§ Presentation Exchange 2.X.X
Specification Status: Pre-Draft
Latest Draft: identity.foundation/presentation-exchange
- Ratified Versions:
- v1.0.0 - https://identity.foundation/presentation-exchange/spec/v1.0.0
- v2.0.0 - https://identity.foundation/presentation-exchange/spec/v2.0.0
- v2.1.0 - https://identity.foundation/presentation-exchange/spec/v2.1.0
- v2.1.1 - https://identity.foundation/presentation-exchange/spec/v2.1.1
- Editors:
- Daniel Buchner (Block)
- Brent Zundel (Evernym)
- Martin Riedel (Consensys Mesh)
- Kim Hamilton Duffy (Decentralized Identity Foundation)
- Contributors:
- Daniel McGrogan (Workday)
- Gabe Cohen (Block)
- Orie Steele (Transmute)
- Wayne Chang (Spruce)
- David Chadwick (Crossword Cybersecurity)
- Jace Hensley (Bloom)
- Niels Klomp (Sphereon)
- Andor Kesselman (Benri)
- Participate:
- GitHub repo
- File a bug
- Commit history
§ Abstract
A common activity between peers in identity systems that feature the ability to generate self-asserted and third-party issued Claims is the demand and submission of proofs from a Holder to a Verifier. This flow implicitly requires the Holder and Verifier have a mechanism to facilitate the two primary steps in a proving exchange: a way for Verifiers to describe proof requirements, and for Holders to describe submissions of proof which align with those requirements.
To address these needs, this Presentation Exchange specification codifies a Presentation Definition data format Verifiers can use to articulate proof requirements, and a Presentation Submission data format Holders can use to describe proofs submitted in accordance with them.
This specification is designed to be both Claim format and transport envelope agnostic,as long as the format can be serialized as JSON. This means an implementer can use JSON Web Tokens (JWTs), Verifiable Credentials (VCs), JWT-VCs, or any other JSON Claim format, and convey them via Open ID Connect, DIDComm, Credential Handler API, or any other transport envelope. The goal of this flexible format- and transport-agnostic mechanism is to enable unified procedures and code, thereby reducing potentially redundant code and processing requirements.
This specification does not define transport protocols, specific endpoints, or other means for conveying the formatted objects it codifies, but encourages other specifications and projects that do define such mechanisms to utilize these data formats within their flows.
§ Status of This Document
Presentation Exchange v2.X.X is a PRE-DRAFT specification developed within the Decentralized Identity Foundation (DIF). It incorporates requirements and learnings from related work of many active industry players into a shared specification that meets the collective needs of the community.
§ Terminology
- Claim
- An assertion made about a Subject. Used as an umbrella term for Credential, Assertion, Attestation, etc.
- Conformant Consumer
- An entity that follows the specified processing rules to consume a Presentation Definition or Presentation Submission that conforms to this specification.
- Conformant Producer
- An entity that produces a Presentation Definition or Presentation Submission that conforms to this specification.
- Embed Locations
- Embed Locations are the specific paths and indexes per Embed Target where the Verifier can expect to find the Presentation. See Embed Locations.
- Embed Target
- Embed Targets are data formats used in messaging protocols that may be used to transport a Presentation Submission. See Embed Targets.
- Feature
- Features enable Verifiers to express, and Holders to support, extended functionality (relative to the base objects) by defining one or more properties on one or more objects.
- Holder
- Holders are entities that submit proofs to Verifiers to satisfy the requirements described in a Presentation Definition. A Holder is a Conformant Consumer of a Presentation Definition and a Conformant Producer of a Presentation Submission.
- Holder Binding
- Holder Bindings are requirements of a certain type of relationship between the Holder and the Claims within the Presentation. See Holder Binding.
- Decentralized Web Node
- Some examples refer to an unfamiliar query protocol,
dwn://
, as a way of storing and querying schemata and other resources. While orthogonal to this specification and not yet on a standards track, the concept of “decentralized web nodes” proposes an architecture that may be of interest or utility to implementers of this specification. For more information, see the draft specification hosted at the decentralized identity foundation here - Input Descriptor
- Input Descriptors are used by a Verifier to describe the information required of a Holder before an interaction can proceed. See Input Descriptor.
- Input Descriptor Object
- Input Descriptors Objects are populated with properties describing what type of input data/Claim, or sub-fields thereof, are required for submission to the Verifier. See Input Descriptor Object.
- Link Secrets
- Link Secrets are values held by the Holder but hidden from other parties. They are typically incorporated into cryptographic signatures used in claims to demonstrate correlation while preventing replay attacks. An Issuer may ascertain that a Holder possesses a link secret without its disclosure. See Link Secrets.
- Presentation Definition
- Presentation Definitions are objects that articulate what proofs a Verifier requires. These help the Verifier to decide how or whether to interact with a Holder. Presentation Definitions are composed of inputs, which describe the forms and details of the proofs they require, and optional sets of selection rules, to allow Holders flexibility in cases where many different types of proofs may satisfy an input requirement. See Presentation Definition.
- Presentation Request
- Presentation Requests are transport mechanisms for Presentation. Presentation Requests can take multiple shapes, using a variety of protocols and signature schemes not refined in this specification. They are sent by a Verifier to a Holder. Defining Presentation Requests is outside the scope of this specification. See Presentation Request.
- Presentation Submission
- Presentation Submissions are objects embedded within target claim negotiation formats that unify the presentation of proofs to a Verifier in accordance with the requirements a Verifier specified in a Presentation Definition. See Presentation Submission.
- Subject
- Subjects are the entities about which Claims are made. The Subject may not be the same entity as the Holder
- Submission Requirement
- Submission Requirements are objects that define what combinations of inputs must be submitted to comply with the requirements a Verifier has for proceeding in a flow (e.g. credential issuance, allowing entry, accepting an application). See Submission Requirements.
- Submission Requirement Object
- Submission Requirement Objects describe valid combinations of inputs in a Presentation Submission. See Submission Requirement Objects.
- Submission Requirement Rule
- Submission Requirement Rules describe combinatorial rules within a Submission Requirement Object when processing inputs. They may be nested. See Submission Requirement Rules.
- Verifier
- Verifiers are entities that define what proofs they require from a Holder (via a Presentation Definition) in order to proceed with an interaction. A Verifier is a Conformant Producer of a Presentation Definition and a Conformant Consumer of a Presentation Submission.
§ Overview
The following representative sequence contextualizes the top-level objects described in this specification:
This specification covers only the data models of these objects and not the exchange protocols or architectural assumptions about how they get transported. Specifically:
- Holder discovery of the Presentation Definition is determined by the protocol. For example, the Verifier may post a QR code which, when scanned, allows a Holder to retrieve the Presentation Definition
- The Presentation Submission may be returned in a synchronous or asynchronous manner, depending on the protocol.
§ Structure of this Document
This document has two primary sections: In the first, there is a model for defining the set of information a relying party would like to have presented, and in the second, there is a model for showing that the submitted presentation meets the related definition. Each of these sections begins by defining a base set of properties considered essential for core uses of the model, then describes additional feature sets that expand upon the base to allow more complex uses. Objects are defined such that they may be used on their own or extended through Features defined subsequently in the spec. A Feature must declare if it has dependencies on other Features.
A Feature enables Verifiers to express, and Holders to support, extended functionality (relative to the base objects) by defining one or more properties on one or more objects.
Conformant Consumers are not required to support Features.
A Conformant Producer using Features that a Conformant Consumer does not support, might result in a Presentation Submission that can be rejected by a Verifier. This is especially the case when a feature introduces additional constraints on the Input Descriptor Object, like for instance the Relational Constraint Feature, where the subject_is_issuer
property could be used by a Verifier to require that certain inputs be self_attested. Depending on the Verifier implementation a submission which is not self attested might be rejected, because the Holder is not aware of the requirement the Feature introduced.
A Conformant Producer and Conformant Consumer implementation may wish to use Feature detection techniques for Features it does not support. Producing an error might be appropriate for certain unsupported Features, preventing submitting inappropriate or too much data, which might result in an error being produced by another Conformant Consumer implementation.
Examples in this document use the Verifiable Credentials Data Model and the Decentralized Identifiers (DIDs) formats for illustrative purposes only; this specification is intended to support any JSON-serializable Claim format.
§ Use Cases
The following is a non-exhaustive list of some use cases which this specification is intended to support.
- A Holder's agent can find a Presentation Definition in a well-known location, parse its contents, and use them to filter the Holder's credentials on behalf of the Holder, who can (interactively or programmatically) select credentials which their agent pack into a Presentation Submission submitted back to the Verifier for assessment.
- A Verifier's Presentation Definition and a Submission Requirements Object can describe a requirement met by credentials in multiple claim formats, and a Holder's agent can parse them and meet their requirements with a “mixed” Verifiable Presentation or other container that combines credentials in different claim formats, mapping claims to requirements with Embed Targets.
- A Verifier can be a Conformant Producer according to this specification without supporting any of the optional features, and any Holder agent which is a Conformant Consumer should be able to parse their artifacts and produce an Presentation Submission fulfilling them (granted they hold credentials that meet the requirements).
