb1f712ebc6f1c276e12ec21",
  "verifiableCredentials": [
    "eyJhbGciOiJFZERTQSIsImtpZCI6ImRpZDpleGFtcGxlOmViZmViMWY3MTJlYmM2ZjFjMjc2ZTEyZWMyMSIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJkaWQ6ZXhhbXBsZToxMjMiLCJqdGkiOiJodHRwczovL2V1LmNvbS9jbGFpbXMvRHJpdmVyc0xpY2Vuc2UiLCJuYmYiOjE2Njc1MzMxMzgxNzAxNjYwMDAsInN1YiI6ImRpZDpleGFtcGxlOmViZmViMWY3MTJlYmM2ZjFjMjc2ZTEyZWMyMSIsInZjIjp7IkBjb250ZXh0IjpbImh0dHBzOi8vd3d3LnczLm9yZy8yMDE4L2NyZWRlbnRpYWxzL3YxIl0sImlkIjoiaHR0cHM6Ly9ldS5jb20vY2xhaW1zL0RyaXZlcnNMaWNlbnNlIiwidHlwZSI6WyJFVURyaXZlcnNMaWNlbnNlIl0sImlzc3VlciI6ImRpZDpleGFtcGxlOjEyMyIsImlzc3VhbmNlRGF0ZSI6IjIwMTAtMDEtMDFUMTk6NzM6MjRaIiwiY3JlZGVudGlhbFN1YmplY3QiOnsiYWNjb3VudHMiOlt7ImlkIjoiMTIzNDU2Nzg5MCIsInJvdXRlIjoiREUtOTg3NjU0MzIxMCJ9LHsiaWQiOiIyNDU3OTEzNTcwIiwicm91dGUiOiJERS0wNzUzMTk3NTQyIn1dLCJpZCI6ImRpZDpleGFtcGxlOmViZmViMWY3MTJlYmM2ZjFjMjc2ZTEyZWMyMSJ9fX0.0Zs5pTrsndwqbrMVwSUUbL04u1lRM7knmCbAshXwPP1c_sPpqn9sBakPNOdAgD_AXLXPg8K0CZVl5mFdQ_eBDQ",
    "eyJhbGciOiJFZERTQSIsImtpZCI6ImRpZDpleGFtcGxlOmViZmViMWY3MTJlYmM2ZjFjMjc2ZTEyZWMyMSIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJkaWQ6Zm9vOjEyMyIsImp0aSI6Imh0dHBzOi8vYnVzaW5lc3Mtc3RhbmRhcmRzLm9yZy9zY2hlbWFzL2VtcGxveW1lbnQtaGlzdG9yeS5qc29uIiwibmJmIjoxNjY3NTMzMTM4MTcwMzcyMDAwLCJzdWIiOiJkaWQ6ZXhhbXBsZTplYmZlYjFmNzEyZWJjNmYxYzI3NmUxMmVjMjEiLCJ2YyI6eyJAY29udGV4dCI6WyJodHRwczovL3d3dy53My5vcmcvMjAxOC9jcmVkZW50aWFscy92MSJdLCJpZCI6Imh0dHBzOi8vYnVzaW5lc3Mtc3RhbmRhcmRzLm9yZy9zY2hlbWFzL2VtcGxveW1lbnQtaGlzdG9yeS5qc29uIiwidHlwZSI6WyJWZXJpZmlhYmxlQ3JlZGVudGlhbCIsIkdlbmVyaWNFbXBsb3ltZW50Q3JlZGVudGlhbCJdLCJpc3N1ZXIiOiJkaWQ6Zm9vOjEyMyIsImlzc3VhbmNlRGF0ZSI6IjIwMTAtMDEtMDFUMTk6NzM6MjRaIiwiY3JlZGVudGlhbFN1YmplY3QiOnsiYWN0aXZlIjp0cnVlLCJpZCI6ImRpZDpleGFtcGxlOmViZmViMWY3MTJlYmM2ZjFjMjc2ZTEyZWMyMSJ9fX0.VzSo1f2LaCuGkSDeiIXbQsONbRI_75LYCNHCSVwOkY05oGj6kgxagHUW-8Qii5BheWCcBh3EU8jYrfqnNtFMAQ"
  ]
}

§ Credential Application

EXAMPLE
{
  "@context": [
    "https://www.w3.org/2018/credentials/v1",
    "https://identity.foundation/credential-manifest/application/v1"
  ],
  "type": [
    "VerifiablePresentation",
    "CredentialApplication"
  ],
  "credential_application": {
    "id": "9b1deb4d-3b7d-4bad-9bdd-2b0d7b3dcb6d",
    "spec_version": "https://identity.foundation/credential-manifest/spec/v1.0.0/",
    "applicant": "did:example:123",
    "manifest_id": "WA-DL-CLASS-A",
    "format": {
      "ldp_vc": {
        "proof_type": [
          "JsonWebSignature2020",
          "EcdsaSecp256k1Signature2019"
        ]
      }
    },
    "presentation_submission": {
      "id": "a30e3b91-fb77-4d22-95fa-871689c322e2",
      "definition_id": "32f54163-7166-48f1-93d8-ff217bdb0653",
      "descriptor_map": [
        {
          "id": "input_1",
          "format": "jwt_vc",
          "path": "$.verifiableCredential[0]"
        },
        {
          "id": "input_2",
          "format": "ldp_vc",
          "path": "$.verifiableCredential[1]"
        },
        {
          "id": "input_3",
          "format": "ldp_vc",
          "path": "$.verifiableCredential[2]"
        }
      ]
    }
  },
  "verifiableCredential": [
    {
      "comment": "IN REALWORLD VPs, THIS WILL BE A BIG UGLY OBJECT INSTEAD OF THE DECODED JWT PAYLOAD THAT FOLLOWS",
      "vc": {
        "@context": "https://www.w3.org/2018/credentials/v1",
        "id": "https://eu.com/claims/DriversLicense",
        "type": ["EUDriversLicense"],
        "issuer": "did:example:123",
        "issuanceDate": "2010-01-01T19:73:24Z",
        "credentialSubject": {
          "id": "did:example:ebfeb1f712ebc6f1c276e12ec21",
          "accounts": [
            {
              "id": "1234567890",
              "route": "DE-9876543210"
            },
            {
              "id": "2457913570",
              "route": "DE-0753197542"
            }
          ]
        }
      }
    },
    {
      "@context": "https://www.w3.org/2018/credentials/v1",
      "id": "https://business-standards.org/schemas/employment-history.json",
      "type": ["VerifiableCredential", "GenericEmploymentCredential"],
      "issuer": "did:foo:123",
      "issuanceDate": "2010-01-01T19:73:24Z",
      "credentialSubject": {
        "id": "did:example:ebfeb1f712ebc6f1c276e12ec21",
        "active": true
      },
      "proof": {
        "type": "EcdsaSecp256k1VerificationKey2019",
        "created": "2017-06-18T21:19:10Z",
        "proofPurpose": "assertionMethod",
        "verificationMethod": "https://example.edu/issuers/keys/1",
        "jws": "..."
      }
    },
    {
      "@context": "https://www.w3.org/2018/credentials/v1",
      "id": "https://eu.com/claims/DriversLicense",
      "type": ["EUDriversLicense"],
      "issuer": "did:foo:123",
      "issuanceDate": "2010-01-01T19:73:24Z",
      "credentialSubject": {
        "id": "did:example:ebfeb1f712ebc6f1c276e12ec21",
        "license": {
          "number": "34DGE352",
          "dob": "07/13/80"
        }
      },
      "proof": {
        "type": "RsaSignature2018",
        "created": "2017-06-18T21:19:10Z",
        "proofPurpose": "assertionMethod",
        "verificationMethod": "https://example.edu/issuers/keys/1",
        "jws": "..."
      }
    }
  ],
  "proof": {
    "type": "RsaSignature2018",
    "created": "2018-09-14T21:19:10Z",
    "proofPurpose": "authentication",
    "verificationMethod": "did:example:ebfeb1f712ebc6f1c276e12ec21#keys-1",
    "challenge": "1f44d55f-f161-4938-a659-f8026467f126",
    "domain": "4jt78h47fh47",
    "jws": "..."
  }
}
EXAMPLE
eyJhbGciOiJFZERTQSIsImtpZCI6ImRpZDpleGFtcGxlOmViZmViMWY3MTJlYmM2ZjFjMjc2ZTEyZWMyMSIsInR5cCI6IkpXVCJ9.eyJjcmVkZW50aWFsX2FwcGxpY2F0aW9uIjp7ImZvcm1hdCI6eyJqd3RfdmMiOnsiYWxnIjpbIkVkRFNBIl19fSwiaWQiOiI5YjFkZWI0ZC0zYjdkLTRiYWQtOWJkZC0yYjBkN2IzZGNiNmQiLCJtYW5pZmVzdF9pZCI6IldBLURMLUNMQVNTLUEiLCJwcmVzZW50YXRpb25fc3VibWlzc2lvbiI6eyJkZWZpbml0aW9uX2lkIjoiMzJmNTQxNjMtNzE2Ni00OGYxLTkzZDgtZmYyMTdiZGIwNjUzIiwiZGVzY3JpcHRvcl9tYXAiOlt7ImZvcm1hdCI6Imp3dF92YyIsImlkIjoiaW5wdXRfMSIsInBhdGgiOiIkLnZlcmlmaWFibGVDcmVkZW50aWFsWzBdIn0seyJmb3JtYXQiOiJqd3RfdmMiLCJpZCI6ImlucHV0XzIiLCJwYXRoIjoiJC52ZXJpZmlhYmxlQ3JlZGVudGlhbFsxXSJ9XSwiaWQiOiJhMzBlM2I5MS1mYjc3LTRkMjItOTVmYS04NzE2ODljMzIyZTIifSwic3BlY192ZXJzaW9uIjoiaHR0cHM6Ly9pZGVudGl0eS5mb3VuZGF0aW9uL2NyZWRlbnRpYWwtbWFuaWZlc3Qvc3BlYy92MS4wLjAvIn0sImlhdCI6MTY2NzUzMzEzOCwiaXNzIjoiZGlkOmV4YW1wbGU6ZWJmZWIxZjcxMmViYzZmMWMyNzZlMTJlYzIxIiwidmVyaWZpYWJsZUNyZWRlbnRpYWxzIjpbImV5SmhiR2NpT2lKRlpFUlRRU0lzSW10cFpDSTZJbVJwWkRwbGVHRnRjR3hsT21WaVptVmlNV1kzTVRKbFltTTJaakZqTWpjMlpURXlaV015TVNJc0luUjVjQ0k2SWtwWFZDSjkuZXlKcGMzTWlPaUprYVdRNlpYaGhiWEJzWlRveE1qTWlMQ0pxZEdraU9pSm9kSFJ3Y3pvdkwyVjFMbU52YlM5amJHRnBiWE12UkhKcGRtVnljMHhwWTJWdWMyVWlMQ0p1WW1ZaU9qRTJOamMxTXpNeE16Z3hOekF4TmpZd01EQXNJbk4xWWlJNkltUnBaRHBsZUdGdGNHeGxPbVZpWm1WaU1XWTNNVEpsWW1NMlpqRmpNamMyWlRFeVpXTXlNU0lzSW5aaklqcDdJa0JqYjI1MFpYaDBJanBiSW1oMGRIQnpPaTh2ZDNkM0xuY3pMbTl5Wnk4eU1ERTRMMk55WldSbGJuUnBZV3h6TDNZeElsMHNJbWxrSWpvaWFIUjBjSE02THk5bGRTNWpiMjB2WTJ4aGFXMXpMMFJ5YVhabGNuTk1hV05sYm5ObElpd2lkSGx3WlNJNld5SkZWVVJ5YVhabGNuTk1hV05sYm5ObElsMHNJbWx6YzNWbGNpSTZJbVJwWkRwbGVHRnRjR3hsT2pFeU15SXNJbWx6YzNWaGJtTmxSR0YwWlNJNklqSXdNVEF0TURFdE1ERlVNVGs2TnpNNk1qUmFJaXdpWTNKbFpHVnVkR2xoYkZOMVltcGxZM1FpT25zaVlXTmpiM1Z1ZEhNaU9sdDdJbWxrSWpvaU1USXpORFUyTnpnNU1DSXNJbkp2ZFhSbElqb2lSRVV0T1RnM05qVTBNekl4TUNKOUxIc2lhV1FpT2lJeU5EVTNPVEV6TlRjd0lpd2ljbTkxZEdVaU9pSkVSUzB3TnpVek1UazNOVFF5SW4xZExDSnBaQ0k2SW1ScFpEcGxlR0Z0Y0d4bE9tVmlabVZpTVdZM01USmxZbU0yWmpGak1qYzJaVEV5WldNeU1TSjlmWDAuMFpzNXBUcnNuZHdxYnJNVndTVVViTDA0dTFsUk03a25tQ2JBc2hYd1BQMWNfc1BwcW45c0Jha1BOT2RBZ0RfQVhMWFBnOEswQ1pWbDVtRmRRX2VCRFEiLCJleUpoYkdjaU9pSkZaRVJUUVNJc0ltdHBaQ0k2SW1ScFpEcGxlR0Z0Y0d4bE9tVmlabVZpTVdZM01USmxZbU0yWmpGak1qYzJaVEV5WldNeU1TSXNJblI1Y0NJNklrcFhWQ0o5LmV5SnBjM01pT2lKa2FXUTZabTl2T2pFeU15SXNJbXAwYVNJNkltaDBkSEJ6T2k4dlluVnphVzVsYzNNdGMzUmhibVJoY21SekxtOXlaeTl6WTJobGJXRnpMMlZ0Y0d4dmVXMWxiblF0YUdsemRHOXllUzVxYzI5dUlpd2libUptSWpveE5qWTNOVE16TVRNNE1UY3dNemN5TURBd0xDSnpkV0lpT2lKa2FXUTZaWGhoYlhCc1pUcGxZbVpsWWpGbU56RXlaV0pqTm1ZeFl6STNObVV4TW1Wak1qRWlMQ0oyWXlJNmV5SkFZMjl1ZEdWNGRDSTZXeUpvZEhSd2N6b3ZMM2QzZHk1M015NXZjbWN2TWpBeE9DOWpjbVZrWlc1MGFXRnNjeTkyTVNKZExDSnBaQ0k2SW1oMGRIQnpPaTh2WW5WemFXNWxjM010YzNSaGJtUmhjbVJ6TG05eVp5OXpZMmhsYldGekwyVnRjR3h2ZVcxbGJuUXRhR2x6ZEc5eWVTNXFjMjl1SWl3aWRIbHdaU0k2V3lKV1pYSnBabWxoWW14bFEzSmxaR1Z1ZEdsaGJDSXNJa2RsYm1WeWFXTkZiWEJzYjNsdFpXNTBRM0psWkdWdWRHbGhiQ0pkTENKcGMzTjFaWElpT2lKa2FXUTZabTl2T2pFeU15SXNJbWx6YzNWaGJtTmxSR0YwWlNJNklqSXdNVEF0TURFdE1ERlVNVGs2TnpNNk1qUmFJaXdpWTNKbFpHVnVkR2xoYkZOMVltcGxZM1FpT25zaVlXTjBhWFpsSWpwMGNuVmxMQ0pwWkNJNkltUnBaRHBsZUdGdGNHeGxPbVZpWm1WaU1XWTNNVEpsWW1NMlpqRmpNamMyWlRFeVpXTXlNU0o5ZlgwLlZ6U28xZjJMYUN1R2tTRGVpSVhiUXNPTmJSSV83NUxZQ05IQ1NWd09rWTA1b0dqNmtneGFnSFVXLThRaWk1QmhlV0NjQmgzRVU4allyZnFuTnRGTUFRIl19.zyfAs5yD_N5W-6WSwRABuNtKaMQA0YImiAIOBU9fKV51KA4AORlvvA_3svWAsDZFK6ZvH-fKzF70k4OYS04vBQ
EXAMPLE
{
  "credential_application": {
    "id": "9b1deb4d-3b7d-4bad-9bdd-2b0d7b3dcb6d",
    "spec_version": "https://identity.foundation/credential-manifest/spec/v1.0.0/",
    "applicant": "did:example:123",
    "manifest_id": "WA-DL-CLASS-A",
    "format": {
      "ldp_vc": {
        "proof_type": [
          "JsonWebSignature2020",
          "EcdsaSecp256k1Signature2019"
        ]
      }
    },
    "presentation_submission": {
      "id": "a30e3b91-fb77-4d22-95fa-871689c322e2",
      "definition_id": "32f54163-7166-48f1-93d8-ff217bdb0653",
      "descriptor_map": [
        {
          "id": "input_1",
          "format": "jwt_vc",
          "path": "$.verifiableCredential[0]"
        },
        {
          "id": "input_2",
          "format": "ldp_vc",
          "path": "$.verifiableCredential[1]"
        },
        {
          "id": "input_3",
          "format": "ldp_vc",
          "path": "$.verifiableCredential[2]"
        }
      ]
    }
  },
  "verifiableCredential": [
    {
      "comment": "IN REALWORLD VPs, THIS WILL BE A BIG UGLY OBJECT INSTEAD OF THE DECODED JWT PAYLOAD THAT FOLLOWS",
      "vc": {
        "@context": "https://www.w3.org/2018/credentials/v1",
        "id": "https://eu.com/claims/DriversLicense",
        "type": ["EUDriversLicense"],
        "issuer": "did:example:123",
        "issuanceDate": "2010-01-01T19:73:24Z",
        "credentialSubject": {
          "id": "did:example:ebfeb1f712ebc6f1c276e12ec21",
          "accounts": [
            {
              "id": "1234567890",
              "route": "DE-9876543210"
            },
            {
              "id": "2457913570",
              "route": "DE-0753197542"
            }
          ]
        }
      }
    },
    {
      "@context": "https://www.w3.org/2018/credentials/v1",
      "id": "https://business-standards.org/schemas/employment-history.json",
      "type": ["VerifiableCredential", "GenericEmploymentCredential"],
      "issuer": "did:foo:123",
      "issuanceDate": "2010-01-01T19:73:24Z",
      "credentialSubject": {
        "id": "did:example:ebfeb1f712ebc6f1c276e12ec21",
        "active": true
      },
      "proof": {
        "type": "EcdsaSecp256k1VerificationKey2019",
        "created": "2017-06-18T21:19:10Z",
        "proofPurpose": "assertionMethod",
        "verificationMethod": "https://example.edu/issuers/keys/1",
        "jws": "..."
      }
    },
    {
      "@context": "https://www.w3.org/2018/credentials/v1",
      "id": "https://eu.com/claims/DriversLicense",
      "type": ["EUDriversLicense"],
      "issuer": "did:foo:123",
      "issuanceDate": "2010-01-01T19:73:24Z",
      "credentialSubject": {
        "id": "did:example:ebfeb1f712ebc6f1c276e12ec21",
        "license": {
          "number": "34DGE352",
          "dob": "07/13/80"
        }
      },
      "proof": {
        "type": "RsaSignature2018",
        "created": "2017-06-18T21:19:10Z",
        "proofPurpose": "assertionMethod",
        "verificationMethod": "https://example.edu/issuers/keys/1",
        "jws": "..."
      }
    }
  ]
}