- A Verifier can be a Conformant Producer according to this specification supporting any combination optional features, and any Holder agent supporting none of those feature can be a Conformant Consumer of that Verifier’s artifacts.
§ Presentation Definition
Presentation Definitions are objects that articulate what proofs a Verifier requires. These help the Verifier to decide how or whether to interact with a Holder. Presentation Definitions are composed of inputs, which describe the forms and details of the proofs they require, and optional sets of selection rules, to allow Holders flexibility in cases where different types of proofs may satisfy an input requirement.
{
"comment": "Note: VP, OIDC, DIDComm, or CHAPI outer wrapper would be here.",
"presentation_definition": {
"id": "32f54163-7166-48f1-93d8-ff217bdb0653",
"input_descriptors": [
{
"id": "wa_driver_license",
"name": "Washington State Business License",
"purpose": "We can only allow licensed Washington State business representatives into the WA Business Conference",
"constraints": {
"fields": [
{
"path": [
"$.credentialSubject.dateOfBirth",
"$.credentialSubject.dob",
"$.vc.credentialSubject.dateOfBirth",
"$.vc.credentialSubject.dob"
]
}
]
}
}
]
}
}
{
"presentation_definition": {
"id": "first simple example",
"input_descriptors": [
{
"id": "A specific type of VC",
"name": "A specific type of VC",
"purpose": "We want a VC of this type",
"constraints": {
"fields": [
{
"path": [
"$.type"
],
"filter": {
"type": "array",
"contains": {
"type": "string",
"pattern": "^<the type of VC e.g. degree certificate>$"
}
}
}
]
}
}
]
}
}
{
"presentation_definition": {
"id": "Scalable trust example",
"input_descriptors": [
{
"id": "any type of credit card from any bank",
"name": "any type of credit card from any bank",
"purpose": "Please provide your credit card details",
"constraints": {
"fields": [
{
"path": [
"$.termsOfUse.type"
],
"filter": {
"type": "string",
"pattern": "^https://train.trust-scheme.de/info$"
}
},
{
"path": [
"$.termsOfUse.trustScheme"
],
"filter": {
"type": "string",
"pattern": "^worldbankfederation.com$"
}
},
{
"path": [
"$.type"
],
"filter": {
"type": "string",
"pattern": "^creditCard$"
}
}
]
}
}
]
}
}
{
"presentation_definition": {
"id": "Scalable trust example",
"input_descriptors": [
{
"id": "any type of credit card from any bank",
"name": "any type of credit card from any bank",
"purpose": "Please provide your credit card details",
"constraints": {
"fields": [
{
"path": [
"$.termsOfUse"
],
"filter": {
"$defs": {
"typeString": {
"type": "string",
"pattern": "^https://train.trust-scheme.de/info$"
},
"typeStringOrArray": {
"anyOf": [
{
"$ref": "#/$defs/typeString"
},
{
"type": "array",
"contains": {
"$ref": "#/$defs/typeString"
}
}
]
},
"trustSchemeString": {
"type": "string",
"pattern": "^worldbankfederation.com$"
},
"trustSchemeStringOrArray": {
"anyOf": [
{
"$ref": "#/$defs/trustSchemeString"
},
{
"type": "array",
"contains": {
"$ref": "#/$defs/trustSchemeString"
}
}
]
},
"tosObject": {
"type": "object",
"required": [
"type",
"trustScheme"
],
"properties": {
"type": {
"$ref": "#/$defs/typeStringOrArray"
},
"trustScheme": {
"$ref": "#/$defs/trustSchemeStringOrArray"
}
}
},
"tosObjectOrArray": {
"anyOf": [
{
"$ref": "#/$defs/tosObject"
},
{
"type": "array",
"contains": {
"$ref": "#/$defs/tosObject"
}
}
]
}
},
"$ref": "#/$defs/tosObjectOrArray"
}
},
{
"path": [
"$.type"
],
"filter": {
"type": "array",
"contains": {
"type": "string",
"pattern": "^creditCard$"
}
}
}
]
}
}
]
}
}
The following properties are for use at the top-level of a Presentation Definition. Any properties that are not defined below MUST be ignored, unless otherwise specified by a Feature;
-
id
- The Presentation Definition **MUST** contain anid
property. The value of this property **MUST** be a string. The string **SHOULD** provide a unique ID for the desired context. For example, a UUID such as32f54163-7166-48f1-93d8-f f217bdb0653
could provide an ID that is unique in a global context, while a simple string such asmy_presentation_definition_1
could be suitably unique in a local context. Theid
property **SHOULD** be unique within the Presentation Definition itself, meaning no otherid
values should exist at any level with the same value. -
input_descriptors
- The Presentation Definition **MUST** contain aninput_descriptors
property. Its value **MUST** be an array of Input Descriptor Objects, the composition of which are described in theInput Descriptors
section below.All inputs listed in the
input_descriptors
array are required for submission, unless otherwise specified by a Feature. -
name
- The Presentation Definition **MAY** contain aname
property. If present, its value **SHOULD** be a human-friendly string intended to constitute a distinctive designation of the Presentation Definition. -
purpose
- The Presentation Definition **MAY** contain apurpose
property. If present, its value **MUST** be a string that describes the purpose for which the Presentation Definition's inputs are being used for. -
The Presentation Definition **MAY** include a
format
property. Some envelope transport protocols may include the value of this property in other locations and use different property names (See the Format Embed Locations section for details), but regardless of whether it resides at the default location (theformat
property of thepresentation_definition
object), the value **MUST** be an object consisting of keyed arrays. Each array should be keyed to a Claim Format Designation (e.g.,jwt
,jwt_vc
,jwt_vp
, etc.) registered in the governing registry. The values in each array should only be values ofalg
and/orproofType
that are valid according to this registry (and the upstream registries it relies on to define valid values foralg
orproofType
per claim format). As these upstream registries of valid profiles within each claim format may add, rename, or deprecate entries over time, it is recommended that implementers check both the claim format registry and its dependencies when defining these objects to minimize risk of ambiguity or incompatibility with other implementations. These arrays of strings thus function as enumerations of supported profiles for each claim format, informing the Holder of which Claim format configurations the Verifier can process. The value for each claim format property **MUST** be an object composed as follows:-
The object **MUST** include a format-specific property (i.e.,
alg
,proof_type
) that expresses which algorithms the Verifier supports for the format. Its value **MUST** be an array of one or more format-specific algorithmic identifier references, as noted in the Claim Format Designations section.An illustrative example containing all of the formats in use by the specifying implementers at time of writing (also reflected in the provided JSON Schema) is as follows:
-
{
"presentation_definition": {
"id": "32f54163-7166-48f1-93d8-ff217bdb0653",
"input_descriptors": [],
"format": {
"jwt": {
"alg": ["EdDSA", "ES256K", "ES384"]
},
"jwt_vc": {
"alg": ["ES256K", "ES384"]
},
"jwt_vp": {
"alg": ["EdDSA", "ES256K"]
},
"ldp_vc": {
"proof_type": [
"JsonWebSignature2020",
"Ed25519Signature2018",
"EcdsaSecp256k1Signature2019",
"RsaSignature2018"
]
},
"ldp_vp": {
"proof_type": ["Ed25519Signature2018"]
},
"ldp": {
"proof_type": ["RsaSignature2018"]
}
}
}
}
Including purpose information should not be confused with consent to process personal data NOR taken as a substitute for an, e.g., GDPR-conformant expression of “purpose”; instead, it should be thought of as purely informative to the user. Implementers are encouraged to do a proper review of applicable regulatory requirements around consent and purpose disclosures. The DIF Claims & Credentials WG Data Agreement work item is developing a supplemental specification to aid in compliance with privacy regulations (GDPR, CCPA, etc.), and a method for creating immutable records of consent records (data agreements) for using personal data.
§ Input Descriptor
Input Descriptors are objects used to describe the information a Verifier requires of a Holder. All Input Descriptors **MUST** be satisfied, unless otherwise specified by a Feature.
Input Descriptor Objects contain an identifier and may contain constraints on data values, and an explanation why a certain item or set of data is being requested.
§ Input Descriptor Object
The following properties are for use at the top-level of a Input Descriptor Objects. Any properties that are not defined below MUST be ignored, unless otherwise specified by a Feature;
- The Input Descriptor Object **MUST** contain an
id
property. The value of theid
property **MUST** be a string that does not conflict with theid
of another Input Descriptor Object in the same Presentation Definition and **SHOULD** not conflict with any otherid
value present in the same Presentation Definition. - The Input Descriptor Object **MAY** contain a
name
property. If present, its value **SHOULD** be a human-friendly name that describes what the target schema represents. - The Input Descriptor Object **MAY** contain a
purpose
property. If present, its value **MUST** be a string that describes the purpose for which the Claim's data is being requested. - The Input Descriptor Object **MAY** contain a
format
property. If present, its value **MUST** be an object with one or more properties matching the registered Claim Format Designations (e.g.,jwt
,jwt_vc
,jwt_vp
, etc.). Thisformat
property is identical in value signature to the top-levelformat
object, but can be used to specifically constrain submission of a single input to a subset of formats or algorithms. - The Input Descriptor Object **MUST** contain a
constraints
property. Its value **MUST** be an object composed as follows, and it **MUST** contain one of the allowed properties or Features: - The constraints object **MAY** contain afields
property. Fields **SHALL** be processed forward from 0-index, so if a Verifier desires to reduce processing by checking the most defining characteristics of a credential (e.g the type or schema of a credential) implementers **SHOULD** order these field checks before all others to ensure earliest termination of evaluation. If thefields
property is present, its value **MUST** be an array of objects composed as follows, unless otherwise specified by a feature: - The fields object **MUST** contain apath
property. The value of this property **MUST** be an array of one or more JSONPath string expressions (as defined in the JSONPath Syntax Definition section) that select a target value from the input. The array **MUST** be evaluated from 0-index forward, breaking as soon as a Field Query Result is found (as described in Input Evaluation), which will be used for the rest of the entry’s evaluation. The ability to declare multiple expressions in this way allows the Verifier to account for format differences - for example: normalizing the differences in structure between JSON-LD/JWT-based Verifiable Credentials and vanilla JSON Web Tokens (JWTs) [RFC7519]. - The fields object **MAY** contain anid
property. If present, its value **MUST** be a string that is unique from every other field object’sid
property, including those contained in other Input Descriptor Objects. - The fields object **MAY** contain apurpose
property. If present, its value **MUST** be a string that describes the purpose for which the field is being requested. - The fields object **MAY** contain aname
property. If present, its value **MUST** be a string, and **SHOULD** be a human-friendly name that describes what the target field represents. - The fields object **MAY** contain afilter
property, and if present its value **MUST** be a JSON Schema descriptor used to filter against the values returned from evaluation of the JSONPath string expressions in thepath
array. - The fields object **MAY** contain anoptional
property. The value of this property **MUST** be a boolean, whereintrue
indicates the field is optional, andfalse
or non-presence of the property indicates the field is required. Even when theoptional
property is present, the value located at the indicatedpath
of the field **MUST** validate against the JSON Schemafilter
, if afilter
is present.NOTERemember a valid JSON Schema **MAY** contain additional keywords (e.g.,
formatMinimum
andformatMaximum
) that require extensions to handle properly.A [[ref: Holder]] ****SHOULD**** be able to gracefully handle additional properties, even if this just means ignoring the added keywords. ::: - The _constraints object_ ****MAY**** contain a `limit_disclosure` property. If present, its value ****MUST**** be one of the following strings: - `required` - This indicates that the [[ref:Conformant Consumer]] ****MUST**** limit submitted fields to those listed in the `fields` array (if present). [[ref:Conformant Consumers]] are not required to implement support for this value, but they ****MUST**** understand this value sufficiently to return nothing (or cease the interaction with the [[ref:Verifier]]) if they do not implement it. - `preferred` - This indicates that the [[ref:Conformant Consumer]] ****SHOULD**** limit submitted fields to those listed in the `fields` array (if present). Omission of the `limit_disclosure` property indicates the [[ref:Conformant Consumer]] ****MAY**** submit a response that contains more than the data described in the `fields` array.
§ Presentation Request
A Presentation Request is any transport mechanism used to send a Presentation Definition from a Verifier to a Holder. A wide variety of transport mechanisms or Claim exchange protocols may be used to send Presentation Definitions. This specification does not define Presentation Requests and is designed to be agnostic to them. Please note, however, that different use cases, supported signature schemes, protocols, and threat models may require a Presentation Requestto have certain properties. Some of these are expressed below:
- Signature verification - Strongly identifying the entity making a request via a presentation definition is outside the scope of this specification, however a Holder may wish to have assurances as to the provenance, identity, or status of a Presentation Definition. In this case, a Presentation Request that uses digital signatures may be required.
- Replay protection - Some presentation protocols may require that presentations
be unique, i.e., it should be possible for a Verifier to detect if a
presentation has been used before. Other protocols may require that a
presentation be bound to a particular communication exchange or session. In
these cases, a Presentation Request that provides a
domain
,challenge
, ornonce
value may be required.
§ Presentation Submission
Presentation Submissions are objects embedded within target
Claim negotiation formats that express how the inputs presented as
proofs to a Verifier are provided in accordance with the requirements
specified in a Presentation Definition. Embedded
Presentation Submission objects **MUST** be located within target
data format as the value of a presentation_submission
property, which is
composed and embedded as follows:
- The
presentation_submission
object **MUST** be included at the top-level of an Embed Target, or in the specific location described in the Embed Locations table in the Embed Target section below. - The
presentation_submission
object **MUST** contain anid
property. The value of this property **MUST** be a unique identifier, such as a UUID. - The
presentation_submission
object **MUST** contain adefinition_id
property. The value of this property **MUST** be theid
value of a valid Presentation Definition. - The
presentation_submission
object **MUST** include adescriptor_map
property. The value of this property **MUST** be an array of Input Descriptor Mapping Objects, composed as follows:- The
descriptor_map
object **MUST** include anid
property. The value of this property **MUST** be a string that matches theid
property of the Input Descriptor in the Presentation Definition that this Presentation Submission is related to. - The
descriptor_map
object **MUST** include aformat
property. The value of this property **MUST** be a string that matches one of the Claim Format Designation. This denotes the data format of the Claim. - The
descriptor_map
object **MUST** include apath
property. The value of this property **MUST** be a JSONPath string expression. Thepath
property indicates the Claim submitted in relation to the identified Input Descriptor, when executed against the top-level of the object the Presentation Submission is embedded within. - The object **MAY** include a
path_nested
object to indicate the presence of a multi-Claim envelope format. This means the Claim indicated is to be decoded separately from its parent enclosure.- The format of a
path_nested
object mirrors that of adescriptor_map
property. The nesting may be any number of levels deep. Theid
property **MUST** be the same for each level of nesting. - The
path
property inside eachpath_nested
property provides a relative path within a given nested value.
- The format of a
- The
{
// NOTE: VP, OIDC, DIDComm, or CHAPI outer wrapper properties would be here.
"presentation_submission": {
"id": "a30e3b91-fb77-4d22-95fa-871689c322e2",
"definition_id": "32f54163-7166-48f1-93d8-ff217bdb0653",
"descriptor_map": [
{
"id": "banking_input_2",
"format": "jwt_vc",
"path": "$.verifiableCredential[0]"
},
{
"id": "employment_input",
"format": "ldp_vc",
"path": "$.verifiableCredential[1]"
},
{
"id": "citizenship_input_1",
"format": "ldp_vc",
"path": "$.verifiableCredential[2]"
}
]
}
}
§ Processing of Submission Entries
To process the Submission Entries of a Presentation Submission, use the following process:
- For each Submission Entry in the
descriptor_map
array:- Execute the
path
field’s JSONPath expression string on the Current Traversal Object, or if none is designated, the top level of the Embed Target. - Decode and parse the value returned from
JSONPath execution in
accordance with the Claim Format Designation
specified in the object’s
format
property. If the value parses and validates in accordance with the Claim Format Designation specified, let the resulting object be the Current Traversal Object - If the
path_nested
property is present, process the Nested Submission Traversal Object value using the process described in Step 1.
- Execute the
- If parsing of the Submission Entry (and any Nested Submission Traversal Objects present
within it) produces a valid result, process it as the submission against the
Input Descriptor indicated by the
id
property of the containing Input Descriptor Mapping Object.
**Example Nested Submission**
{
"presentation_submission": {
"id": "a30e3b91-fb77-4d22-95fa-871689c322e2",
"definition_id": "32f54163-7166-48f1-93d8-ff217bdb0653",
"descriptor_map": [
{
"id": "banking_input_2",
"format": "jwt_vp",
"path": "$.outerClaim[0]",
"path_nested": {
"id": "banking_input_2",
"format": "ldp_vc",
"path": "$.innerClaim[1]",
"path_nested": {
"id": "banking_input_2",
"format": "jwt_vc",
"path": "$.mostInnerClaim[2]"
}
}
}
]
}
}
§ Limited Disclosure Submissions
For all Claims submitted in relation to Input Descriptor Objects
that include a constraints
object with a limit_disclosure
property set to
the string value required
, ensure that the data submitted is limited to the
entries specified in the fields
property of the constraints
object. If the
fields
property **is not** present, or contains zero field objects, the
submission **SHOULD NOT** include any data from the Claim. For
example, a Verifier may simply want to know whether a Holder has
a valid, signed Claim of a particular type, without disclosing any of
the data it contains.
§ Validation of Claims
Once a Claim has been ingested via a Presentation Submission, any validation beyond the process of evaluation defined by the Input Evaluation section is outside the scope of Presentation Exchange. Verification of signatures and other cryptographic proofs are a function of the given Claim format, and should be evaluated in accordance with the given Claim format’s standardized processing steps. Additional verification of Claim data or subsequent validation required by a given Verifier are left to the Verifier's systems, code and business processes to define and execute.
During validation, each Input Descriptor Object **MUST** only refer to a single discrete container within a Presentation Submission, such that all checks refer to properties within the same container and are protected by the same digital signature, if the container format supports digital signatures. Examples of discrete container formats include a single Verifiable Credential within a Verifiable Presentation as defined in W3C Verifiable Credentials, OpenID Connect Tokens, and JSON Web Tokens. This is to ensure that related requirements, for example, “given name” and “family name” within the same Input Descriptor Object also come from the same container.