§ Credential Response

EXAMPLE
{
  "@context": [
    "https://www.w3.org/2018/credentials/v1",
    "https://identity.foundation/credential-manifest/response/v1"
  ],
  "type": [
    "VerifiablePresentation",
    "CredentialResponse"
  ],
  "credential_response": {
    "id": "a30e3b91-fb77-4d22-95fa-871689c322e2",
    "spec_version": "https://identity.foundation/credential-manifest/spec/v1.0.0/",
    "applicant": "did:example:123",
    "manifest_id": "32f54163-7166-48f1-93d8-ff217bdb0653",
    "application_id": "9b1deb4d-3b7d-4bad-9bdd-2b0d7b3dcb6d",
    "fulfillment": {
      "descriptor_map": [
        {
          "id": "banking_output_2",
          "format": "jwt_vc",
          "path": "$.verifiableCredential[0]"
        },
        {
          "id": "employment_output",
          "format": "ldp_vc",
          "path": "$.verifiableCredential[1]"
        },
        {
          "id": "citizenship_output_1",
          "format": "ldp_vc",
          "path": "$.verifiableCredential[2]"
        }
      ]
    }
  },
  "verifiableCredential": [
    {
      "comment": "IN REALWORLD VPs, THIS WILL BE A BIG UGLY OBJECT INSTEAD OF THE DECODED JWT PAYLOAD THAT FOLLOWS",
      "vc": {
        "@context": "https://www.w3.org/2018/credentials/v1",
        "id": "https://eu.com/claims/DriversLicense",
        "type": [
          "EUDriversLicense"
        ],
        "issuer": "did:example:123",
        "issuanceDate": "2010-01-01T19:73:24Z",
        "credentialSubject": {
          "id": "did:example:ebfeb1f712ebc6f1c276e12ec21",
          "accounts": [
            {
              "id": "1234567890",
              "route": "DE-9876543210"
            },
            {
              "id": "2457913570",
              "route": "DE-0753197542"
            }
          ]
        }
      }
    },
    {
      "@context": "https://www.w3.org/2018/credentials/v1",
      "id": "https://business-standards.org/schemas/employment-history.json",
      "type": [
        "VerifiableCredential",
        "GenericEmploymentCredential"
      ],
      "issuer": "did:foo:123",
      "issuanceDate": "2010-01-01T19:73:24Z",
      "credentialSubject": {
        "id": "did:example:ebfeb1f712ebc6f1c276e12ec21",
        "active": true
      },
      "proof": {
        "type": "EcdsaSecp256k1VerificationKey2019",
        "created": "2017-06-18T21:19:10Z",
        "proofPurpose": "assertionMethod",
        "verificationMethod": "https://example.edu/issuers/keys/1",
        "jws": "..."
      }
    },
    {
      "@context": "https://www.w3.org/2018/credentials/v1",
      "id": "https://eu.com/claims/DriversLicense",
      "type": [
        "EUDriversLicense"
      ],
      "issuer": "did:foo:123",
      "issuanceDate": "2010-01-01T19:73:24Z",
      "credentialSubject": {
        "id": "did:example:ebfeb1f712ebc6f1c276e12ec21",
        "license": {
          "number": "34DGE352",
          "dob": "07/13/80"
        }
      },
      "proof": {
        "type": "RsaSignature2018",
        "created": "2017-06-18T21:19:10Z",
        "proofPurpose": "assertionMethod",
        "verificationMethod": "https://example.edu/issuers/keys/1",
        "jws": "..."
      }
    }
  ],
  "proof": {
    "type": "RsaSignature2018",
    "created": "2018-09-14T21:19:10Z",
    "proofPurpose": "authentication",
    "verificationMethod": "did:example:ebfeb1f712ebc6f1c276e12ec21#keys-1",
    "challenge": "1f44d55f-f161-4938-a659-f8026467f126",
    "domain": "4jt78h47fh47",
    "jws": "..."
  }
}
EXAMPLE
eyJhbGciOiJFZERTQSIsImtpZCI6ImRpZDpleGFtcGxlOmViZmViMWY3MTJlYmM2ZjFjMjc2ZTEyZWMyMSIsInR5cCI6IkpXVCJ9.eyJjcmVkZW50aWFsX3Jlc3BvbnNlIjp7ImFwcGxpY2F0aW9uX2lkIjoiOWIxZGViNGQtM2I3ZC00YmFkLTliZGQtMmIwZDdiM2RjYjZkIiwiZnVsZmlsbG1lbnQiOnsiZGVzY3JpcHRvcl9tYXAiOlt7ImZvcm1hdCI6Imp3dF92YyIsImlkIjoibGljZW5zZV9vdXRwdXQiLCJwYXRoIjoiJC52ZXJpZmlhYmxlQ3JlZGVudGlhbFswXSJ9LHsiZm9ybWF0Ijoiand0X3ZjIiwiaWQiOiJlbXBsb3ltZW50X291dHB1dCIsInBhdGgiOiIkLnZlcmlmaWFibGVDcmVkZW50aWFsWzFdIn1dfSwiaWQiOiJhMzBlM2I5MS1mYjc3LTRkMjItOTVmYS04NzE2ODljMzIyZTIiLCJtYW5pZmVzdF9pZCI6IjMyZjU0MTYzLTcxNjYtNDhmMS05M2Q4LWZmMjE3YmRiMDY1MyIsInNwZWNfdmVyc2lvbiI6Imh0dHBzOi8vaWRlbnRpdHkuZm91bmRhdGlvbi9jcmVkZW50aWFsLW1hbmlmZXN0L3NwZWMvdjEuMC4wLyJ9LCJpYXQiOjE2Njc1MzM2MTUsImlzcyI6ImRpZDpleGFtcGxlOmViZmViMWY3MTJlYmM2ZjFjMjc2ZTEyZWMyMSIsInZlcmlmaWFibGVDcmVkZW50aWFscyI6WyJleUpoYkdjaU9pSkZaRVJUUVNJc0ltdHBaQ0k2SW1ScFpEcGxlR0Z0Y0d4bE9tVmlabVZpTVdZM01USmxZbU0yWmpGak1qYzJaVEV5WldNeU1TSXNJblI1Y0NJNklrcFhWQ0o5LmV5SnBjM01pT2lKa2FXUTZaWGhoYlhCc1pUb3hNak1pTENKcWRHa2lPaUpvZEhSd2N6b3ZMMlYxTG1OdmJTOWpiR0ZwYlhNdlJISnBkbVZ5YzB4cFkyVnVjMlVpTENKdVltWWlPakUyTmpjMU16TTJNVFV6TURVMk16a3dNREFzSW5OMVlpSTZJbVJwWkRwbGVHRnRjR3hsT21WaVptVmlNV1kzTVRKbFltTTJaakZqTWpjMlpURXlaV015TVNJc0luWmpJanA3SWtCamIyNTBaWGgwSWpwYkltaDBkSEJ6T2k4dmQzZDNMbmN6TG05eVp5OHlNREU0TDJOeVpXUmxiblJwWVd4ekwzWXhJbDBzSW1sa0lqb2lhSFIwY0hNNkx5OWxkUzVqYjIwdlkyeGhhVzF6TDBSeWFYWmxjbk5NYVdObGJuTmxJaXdpZEhsd1pTSTZXeUpGVlVSeWFYWmxjbk5NYVdObGJuTmxJbDBzSW1semMzVmxjaUk2SW1ScFpEcGxlR0Z0Y0d4bE9qRXlNeUlzSW1semMzVmhibU5sUkdGMFpTSTZJakl3TVRBdE1ERXRNREZVTVRrNk56TTZNalJhSWl3aVkzSmxaR1Z1ZEdsaGJGTjFZbXBsWTNRaU9uc2lZV05qYjNWdWRITWlPbHQ3SW1sa0lqb2lNVEl6TkRVMk56ZzVNQ0lzSW5KdmRYUmxJam9pUkVVdE9UZzNOalUwTXpJeE1DSjlMSHNpYVdRaU9pSXlORFUzT1RFek5UY3dJaXdpY205MWRHVWlPaUpFUlMwd056VXpNVGszTlRReUluMWRMQ0pwWkNJNkltUnBaRHBsZUdGdGNHeGxPbVZpWm1WaU1XWTNNVEpsWW1NMlpqRmpNamMyWlRFeVpXTXlNU0o5ZlgwLlJkS2E1NldDT0V2SlFxNnp0QmhEZHJDUlNtLXpYeWFBbnlWTVJsclcwV1RsdkUyMjV3OHVuZDl2U2g2V1h6cGVxQnpXemhlMzBRc3kwekd3dzZkcUNRIiwiZXlKaGJHY2lPaUpGWkVSVFFTSXNJbXRwWkNJNkltUnBaRHBsZUdGdGNHeGxPbVZpWm1WaU1XWTNNVEpsWW1NMlpqRmpNamMyWlRFeVpXTXlNU0lzSW5SNWNDSTZJa3BYVkNKOS5leUpwYzNNaU9pSmthV1E2Wm05dk9qRXlNeUlzSW1wMGFTSTZJbWgwZEhCek9pOHZZblZ6YVc1bGMzTXRjM1JoYm1SaGNtUnpMbTl5Wnk5elkyaGxiV0Z6TDJWdGNHeHZlVzFsYm5RdGFHbHpkRzl5ZVM1cWMyOXVJaXdpYm1KbUlqb3hOalkzTlRNek5qRTFNekExTnpneU1EQXdMQ0p6ZFdJaU9pSmthV1E2WlhoaGJYQnNaVHBsWW1abFlqRm1OekV5WldKak5tWXhZekkzTm1VeE1tVmpNakVpTENKMll5STZleUpBWTI5dWRHVjRkQ0k2V3lKb2RIUndjem92TDNkM2R5NTNNeTV2Y21jdk1qQXhPQzlqY21Wa1pXNTBhV0ZzY3k5Mk1TSmRMQ0pwWkNJNkltaDBkSEJ6T2k4dlluVnphVzVsYzNNdGMzUmhibVJoY21SekxtOXlaeTl6WTJobGJXRnpMMlZ0Y0d4dmVXMWxiblF0YUdsemRHOXllUzVxYzI5dUlpd2lkSGx3WlNJNld5SldaWEpwWm1saFlteGxRM0psWkdWdWRHbGhiQ0lzSWtkbGJtVnlhV05GYlhCc2IzbHRaVzUwUTNKbFpHVnVkR2xoYkNKZExDSnBjM04xWlhJaU9pSmthV1E2Wm05dk9qRXlNeUlzSW1semMzVmhibU5sUkdGMFpTSTZJakl3TVRBdE1ERXRNREZVTVRrNk56TTZNalJhSWl3aVkzSmxaR1Z1ZEdsaGJGTjFZbXBsWTNRaU9uc2lZV04wYVhabElqcDBjblZsTENKcFpDSTZJbVJwWkRwbGVHRnRjR3hsT21WaVptVmlNV1kzTVRKbFltTTJaakZqTWpjMlpURXlaV015TVNKOWZYMC4ycFNKNllKb0hlUDlNbkNDTzhiV25GelBrbEZiUFQwS05kRHR6UGd1NGRONG9paTV3MkZEOG1mblVjWnl5MDJMaTdwVjhsUTdOMG9QdHBVcXlGODVEUSJdfQ.n2k0Na7lHaAVGiJof4xB1s5Z8aUS5UIvwtqGrb1MEa6o2OMdetMCtMODlYc__EnfH8J-ADT6k5mLsnI4vlT4DQ
EXAMPLE
{
  "credential_response": {
    "application_id": "9b1deb4d-3b7d-4bad-9bdd-2b0d7b3dcb6d",
    "applicant": "did:example:123",
    "fulfillment": {
      "descriptor_map": [
        {
          "format": "jwt_vc",
          "id": "license_output",
          "path": "$.verifiableCredential[0]"
        },
        {
          "format": "jwt_vc",
          "id": "employment_output",
          "path": "$.verifiableCredential[1]"
        }
      ]
    },
    "id": "a30e3b91-fb77-4d22-95fa-871689c322e2",
    "manifest_id": "32f54163-7166-48f1-93d8-ff217bdb0653",
    "spec_version": "https://identity.foundation/credential-manifest/spec/v1.0.0/"
  },
  "iat": 1667533615,
  "iss": "did:example:ebfeb1f712ebc6f1c276e12ec21",
  "verifiableCredentials": [
    "eyJhbGciOiJFZERTQSIsImtpZCI6ImRpZDpleGFtcGxlOmViZmViMWY3MTJlYmM2ZjFjMjc2ZTEyZWMyMSIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJkaWQ6ZXhhbXBsZToxMjMiLCJqdGkiOiJodHRwczovL2V1LmNvbS9jbGFpbXMvRHJpdmVyc0xpY2Vuc2UiLCJuYmYiOjE2Njc1MzM2MTUzMDU2MzkwMDAsInN1YiI6ImRpZDpleGFtcGxlOmViZmViMWY3MTJlYmM2ZjFjMjc2ZTEyZWMyMSIsInZjIjp7IkBjb250ZXh0IjpbImh0dHBzOi8vd3d3LnczLm9yZy8yMDE4L2NyZWRlbnRpYWxzL3YxIl0sImlkIjoiaHR0cHM6Ly9ldS5jb20vY2xhaW1zL0RyaXZlcnNMaWNlbnNlIiwidHlwZSI6WyJFVURyaXZlcnNMaWNlbnNlIl0sImlzc3VlciI6ImRpZDpleGFtcGxlOjEyMyIsImlzc3VhbmNlRGF0ZSI6IjIwMTAtMDEtMDFUMTk6NzM6MjRaIiwiY3JlZGVudGlhbFN1YmplY3QiOnsiYWNjb3VudHMiOlt7ImlkIjoiMTIzNDU2Nzg5MCIsInJvdXRlIjoiREUtOTg3NjU0MzIxMCJ9LHsiaWQiOiIyNDU3OTEzNTcwIiwicm91dGUiOiJERS0wNzUzMTk3NTQyIn1dLCJpZCI6ImRpZDpleGFtcGxlOmViZmViMWY3MTJlYmM2ZjFjMjc2ZTEyZWMyMSJ9fX0.RdKa56WCOEvJQq6ztBhDdrCRSm-zXyaAnyVMRlrW0WTlvE225w8und9vSh6WXzpeqBzWzhe30Qsy0zGww6dqCQ",
    "eyJhbGciOiJFZERTQSIsImtpZCI6ImRpZDpleGFtcGxlOmViZmViMWY3MTJlYmM2ZjFjMjc2ZTEyZWMyMSIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJkaWQ6Zm9vOjEyMyIsImp0aSI6Imh0dHBzOi8vYnVzaW5lc3Mtc3RhbmRhcmRzLm9yZy9zY2hlbWFzL2VtcGxveW1lbnQtaGlzdG9yeS5qc29uIiwibmJmIjoxNjY3NTMzNjE1MzA1NzgyMDAwLCJzdWIiOiJkaWQ6ZXhhbXBsZTplYmZlYjFmNzEyZWJjNmYxYzI3NmUxMmVjMjEiLCJ2YyI6eyJAY29udGV4dCI6WyJodHRwczovL3d3dy53My5vcmcvMjAxOC9jcmVkZW50aWFscy92MSJdLCJpZCI6Imh0dHBzOi8vYnVzaW5lc3Mtc3RhbmRhcmRzLm9yZy9zY2hlbWFzL2VtcGxveW1lbnQtaGlzdG9yeS5qc29uIiwidHlwZSI6WyJWZXJpZmlhYmxlQ3JlZGVudGlhbCIsIkdlbmVyaWNFbXBsb3ltZW50Q3JlZGVudGlhbCJdLCJpc3N1ZXIiOiJkaWQ6Zm9vOjEyMyIsImlzc3VhbmNlRGF0ZSI6IjIwMTAtMDEtMDFUMTk6NzM6MjRaIiwiY3JlZGVudGlhbFN1YmplY3QiOnsiYWN0aXZlIjp0cnVlLCJpZCI6ImRpZDpleGFtcGxlOmViZmViMWY3MTJlYmM2ZjFjMjc2ZTEyZWMyMSJ9fX0.2pSJ6YJoHeP9MnCCO8bWnFzPklFbPT0KNdDtzPgu4dN4oii5w2FD8mfnUcZyy02Li7pV8lQ7N0oPtpUqyF85DQ"
  ]
}