§ Embed Targets
The following section details where the Presentation Submission is to be embedded within a target data structure, as well as how to formulate the JSONPath expressions to select the Claims within the target data structure.
§ Embed Locations
The following are the locations at which the presentation_submission
object **MUST** be embedded for known target formats. For any location besides
the top level of the embed target, the location is described in JSONPath syntax.
Target | Location |
---|---|
OpenID | top-level |
DIDComms | $.presentations~attach.data.json |
VP | top-level |
CHAPI | $.data |
§ Features
§ Submission Requirement Feature
The Submission Requirement Feature introduces extensions enabling Verifiers to express what combinations of inputs must be submitted to comply with its requirements for proceeding in a flow (e.g. credential issuance, allowing entry, accepting an application).
{
"comment": "VP, OIDC, DIDComm, or CHAPI outer wrapper here",
"presentation_definition": {
"id": "32f54163-7166-48f1-93d8-ff217bdb0653",
"submission_requirements": [{
"name": "Citizenship Information",
"rule": "pick",
"count": 1,
"from": "A"
}],
"input_descriptors": [
{
"id": "citizenship_input_1",
"name": "EU Driver's License",
"group": ["A"],
"constraints": {
"fields": [
{
"path": ["$.credentialSchema.id", "$.vc.credentialSchema.id"],
"filter": {
"type": "string",
"const": "https://eu.com/claims/DriversLicense.json"
}
},
{
"path": ["$.issuer", "$.vc.issuer", "$.iss"],
"purpose": "We can only accept digital driver's licenses issued by national authorities of member states or trusted notarial auditors.",
"filter": {
"type": "string",
"pattern": "^did:example:gov1$|^did:example:gov2$"
}
},
{
"path": ["$.credentialSubject.dob", "$.vc.credentialSubject.dob", "$.dob"],
"filter": {
"type": "string",
"format": "date"
}
}
]
}
},
{
"id": "citizenship_input_2",
"name": "US Passport",
"group": ["A"],
"constraints": {
"fields": [
{
"path": ["$.credentialSchema.id", "$.vc.credentialSchema.id"],
"filter": {
"type": "string",
"const": "hub://did:foo:123/Collections/schema.us.gov/passport.json"
}
},
{
"path": ["$.credentialSubject.birth_date", "$.vc.credentialSubject.birth_date", "$.birth_date"],
"filter": {
"type": "string",
"format": "date"
}
}
]
}
}
]
}
}
{
"comment": "VP, OIDC, DIDComm, or CHAPI outer wrapper here",
"presentation_definition": {
"id": "32f54163-7166-48f1-93d8-ff217bdb0653",
"submission_requirements": [
{
"name": "Banking Information",
"purpose": "We can only remit payment to a currently-valid bank account in the US, Germany or France.",
"rule": "pick",
"count": 1,
"from": "A"
},
{
"name": "Employment Information",
"purpose": "We are only verifying one current employment relationship, not any other information about employment.",
"rule": "all",
"from": "B"
},
{
"name": "Eligibility to Drive on US Roads",
"purpose": "We need to verify eligibility to drive on US roads via US or EU driver's license, but no biometric or identifying information contained there.",
"rule": "pick",
"count": 1,
"from": "C"
}
],
"input_descriptors": [
{
"id": "banking_input_1",
"name": "Bank Account Information",
"purpose": "Bank Account required to remit payment.",
"group": ["A"],
"constraints": {
"limit_disclosure": "required",
"fields": [
{
"path": ["$.credentialSchema", "$.vc.credentialSchema"],
"filter": {
"allOf": [
{
"type": "array",
"contains": {
"type": "object",
"properties": {
"id": {
"type": "string",
"pattern": "^https://bank-standards.example.com#accounts$"
}
},
"required": ["id"]
}
},
{
"type": "array",
"contains": {
"type": "object",
"properties": {
"id": {
"type": "string",
"pattern": "^https://bank-standards.example.com#investments$"
}
},
"required": ["id"]
}
}
]
}
},
{
"path": ["$.issuer", "$.vc.issuer", "$.iss"],
"purpose": "We can only verify bank accounts if they are attested by a trusted bank, auditor or regulatory authority.",
"filter": {
"type": "string",
"pattern": "^did:example:123$|^did:example:456$"
}
},
{
"path": [
"$.credentialSubject.account[*].account_number",
"$.vc.credentialSubject.account[*].account_number",
"$.account[*].account_number"
],
"purpose": "We can only remit payment to a currently-valid bank account in the US, France, or Germany, submitted as an ABA Acct # or IBAN.",
"filter": {
"type": "string",
"pattern": "^[0-9]{10-12}|^(DE|FR)[0-9]{2}\\s?([0-9a-zA-Z]{4}\\s?){4}[0-9a-zA-Z]{2}$"
},
"intent_to_retain": true
},
{
"path": ["$.credentialSubject.portfolio_value", "$.vc.credentialSubject.portfolio_value", "$.portfolio_value"],
"purpose": "A current portfolio value of at least one million dollars is required to insure your application",
"filter": {
"type": "number",
"minimum": 1000000
},
"intent_to_retain": true
}
]
}
},
{
"id": "banking_input_2",
"name": "Bank Account Information",
"purpose": "We can only remit payment to a currently-valid bank account.",
"group": ["A"],
"constraints": {
"fields": [
{
"path": ["$.credentialSchema.id", "$.vc.credentialSchema.id"],
"filter": {
"type": "string",
"pattern": "^https://bank-schemas.org/1.0.0/accounts.json|https://bank-schemas.org/2.0.0/accounts.json$"
}
},
{
"path": [
"$.issuer",
"$.vc.issuer",
"$.iss"
],
"purpose": "We can only verify bank accounts if they are attested by a trusted bank, auditor or regulatory authority.",
"filter": {
"type": "string",
"pattern": "^did:example:123$|^did:example:456$"
}
},
{
"path": [
"$.credentialSubject.account[*].id",
"$.vc.credentialSubject.account[*].id",
"$.account[*].id"
],
"purpose": "We can only remit payment to a currently-valid bank account in the US, France, or Germany, submitted as an ABA Acct # or IBAN.",
"filter": {
"type": "string",
"pattern": "^[0-9]{10-12}|^(DE|FR)[0-9]{2}\\s?([0-9a-zA-Z]{4}\\s?){4}[0-9a-zA-Z]{2}$"
},
"intent_to_retain": true
},
{
"path": [
"$.credentialSubject.account[*].route",
"$.vc.credentialSubject.account[*].route",
"$.account[*].route"
],
"purpose": "We can only remit payment to a currently-valid account at a US, Japanese, or German federally-accredited bank, submitted as an ABA RTN or SWIFT code.",
"filter": {
"type": "string",
"pattern": "^[0-9]{9}|^([a-zA-Z]){4}([a-zA-Z]){2}([0-9a-zA-Z]){2}([0-9a-zA-Z]{3})?$"
},
"intent_to_retain": true
}
]
}
},
{
"id": "employment_input",
"name": "Employment History",
"purpose": "We are only verifying one current employment relationship, not any other information about employment.",
"group": ["B"],
"constraints": {
"limit_disclosure": "required",
"fields": [
{
"path": ["$.credentialSchema", "$.vc.credentialSchema"],
"filter": {
"type": "string",
"const": "https://business-standards.org/schemas/employment-history.json"
}
},
{
"path": ["$.jobs[*].active"],
"filter": {
"type": "boolean",
"pattern": "true"
}
}
]
}
},
{
"id": "drivers_license_input_1",
"name": "EU Driver's License",
"group": ["C"],
"constraints": {
"fields": [
{
"path": ["$.credentialSchema.id", "$.vc.credentialSchema.id"],
"filter": {
"type": "string",
"const": "https://schema.eu/claims/DriversLicense.json"
}
},
{
"path": ["$.issuer", "$.vc.issuer", "$.iss"],
"purpose": "We can only accept digital driver's licenses issued by national authorities of EU member states or trusted notarial auditors.",
"filter": {
"type": "string",
"pattern": "did:example:gov1|did:example:gov2"
}
},
{
"path": ["$.credentialSubject.dob", "$.vc.credentialSubject.dob", "$.dob"],
"purpose": "We must confirm that the driver was at least 21 years old on April 16, 2020.",
"filter": {
"type": "string",
"format": "date"
}
}
]
}
},
{
"id": "drivers_license_input_2",
"name": "Driver's License from one of 50 US States",
"group": ["C"],
"constraints": {
"fields": [
{
"path": ["$.credentialSchema.id", "$.vc.credentialSchema.id"],
"filter": {
"type": "string",
"const": "hub://did:foo:123/Collections/schema.us.gov/american_drivers_license.json"
}
},
{
"path": ["$.issuer", "$.vc.issuer", "$.iss"],
"purpose": "We can only accept digital driver's licenses issued by the 50 US states' automative affairs agencies.",
"filter": {
"type": "string",
"pattern": "did:example:gov1|did:web:dmv.ca.gov|did:example:oregonDMV"
}
},
{
"path": ["$.credentialSubject.birth_date", "$.vc.credentialSubject.birth_date", "$.birth_date"],
"purpose": "We must confirm that the driver was at least 21 years old on April 16, 2020.",
"filter": {
"type": "string",
"format": "date",
"forrmatMaximum": "1999-05-16"
}
}
]
}
}
]
}
}
§ Presentation Definition Extensions
The Submission Requirement Feature extends the Presentation Definition
object to add a submission_requirements
property.
When using this Feature:
-
submission_requirements
- The Presentation Definition **MAY** contain asubmission_requirements
property. If present, its value **MUST** be an object conforming to the Submission Requirement format described in theSubmission Requirement
section below.The
submission_requirements
property defines which Input Descriptors are required for submission, overriding the default input evaluation behavior, in which all Input Descriptors are required.
§ Input Descriptor Extensions
{
"presentation_definition": {
"id": "32f54163-7166-48f1-93d8-ff217bdb0653",
"input_descriptors": [
{
"id": "banking_input_1",
"name": "Bank Account Information",
"purpose": "We can only remit payment to a currently-valid bank account.",
"group": [
"A"
],
"constraints": {
"fields": [
{
"path": ["$.credentialSchema.id", "$.vc.credentialSchema.id"],
"filter": {
"type": "string",
"pattern": "^https://bank-schemas.org/1.0.0/accounts.json|https://bank-schemas.org/2.0.0/accounts.json$"
}
},
{
"path": [
"$.issuer",
"$.vc.issuer",
"$.iss"
],
"purpose": "We can only verify bank accounts if they are attested by a trusted bank, auditor or regulatory authority.",
"filter": {
"type": "string",
"pattern": "^did:example:123$|^did:example:456$"
},
"intent_to_retain": true
},
{
"path": [
"$.credentialSubject.account[*].id",
"$.vc.credentialSubject.account[*].id",
"$.account[*].id"
],
"purpose": "We can only remit payment to a currently-valid bank account in the US, France, or Germany, submitted as an ABA Acct # or IBAN.",
"filter": {
"type": "string",
"pattern": "^[0-9]{10-12}|^(DE|FR)[0-9]{2}\\s?([0-9a-zA-Z]{4}\\s?){4}[0-9a-zA-Z]{2}$"
},
"intent_to_retain": true
},
{
"path": [
"$.credentialSubject.account[*].route",
"$.vc.credentialSubject.account[*].route",
"$.account[*].route"
],
"purpose": "We can only remit payment to a currently-valid account at a US, Japanese, or German federally-accredited bank, submitted as an ABA RTN or SWIFT code.",
"filter": {
"type": "string",
"pattern": "^[0-9]{9}|^([a-zA-Z]){4}([a-zA-Z]){2}([0-9a-zA-Z]){2}([0-9a-zA-Z]{3})?$"
},
"intent_to_retain": true
}
]
}
}
]
}
}
{
"presentation_definition": {
"id": "32f54163-7166-48f1-93d8-ff217bdb0653",
"input_descriptors": [
{
"id": "employment_input_xyz_gov",
"group": ["B"],
"name": "Verify XYZ Government Employment",
"purpose": "Verifying current employment at XYZ Government agency as proxy for permission to access this resource",
"constraints": {
"fields": [
{
"path": ["$.credentialSchema.id", "$.vc.credentialSchema.id"],
"filter": {
"type": "string",
"const": "https://login.idp.com/xyz.gov/.well-known/openid-configuration"
}
},
{
"path": ["$.status"],
"filter": {
"type": "string",
"pattern": "^active$"
}
}
]
}
}
]
}
}
The Submission Requirement Feature extends the Input Descriptor Object
to add a group
property.
When using this Feature:
- The Input Descriptor Object **MAY** contain a
group
property. If present, its value **MUST** match one of the grouping strings listed in thefrom
values of a Submission Requirement Rule object.
§ Submission Requirements
Presentation Definitions **MAY** include Submission Requirements which define what combinations of inputs a Holder must submit to comply with the requirements of a Verifier.
Submission Requirements introduce a set of rule types and mapping instructions a Conformant Consumer can ingest to present requirement optionality to the user, and subsequently submit inputs in a way that maps back to the rules the Verifier has asserted.
The following section defines the format for Submission Requirements and the selection syntax Verifiers can use to specify which combinations of inputs are acceptable.
If present, all Submission Requirements **MUST** be satisfied, and
all input_descriptors
**MUST** be grouped. Any unused
Input Descriptors that remain after satisfying all
Submission Requirements **MUST** be ignored.
{
"submission_requirements": [
{
"name": "Banking Information",
"purpose": "We need you to prove you currently hold a bank account older than 12months.",
"rule": "pick",
"count": 1,
"from": "A"
},
{
"name": "Employment Information",
"purpose": "We are only verifying one current employment relationship, not any other information about employment.",
"rule": "all",
"from": "B"
},
{
"name": "Citizenship Information",
"rule": "pick",
"count": 1,
"from_nested": [
{
"name": "United States Citizenship Proofs",
"purpose": "We need you to prove your US citizenship.",
"rule": "all",
"from": "C"
},
{
"name": "European Union Citizenship Proofs",
"purpose": "We need you to prove you are a citizen of an EU member state.",
"rule": "all",
"from": "D"
}
]
}
]
}
§ Submission Requirement Objects
Submission Requirement Objects are JSON objects constructed as follows:
- A Submission Requirement Object **MUST** contain a
rule
property. The value of this property **MUST** be a string that matches one of the Submission Requirement Rules values listed in the section below. - A Submission Requirement Object **MUST** contain either a
from
orfrom_nested
property. If both properties are present, the implementation MUST produce an error. The values of thefrom
andfrom_nested
properties are defined as follows:from
- The value of thefrom
property **MUST** be agroup
string matching one of thegroup
strings specified for one or more Input Descriptor Objects.from_nested
- The value of thefrom_nested
property **MUST** be an array Submission Requirement Objects.
- The Submission Requirement Object **MAY** contain a
name
property. If present, its value **MUST** be a string. The string **MAY** be used by a consuming User Agent to display the general name of the requirement set to a user. - The Submission Requirement Objects **MAY** contain a
purpose
property. If present, its value **MUST** be a string that describes the purpose for which the submission is being requested. - The Submission Requirement Objects **MAY** contain additional
properties as required by certain Submission Requirement Rules. For
example,
count
,min
, andmax
may be present with apick
rule.
§ Submission Requirement Rules
Submission Requirement Rules are used within
Submission Requirement Objects to describe the specific combinatorial
rules that must be applied to submit a particular subset of requested inputs. The
specified Submission Requirement Rule determines the behavior of the
corresponding from
or from_nested
property, as described below. A conformant
implementation **MUST** support the following rules:
§ all
rule
For an all
rule Submission Requirement Object:
- The value of the
rule
property **MUST** be the string “all”. - The following behavior is required for the
from
orfrom_nested
property:from
- All Input Descriptors matching thegroup
string of thefrom
value **MUST** be submitted to the Verifier.from_nested
- All Submission Requirement Objects specified in thefrom_nested
array must be satisfied by the inputs submitted to the Verifier.
{
"submission_requirements": [
{
"name": "Submission of educational transcripts",
"purpose": "We need your complete educational transcripts to process your application",
"rule": "all",
"from": "A"
}
]
}
§ pick
rule
For a pick
rule Submission Requirement Object:
- The value of the
rule
property **MUST** be the string “pick”. - The Submission Requirement Object **MAY** contain a
count
property. If present, its value **MUST** be an integer greater than zero. This indicates the number of input Descriptors or Submission Requirement Objects to be submitted. - The Submission Requirement Object **MAY** contain a
min
property. If present, its value **MUST** be an integer greater than or equal to zero. This indicates the minimum number of input Descriptors or Submission Requirement Objects to be submitted. - The Submission Requirement Object **MAY** contain a
max
property. If present, its value **MUST** be an integer greater than zero and, if also present, greater than the value of themin
property. This indicates the maximum number of input Descriptors or Submission Requirement Objects to be submitted. - The following behavior is required for the
from
orfrom_nested
property:from
- The specified number of Input Descriptors matching thegroup
string of thefrom
value **MUST** be submitted to the Verifier.from_nested
- The specified number of Submission Requirement Objects in thefrom_nested
array must be satisfied by the inputs submitted to the Verifier.
If Submission Requirement Object has a from
property, this directs the
Conformant Consumer to submit inputs from the set of
Input Descriptors with a matching group
string. In the first example
that follows, the Submission Requirement requests a single input from
Input Descriptor group "B"
. In the second example, the
Submission Requirement requests 2 or more inputs from
Input Descriptor group "B"
.
{
"submission_requirements": [
{
"name": "Citizenship Proof",
"purpose": "We need to confirm you are a citizen of one of the following countries before accepting your application",
"rule": "pick",
"count": 1,
"from": "B"
}
]
}
{
"submission_requirements": [
{
"name": "Eligibility to Work Proof",
"purpose": "We need to prove you are eligible for full-time employment in 2 or more of the following countries",
"rule": "pick",
"min": 2,
"from": "B"
}
]
}
If the Submission Requirement Object has a from_nested
property, this
directs the Conformant Consumer to submit inputs such that the number of
satisfied Submission Requirement Objects matches the number requested.