§ JSON Schemas

§ Vocabulary Definition

The Wallet Rendering specification adopts and defines the following JSON Schema data format and processing variant. If Wallet is used, the implementers MUST support for evaluation of the portions of the Wallet Rendering specification that call for JSON validation.

NOTE

Wallet Rendering is still under development (also at DIF) and should be considered unstable until a stable version is released.

§ Credential Manifest

EXAMPLE
{
  "$schema": "http://json-schema.org/draft-07/schema",
  "title": "Credential Manifest",
  "type": "object",
  "properties": {
    "id": {
      "type": "string"
    },
    "name": {
      "type": "string"
    },
    "description": {
      "type": "string"
    },
    "spec_version": {
      "type": "string"
    },
    "issuer": {
      "type": "object",
      "required": [
        "id"
      ],
      "properties": {
        "id": {
          "type": "string"
        },
        "name": {
          "type": "string"
        },
        "styles": {
          "$ref": "https://identity.foundation/wallet-rendering/schemas/entity-styles.json"
        }
      },
      "additionalProperties": false
    },
    "output_descriptors": {
      "type": "array",
      "items": {
        "type": "object",
        "required": [
          "id",
          "schema"
        ],
        "properties": {
          "id": {
            "type": "string"
          },
          "name": {
            "type": "string"
          },
          "description": {
            "type": "string"
          },
          "schema": {
            "type": "string"
          },
          "display": {
            "type": "object",
            "properties": {
              "title": {
                "$ref": "https://identity.foundation/wallet-rendering/schemas/display-mapping-object.json"
              },
              "subtitle": {
                "$ref": "https://identity.foundation/wallet-rendering/schemas/display-mapping-object.json"
              },
              "description": {
                "$ref": "https://identity.foundation/wallet-rendering/schemas/display-mapping-object.json"
              },
              "properties": {
                "type": "array",
                "items": {
                  "$ref": "https://identity.foundation/wallet-rendering/schemas/labeled-display-mapping-object.json"
                }
              }
            },
            "additionalProperties": false
          },
          "styles": {
            "$ref": "https://identity.foundation/wallet-rendering/schemas/entity-styles.json"
          }
        },
        "additionalProperties": false
      }
    },
    "presentation_definition": {
      "$ref": "https://identity.foundation/presentation-exchange/schemas/presentation-definition.json"
    },
    "format": {
      "$ref": "https://identity.foundation/claim-format-registry/schemas/presentation-definition-claim-format-designations.json"
    }
  },
  "required": [
    "id",
    "spec_version",
    "issuer",
    "output_descriptors"
  ],
  "additionalProperties": false
}

§ Output Descriptors

EXAMPLE
{
  "$schema": "http://json-schema.org/draft-07/schema",
  "title": "Output Descriptors",
  "type": "object",
  "properties": {
    "output_descriptors": {
      "type": "array",
      "items": {
        "type": "object",
        "properties": {
          "id": { "type": "string" },
          "name": { "type": "string" },
          "description": { "type": "string" },
          "schema": { "type": "string" },
          "display": {
            "type": "object",
            "properties": {
              "title": {
                "$ref": "https://identity.foundation/wallet-rendering/schemas/display-mapping-object.json"
              },
              "subtitle": {
                "$ref": "https://identity.foundation/wallet-rendering/schemas/display-mapping-object.json"
              },
              "description": {
                "$ref": "https://identity.foundation/wallet-rendering/schemas/display-mapping-object.json"
              },
              "properties": {
                "type": "array",
                "items": {
                  "$ref": "https://identity.foundation/wallet-rendering/schemas/labeled-display-mapping-object.json"
                }
              }
            },
            "additionalProperties": false
          },
          "styles": {
            "$ref": "https://identity.foundation/wallet-rendering/schemas/entity-styles.json"
          }
        },
        "required": ["id", "schema"],
        "additionalProperties": false
      }
    }
  },
  "required": ["output_descriptors"],
  "additionalProperties": false
}