In the following example, the from_nested
property contains an array of
Submission Requirement Objects which requests either all members
from group "A"
or two members from group "B"
:
{
"submission_requirements": [
{
"name": "Confirm banking relationship or employment and residence proofs",
"purpose": "Recent bank statements or proofs of both employment and residence will be validated to initiate your loan application but not stored",
"rule": "pick",
"count": 1,
"from_nested": [
{ "rule": "all", "from": "A" },
{ "rule": "pick", "count": 2, "from": "B" }
]
}
]
}
§ Property Values and Evaluation
The following property value and evaluation guidelines summarize many of the processing-related rules above:
- The
rule
property value may be either"all"
or"pick"
, and a conformant implementation **MUST** produce an error if an unknownrule
value is present. - The Submission Requirement Object **MUST** contain a
from
property or afrom_nested
property, not both. If present their values must be a string or an array, respectively. If any of these conditions are not met, a conformant implementation **MUST** produce an error. - A conformant implementation could use the following algorithm To determine
whether a Submission Requirement is satisfied:
- If the
rule
is"all"
, then the Submission Requirement **MUST** contain afrom
property or afrom_nested
property, and of whichever are present, all inputs from thefrom
group string or thefrom_nested
Submission Requirements array **MUST** be submitted or satisfied, respectively. - If the
rule
is"pick"
, then the Submission Requirement **MUST** contain afrom
property or afrom_nested
property, and of whichever are present, they must be evaluated as follows:- if a
count
property is present, the number of inputs submitted, or nested Submission Requirements satisfied, **MUST** be exactly equal to the value ofcount
property. - if a
min
property is present, the number of inputs submitted, or nested Submission Requirements satisfied, **MUST** be equal to or greater than the value of themin
property. - if a
max
property is present, the number of inputs submitted, or nested Submission Requirements satisfied, **MUST** be equal to or less than the value of themax
property.
- if a
- If the
§ Predicate Feature
The predicate Feature introduces properties enabling Verifier to request that Holder apply a predicate and return the result.
§ Applying a predicate
The predicate Feature extends the Input Descriptor Object
constraints.fields
object to add a predicate
property.
When using this Feature, the fields object **MAY** contain a
predicate
property. If the predicate
property is
present, the filter
property **MUST** also be present.
Holder returns a boolean, rather than a value returned from evaluation
of the JSONPath string
expressions in the path
array. The boolean returned is the result
of using the filter
property’s
JSON Schema
descriptors against the evaluated value. Exclusion of the predicate
property indicates that the Conformant Consumer returns the value
returned from evaluation of the
JSONPath string
expressions in the path
array.
The value of predicate
**MUST** be one of the following strings:
required
- This indicates that the returned value **MUST** be the boolean result of applying the value of thefilter
property to the result of evaluating thepath
property.NOTEmay severely limit the responses a Holder may be able to make. Many signature schemes do not support deriving predicates, even those signature schemes which are otherwise ZKP-capable. A Verifier should be sure they support such schemes, and have high confidence they are also supported by the Holder, before indicating predicate responses are required.:::
preferred
- This indicates that the returned value **SHOULD** be the boolean result of applying the value of thefilter
property to the result of evaluating thepath
property.
If the predicate
property is not present, a Conformant Consumer **MUST NOT** return derived predicate values.
If the predicate
property is present, the set of JSON Schema
descriptors which comprise the value of the filter
property **MUST** be restricted according to the desired predicate
operation, as follows:
- To express the following range proofs, use the JSON Schema
numeric range
properties:
greater-than
- Use theexclusiveMinimum
descriptor. For example, to request a proof that an attribute is greater than 10000, use the following as the value of thefilter
object:{ "type": "number", "exclusiveMinimum": 10000 }
less-than
- Use theexclusiveMaximum
descriptor. For example, to request a proof that an attribute is less than 85, use the following as the value of thefilter
object:{ "type": "number", "exclusiveMaximum": 85 }
greater-than or equal-to
- Use theminimum
descriptor. For example, to request a proof that an attribute is greater than or equal to 18, use the following as the value of thefilter
object:{ "type": "number", "minimum": 18 }
less-than or equal-to
- Use themaximum
descriptor. For example, to request a proof that an attribute is less than or equal to 65536, use the following as the value of thefilter
object:{ "type": "number", "maximum": 65536 }
- to express the following equality proofs, use the JSON Schema
const
descriptor:equal-to
- Use theconst
descriptor. For example to request proof that an attribute has the value “Chad”, use the following as the value of thefilter
object:{ "const": "Chad" }
not equal-to
- Use theconst
descriptor with thenot
operator. For example, to request proof that an attribute does not have the value “Karen”, use the following as the value of thefilter
object:{ "not": { "const": "Karen" } }
- to express set-membership proofs, use the JSON Schema
enum
descriptor:in-set
- Use theenum
descriptor. For example, to request proof that an attribute is contained in the set of rainbow colors, use the following as the value of thefilter
object:{ "type": "string", "enum": ["red", "yellow", "blue"] }
not-in-set
- Use theenum
descriptor with thenot
operator. For example, to request proof that an attribute is not contained in the set of primary colors, use the following as the value of thefilter
object:{ "not": { "enum": ["red", "yellow", "blue"] } }
At this time, additional predicate operations are not supported.
§ Relational Constraint Feature
The Relational Constraint Feature extends the Input Descriptor Object
constraints
object with additional properties.
When using this Feature:
-
The constraints object **MAY** contain a
subject_is_issuer
property. If present, its value **MUST** be one of the following strings:required
- This indicates the Conformant Consumer **MUST** submit a response that has been self-attested, i.e., the Claim used in the presentation was ‘issued’ by the Subject of the Claim. Consuming apps should be aware that the requirements of the Input Descriptor can be fulfilled via the capture of user-entered data for self-attested submission, and make an effort to expose the means to do so when possible.preferred
- This indicates it is **RECOMMENDED** that the Conformant Consumer submit a response that has been self-attested, i.e., the Claim used in the presentation was ‘issued’ by the Subject of the Claim. When set topreferred
, this property can also act as a prompt for consuming apps to initiate capture of user-entered data for self-attested submission.NOTEThe
subject_is_issuer
property could be used by a Verifier to require that certain inputs be self_attested. For example, a college application Presentation Definition might contain an Input Descriptor for an essay submission. In this case, the Verifier would be able to require that the essay be provided by the same Subject as any other Claims in the presented application.NOTEThe
subject_is_issuer
property can be used by Verifiers as a way
enable the submission of user-entered data to fulfill the requirements of an Input Descriptor. Consuming apps **should** provide a means for users to enter the data required by an Input Descriptor that has itssubject_is_issuer
property set to eitherrequired
orpreferred
. An example of this would be a user agent wallet app providing a form generated using the JSON Schemafilter
objects present in thefields
of an Input Descriptor that are subsequently packaged up in accordance with the structure the Input Descriptor defines for submission as self-attested data.
-
The constraints object **MAY** contain an
is_holder
property. If present, its value **MUST** be an array of objects composed as follows:- The is-holder object **MUST** contain a
field_id
property. The value of this property **MUST** be an array of strings, with each string matching the string value from a field object’sid
property. This identifies the attribute whose Subject is of concern to the Verifier. - The is-holder object **MUST** contain a
directive
property. The value of this property **MUST** be one of the following strings:required
- This indicates that the Conformant Consumer **MUST** include proof that the Subject of each attribute identified by a value in thefield_id
array is the same as the entity submitting the response.preferred
- This indicates that it is **RECOMMENDED** that the Conformant Consumer include proof that the Subject of each attribute identified by a value in thefield_id
array is the same as the entity submitting the response.
The
is_holder
property would be used by a Verifier to require that certain inputs be provided by a certain Subject. For example, an identity verification Presentation Definition might contain an Input Descriptor for a birthdate from a birth certificate. Usingis_holder
, the Verifier would be able to require that the Holder of the birth certificate Claim is the same as the Subject of the birthdate attribute. This is especially useful in cases where a Claim may have multiple Subjects.For more information about techniques used to prove binding to a Holder, please see Holder Binding.
- The is-holder object **MUST** contain a
-
The constraints object **MAY** contain a
same_subject
property. If present, its value **MUST** be an array of objects composed as follows:- The same-subject object **MUST** contain a
field_id
property. The value of this property **MUST** be an array of strings, with each string matching the string value from a field object’sid
property. This identifies the attributes whose Subject is of concern to the Verifier. It is important to note that the attributes whose Subject is of concern to the Verifier **MAY** be identified in the field object of a different Input Descriptor Object. - The same-subject object **MUST** contain a
directive
property. The value of this property **MUST** be one of the following strings:required
- This indicates that the Conformant Consumer **MUST** include proof that the Subject of each attribute identified by a value in thefield_id
array is the same as the Subject of the attributes identified by the other values in thefield_id
array.preferred
- This indicates that it is **RECOMMENDED** that the Conformant Consumer include proof that the Subject of each attribute identified by a value in thefield_id
array is the same as the Subject of the attributes identified by the other values in thefield_id
array.