§ Credential Application

EXAMPLE
{
  "$schema": "http://json-schema.org/draft-07/schema#",
  "title": "Credential Application",
  "type": "object",
  "properties": {
    "id": { "type": "string" },
    "spec_version": { "type" : "string" },
    "manifest_id": { "type": "string" },
    "applicant": { "type": "string" },
    "format": {
      "type": "object",
      "patternProperties": {
        "^jwt$|^jwt_vc$|^jwt_vp$": {
          "type": "object",
          "properties": {
            "alg": {
              "type": "array",
              "minItems": 1,
              "items": { "type": "string" }
            }
          },
          "required": ["alg"],
          "additionalProperties": false
        },
        "^ldp_vc$|^ldp_vp$|^ldp$": {
          "type": "object",
          "properties": {
            "proof_type": {
              "type": "array",
              "minItems": 1,
              "items": { "type": "string" }
            }
          },
          "required": ["proof_type"],
          "additionalProperties": false
        }
      },
      "additionalProperties": false
    },
    "presentation_submission": {
      "type": "object",
      "properties": {
        "id": { "type": "string" },
        "definition_id": { "type": "string" },
        "descriptor_map": {
          "type": "array",
          "items": { "$ref": "#/definitions/descriptor" }
        }
      },
      "required": ["id", "definition_id", "descriptor_map"],
      "additionalProperties": false
    }
  },
  "definitions": {
    "descriptor": {
      "type": "object",
      "properties": {
        "id": { "type": "string" },
        "path": { "type": "string" },
        "path_nested": {
          "type": "object",
          "$ref": "#/definitions/descriptor"
        },
        "format": {
          "type": "string",
          "enum": ["jwt", "jwt_vc", "jwt_vp", "ldp", "ldp_vc", "ldp_vp"]
        }
      },
      "required": ["id", "path", "format"],
      "additionalProperties": false
    }
  },
  "required": ["id", "spec_version", "manifest_id", "format"],
  "additionalProperties": false
}

§ Credential Response

EXAMPLE
{
  "$schema": "http://json-schema.org/draft-07/schema#",
  "title": "Credential Response",
  "type": "object",
  "properties": {    
    "id": { "type": "string" },
    "spec_version": { "type" : "string" },
    "applicant": { "type": "string" },
    "manifest_id": { "type": "string" },
    "application_id": { "type": "string" },
    "fulfillment": {
      "type": "object",
      "properties": {
        "descriptor_map": {
          "type": "array",
          "items": { "$ref": "#/definitions/descriptor" }
        }
      },
      "required": ["descriptor_map"],
      "additionalProperties": false
    },
    "denial": {
      "type": "object",
      "properties": {
        "reason": { "type": "string" },
        "input_descriptors": {
          "type": "array",
          "minItems": 1,
          "items": { "type": "string" }
        }
      },
      "required": ["reason"],
      "additionalProperties": false
    }
  },
  "oneOf": [
    {
      "required": ["fulfillment"]
    },
    {
      "required": ["denial"] 
    }
  ],
  "definitions": {
    "descriptor": {
      "type": "object",
      "properties": {
        "id": { "type": "string" },
        "path": { "type": "string" },
        "path_nested": {
          "type": "object",
            "$ref": "#/definitions/descriptor"
        },
        "format": {
          "type": "string",
          "enum": ["jwt", "jwt_vc", "jwt_vp", "ldp", "ldp_vc", "ldp_vp"]
        }
      },
      "required": ["id", "path", "format"],
      "additionalProperties": false
    }
  },
  "required": ["id", "spec_version", "manifest_id"],
  "additionalProperties": false
}

§ Use Cases

§ Credential Issuance Discovery

As an Issuer, I want to publish a list of credentials I offer, for wallets and other entities to find and digest.

§ Credential Requirement Discovery

As an Issuer, I want to provide a description of the information that a Holder would need to submit to acquire a given credential.

§ Credential Display

Note: This set of use cases requires Wallet Rendering. Wallet Rendering is still under development (also at DIF) and should be considered unstable until a stable version is released.

As a Wallet Implementer, I want to know how to display a credential to the user.

As a Holder, I want my wallet to be able to display the credential (i.e. contents or payload) of a future verifiable credential in UI before I apply for it and after it is issued to me:

  • Before applying for a credential:
    • Show the user examples of information contained in the VC.
    • Include the type of credential, how long it’s valid for, etc.
    • Generate a interactive modal, form, etc. for user-inputted fields that can interact with other software (such as a password manager or form-filler)
  • After taking possession of a credential:
    • Display information from the VC that is pertinent to the user.
    • Provide a way to show Issuer branding and other differentiating UI features.

As a Wallet Implementer, I want to display formatted data values.

§ References

Presentation Exchange
Presentation Exchange 2.0.0. Daniel Buchner, Brent Zundel, Martin Riedel, Kim Hamilton Duffy. Status: Working Group Draft
Wallet Rendering
Wallet Rendering. Daniel Buchner, Brent Zundel, Jace Hensley, Daniel McGrogan. Status: Strawman
JSON Schema
JSON Schema: A Media Type for Describing JSON Documents. A. Wright, H. Andrews, B. Hutton, G. Dennis. Status: 28 January 2020. Status: Internet-Draft.
JSON Schema Validation
JSON Schema Validation. A. Wright, H. Andrews, B. Hutton. March 19, 2020. Status: Internet Draft.
Table of Contents