The
same_subject
property would be used by a Verifier to require that certain provided inputs be about the same Subject. For example, a Presentation Definition might contain an Input Descriptor which calls for a street address from a driver license Claim and another Input Descriptor which calls for a name from a birth certificate Claim. Using thesame_subject
property, Verifier would be able to require that the Subject of the street address attribute Claim is the same as the Subject of the name attribute. - The same-subject object **MUST** contain a
§ Credential Status Constraint Feature
- The constraints object **MAY** contain a
statuses
property. If present, its value **MUST** be an object that includes one or more of the following status properties:active
- A credential is active if it is not revoked, expired, suspended, or in any type of deactivated state.suspended
- A credential is suspended if the Issuer has published an explicit signal that the credential is in an inactive state and **should not** currently be relied upon, but may become active again in the future.revoked
- A credential is revoked if the Issuer has published an explicit signal that the credential in question **should not** be relied upon going forward as an accurate reflection of the Issuer’s statements about the Subject within the scope of the credential.
The values of all status properties are objects, composed as follows:
-
status objects **MUST** include a
directive
property, and its value **MUST** be one of the following strings:required
- the credential **MUST** be of the specified status.allowed
- the credential **MAY** be of the specified status.disallowed
- the credential **MUST NOT** be of the specified status.
-
status objects **MAY** include a
type
property, and its value **SHOULD** express one or more methods by which a credential’s status is represented. The property is intended to align with thetype
field in thecredentialStatus
property in the VC Data Model."statuses": { "active": { "directive": "required" // other values: "allowed", "disallowed" }, "suspended": { "directive": "allowed", "type": ["CredentialStatusList2017"] }, "revoked": {...} }
NOTEThere is no assumed direct mapping between these values and a corresponding status object in the underlying credentials. On the contrary, the encoding and decoding of a credential status (which may include fetching remote status information or cryptographic operations) is an implementation detail which takes place at a lower layer of abstraction and in accordance with the supported verifiable credential formats and presentation protocols.
§ JSON-LD Framing Feature
The JSON-LD Framing Feature extends Presentation Definition to support extended with the JSON-LD document framing.
When using this Feature:
frame
- The Presentation Definition **MAY** contain aframe
property. If present, its value **MUST** be a JSON LD Framing Document object.
§ Retention Feature
The Retention Feature extends the Input Descriptor Object's field object, allowing a Verifier to indicate it will retain the submitted value for the specific field. It is currently presented to support mDL systems, and may be deprecated in the future or moved to a separate specification for more robust mDL interoperability at a later time.
A Conformant Consumer **MUST NOT** retain any data, including digests, signatures,
and derived data received, except for claims from the Presentation Submission descriptors
for which the accompanying Input Descriptor Object's field intent_to_retain
property was set to true.
Retain is defined as: “to store for a period longer than necessary to conduct the exchange between Holder and Verifier in realtime”.
When using this Feature:
intent_to_retain
- The fields object inside an Input Descriptor Object **MAY** contain anintent_to_retain
property. If present, its value **MUST** be a boolean that indicates the Verifier intends to retain the Claim's data being requested.
§ Input Evaluation
A Conformant Consumer of a Presentation Definition must filter inputs they hold (signed Claims, raw data, etc.) to determine whether they possess the inputs requested by the Verifier. A Conformant Consumer of a Presentation Definition **MUST** use the following process to validate whether or not its candidate inputs meet the requirements it describes:
For each Input Descriptor in the input_descriptors
array of a
Presentation Definition, a Conformant Consumer compares each
candidate input (JWT, Verifiable Credential, etc.) it holds to determine whether
there is a match.
For each candidate input:
-
If the
constraints
property of the Input Descriptor contains afields
property with one or more fields objects, evaluate each fields object against the candidate input as described in the following subsequence.Accept the candidate input if every fields object yields a Field Query Result; else, reject.
-
For each JSONPath expression in the
path
array (incrementing from the 0-index), evaluate the JSONPath expression against the candidate input and repeat the following subsequence on the result.Repeat until a Field Query Result is found, or the
path
array elements are exhausted:- If the result returned no JSONPath match, skip to the next
path
array element. - Else, evaluate the first JSONPath match (candidate) as follows:
- If the fields object has no
filter
, or if candidate validates against the JSON Schema descriptor specified infilter
, then:- If not using the Predicate Feature, set Field Query Result to be candidate.
- If using the Predicate Feature:
- If the fields object has a
predicate
, set Field Query Result to the boolean value resulting from evaluating the Field Query Result against the JSON Schema descriptor value of thefilter
property. - Else, set Field Query Result to be candidate.
- If the fields object has a
- Else, skip to the next
path
array element.
- If the fields object has no
- If no
path
entries are found that satisfy the fields object’s constraints, and the fields object **DOES NOT** contain theoptional
property or it is set tofalse
, reject the field as invalid. If nopath
entry
satisfies the fields object’s constraints for any of the specifiedpath
queries, and the fields object **DOES** contain theoptional
property set to the valuetrue
, treat the field as valid and proceed to the next fields object.
- If the result returned no JSONPath match, skip to the next
-
-
If all of the previous validation steps are successful mark the candidate input as a match for use in a Presentation Submission.
NOTESubmission Requirement Feature Only
If present at the top level of the Input Descriptor, keep a relative reference to the
group
values the input is designated for. -
If the
constraints
property of the Input Descriptor contains alimit_disclosure
property set to the string valuerequired
, ensure that any subsequent submission of data in relation to the candidate input is limited to the entries specified in thefields
property. If thefields
property **is not** present, or contains zero field objects, submission **SHOULD NOT** include any Claim data from the Claim. For example, a Verifier may simply want to know a Holder has a valid, signed Claims of a particular type, without disclosing any of the data it contains.
Relational Constraint Feature Only
- If the
constraints
property of the Input Descriptor contains asubject_is_issuer
property set to the valuerequired
, ensure that any submission of data in relation to the candidate input is fulfilled using a self_attested Claim. - If the
constraints
property of the Input Descriptor contains anis_holder
property, ensure that for each object in the array, any submission of data in relation to the candidate input is fulfilled by the Subject of the attributes so identified by the strings in thefield_id
array. - If the
constraints
property of the Input Descriptor contains asame_subject
property, ensure that for each object in the array, all of the attributes so identified by the strings in thefield_id
array are about the same Subject.
§ Expired and Revoked Data
Certain types of Claims have concepts of expiration and revocation. Expiration is mechanism used to communicate a time after which a Claim will no longer be valid. Revocation is a mechanism used by an issuer to express the status of a Claim after issuance. Different Claim specifications handle these concepts in different ways.
Presentation Definitions have a need to specify whether expired, revoked, or Claims of other statuses can be accepted. For Claims that have simple status properties, Input Descriptor Filters JSON Schema can be used to specify acceptable criteria.
The first example below demonstrates expiry using the VC Data Model’s
expirationDate
property.
The second example below demonstrates revocation, or more generally,
credential status using the
VC Data Model’s credentialStatus
property.
Using the syntax provided in the example, a Verifier will have all
requisite information to resolve the status of a Claim.
{
"id": "drivers_license_information",
"name": "Verify Valid License",
"purpose": "We need you to show that your driver's license will be valid through December of this year.",
"constraints": {
"fields": [
{
"path": ["$.credentialSchema.id", "$.vc.credentialSchema.id"],
"filter": {
"type": "string",
"const": "https://yourwatchful.gov/drivers-license-schema.json"
}
},
{
"path": ["$.expirationDate"],
"filter": {
"type": "string",
"format": "date-time"
}
}
]
}
}
{
"id": "drivers_license_information",
"name": "Verify Valid License",
"purpose": "We need to know that your license has not been revoked.",
"constraints": {
"fields": [
{
"path": ["$.credentialSchema.id", "$.vc.credentialSchema.id"],
"filter": {
"type": "string",
"const": "https://yourwatchful.gov/drivers-license-schema.json"
}
},
{
"path": ["$.credentialStatus"]
}
]
}
}
§ Holder and Subject Binding
Claims often rely on proofs of Holder or Subject binding for their validity. A Verifier may wish to determine that a particular Claim, or set of Claims is bound to a particular Holder or Subject. This can help the Verifier to determine the legitimacy of the presented proofs.
Some mechanisms which enable proof of Holder binding are described below. These include proof of identifier control, proof the Holder knows a secret value, and biometrics. An Issuer can make proofs of Holder binding possible by including Holder information either in the Claim or the Claim signature.
Some examples of Subject binding include matching the Subject of one Claim with that of another, or matching the Subject of a Claim with the Holder.
§ Proof of Identifier Control
A number of Claim types include an identifier for the Claim Subject. A Verifier may wish to ascertain that one of the Subject identified in the Claim is the one submitting the proof, or has consented to the proof submission. A Claim may also include an identifier for the Holder, independent of the Subject identifiers.
One mechanism for providing such proofs is the use of a DID as the identifier for the Claim Subject or Holder. DIDs enable an entity to provide a cryptographic proof of control of the identifier, usually through a demonstration that the DID Controller knows some secret value, such as a private key.
The Holder or Subject can demonstrate this proof of control when the Claim is presented. In addition to verifying the authenticity and origin of the Claim itself, a Verifier can verify that the Holder or Subject of the Claim still controls the identifier.
§ Link Secrets
Some Claim signatures support the inclusion of Holder-provided secrets that become incorporated into the signature, but remain hidden from the Claim issuer. One common use of this capability is to bind the Claim to the Holder. This is sometimes called a link secret.
Just as with proof of control of an identifier, link secret proofs demonstrate that the Holder knows some secret value. Upon presentation to a Verifier, the Holder demonstrates knowledge of the secret without revealing it. The Verifier can verify that the Holder knows the link secret, and that the link secret is contained in the Claim signature. The Holder can provide this proof for each presented Claim, thereby linking them together.
§ Biometrics
This type of Holder binding, instead of relying on demonstrating knowledge of some secret value, relies on the evaluation of biometric data. There are a number of mechanisms for safely embedding biometric information in a Claim such that only a person who can confirm the biometric may present the Claim.
§ Claim Format Designations
Within the Presentation Exchange specification, there are numerous sections
where Verifiers and Holders convey what Claim format
variants they can receive or are submitting. These formats are codified by
abbreviation tags which are defined in a separate
registry also
hosted at the DIF, and maintained by the same authors as this specification.
The registry includes JSON Schema documents, which are referenced in schemas
defined in this specification. To add abbreviations for a claim format supported
by a working implementation, please follow
these instructions
and open a PR to open a pull request at the
registry repository.
This registry is not meant to be exhaustive nor
restrictive; an implementation that supports additional claim formats can still
be considered fully conformant.
§ JSON Schema
This specification leverages JSON Schema in multiple places: for processing Input Descriptors, as well as for evaluating the data objects defined by Presentation Exchange itself for conformance with the specification.
To facilitate consistent implementation of the specification and to facilitate interoperability implementers *MUST use JSON Schema Draft 7. Draft 7 is widely used, adopted, has significant support in open source software, and supports the features of JSON Schema used by this specification.
The relevant links to the Draft 7 specifications can be found here.
§ Vocabulary Definition
The Presentation Exchange specification adopts and defines the following JSON Schema data format and processing variant, which implementers **MUST** support for evaluation of the portions of the Presentation Exchange specification that call for JSON Schema validation.
§ Presentation Definition (in an envelope)
{
"$schema": "http://json-schema.org/draft-07/schema#",
"title": "Presentation Definition Envelope",
"definitions": {
"status_directive": {
"type": "object",
"additionalProperties": false,
"properties": {
"directive": {
"type": "string",
"enum": [
"required",
"allowed",
"disallowed"
]
},
"type": {
"type": "array",
"minItems": 1,
"items": {
"type": "string"
}
}
}
},
"field": {
"type": "object",
"oneOf": [
{
"properties": {
"id": {
"type": "string"
},
"optional": {
"type": "boolean"
},
"path": {
"type": "array",
"items": {
"type": "string"
}
},
"purpose": {
"type": "string"
},
"name": {
"type": "string"
},
"intent_to_retain": {
"type": "boolean"
},
"filter": {
"$ref": "http://json-schema.org/draft-07/schema#"
}
},
"required": [
"path"
],
"additionalProperties": false
},
{
"properties": {
"id": {
"type": "string"
},
"optional": {
"type": "boolean"
},
"path": {
"type": "array",
"items": {
"type": "string"
}
},
"purpose": {
"type": "string"
},
"intent_to_retain": {
"type": "boolean"
},
"filter": {
"$ref": "http://json-schema.org/draft-07/schema#"
},
"name": {
"type": "string"
},
"predicate": {
"type": "string",
"enum": [
"required",
"preferred"
]
}
},
"required": [
"path",
"filter",
"predicate"
],
"additionalProperties": false
}
]
},
"input_descriptor": {
"type": "object",
"additionalProperties": false,
"properties": {
"id": {
"type": "string"
},
"name": {
"type": "string"
},
"purpose": {
"type": "string"
},
"format": {
"$ref": "https://identity.foundation/claim-format-registry/schemas/presentation-definition-claim-format-designations.json"
},
"group": {
"type": "array",
"items": {
"type": "string"
}
},
"constraints": {
"type": "object",
"additionalProperties": false,
"properties": {
"limit_disclosure": {
"type": "string",
"enum": [
"required",
"preferred"
]
},
"statuses": {
"type": "object",
"additionalProperties": false,
"properties": {
"active": {
"$ref": "#/definitions/status_directive"
},
"suspended": {
"$ref": "#/definitions/status_directive"
},
"revoked": {
"$ref": "#/definitions/status_directive"
}
}
},
"fields": {
"type": "array",
"items": {
"$ref": "#/definitions/field"
}
},
"subject_is_issuer": {
"type": "string",
"enum": [
"required",
"preferred"
]
},
"is_holder": {
"type": "array",
"items": {
"type": "object",
"additionalProperties": false,
"properties": {
"field_id": {
"type": "array",
"items": {
"type": "string"
}
},
"directive": {
"type": "string",
"enum": [
"required",
"preferred"
]
}
},
"required": [
"field_id",
"directive"
]
}
},
"same_subject": {
"type": "array",
"items": {
"type": "object",
"additionalProperties": false,
"properties": {
"field_id": {
"type": "array",
"items": {
"type": "string"
}
},
"directive": {
"type": "string",
"enum": [
"required",
"preferred"
]
}
},
"required": [
"field_id",
"directive"
]
}
}
}
}
},
"required": [
"id",
"constraints"
]
},
"submission_requirement": {
"type": "object",
"oneOf": [
{
"properties": {
"name": {
"type": "string"
},
"purpose": {
"type": "string"
},
"rule": {
"type": "string",
"enum": [
"all",
"pick"
]
},
"count": {
"type": "integer",
"minimum": 1
},
"min": {
"type": "integer",
"minimum": 0
},
"max": {
"type": "integer",
"minimum": 0
},
"from": {
"type": "string"
}
},
"required": [
"rule",
"from"
],
"additionalProperties": false
},
{
"properties": {
"name": {
"type": "string"
},
"purpose": {
"type": "string"
},
"rule": {
"type": "string",
"enum": [
"all",
"pick"
]
},
"count": {
"type": "integer",
"minimum": 1
},
"min": {
"type": "integer",
"minimum": 0
},
"max": {
"type": "integer",
"minimum": 0
},
"from_nested": {
"type": "array",
"minItems": 1,
"items": {
"$ref": "#/definitions/submission_requirement"
}
}
},
"required": [
"rule",
"from_nested"
],
"additionalProperties": false
}
]
},
"presentation_definition": {
"type": "object",
"properties": {
"id": {
"type": "string"
},
"name": {
"type": "string"
},
"purpose": {
"type": "string"
},
"format": {
"$ref": "https://identity.foundation/claim-format-registry/schemas/presentation-definition-claim-format-designations.json#"
},
"frame": {
"type": "object",
"additionalProperties": true
},
"submission_requirements": {
"type": "array",
"items": {
"$ref": "#/definitions/submission_requirement"
}
},
"input_descriptors": {
"type": "array",
"items": {
"$ref": "#/definitions/input_descriptor"
}
}
},
"required": [
"id",
"input_descriptors"
],
"additionalProperties": false
}
},
"type": "object",
"properties": {
"presentation_definition": {
"$ref": "#/definitions/presentation_definition"
}
}
}
§ Presentation Definition (plain object)
{
"$schema": "http://json-schema.org/draft-07/schema#",
"title": "Presentation Definition",
"definitions": {
"status_directive": {
"type": "object",
"additionalProperties": false,
"properties": {
"directive": {
"type": "string",
"enum": [
"required",
"allowed",
"disallowed"
]
},
"type": {
"type": "array",
"minItems": 1,
"items": {
"type": "string"
}
}
}
},
"field": {
"type": "object",
"oneOf": [
{
"properties": {
"id": {
"type": "string"
},
"optional": {
"type": "boolean"
},
"path": {
"type": "array",
"items": {
"type": "string"
}
},
"purpose": {
"type": "string"
},
"name": {
"type": "string"
},
"intent_to_retain": {
"type": "boolean"
},
"filter": {
"$ref": "http://json-schema.org/draft-07/schema#"
}
},
"required": [
"path"
],
"additionalProperties": false
},
{
"properties": {
"id": {
"type": "string"
},
"optional": {
"type": "boolean"
},
"path": {
"type": "array",
"items": {
"type": "string"
}
},
"purpose": {
"type": "string"
},
"intent_to_retain": {
"type": "boolean"
},
"filter": {
"$ref": "http://json-schema.org/draft-07/schema#"
},
"name": {
"type": "string"
},
"predicate": {
"type": "string",
"enum": [
"required",
"preferred"
]
}
},
"required": [
"path",
"filter",
"predicate"
],
"additionalProperties": false
}
]
},
"input_descriptor": {
"type": "object",
"additionalProperties": false,
"properties": {
"id": {
"type": "string"
},
"name": {
"type": "string"
},
"purpose": {
"type": "string"
},
"format": {
"$ref": "https://identity.foundation/claim-format-registry/schemas/presentation-definition-claim-format-designations.json"
},
"group": {
"type": "array",
"items": {
"type": "string"
}
},
"constraints": {
"type": "object",
"additionalProperties": false,
"properties": {
"limit_disclosure": {
"type": "string",
"enum": [
"required",
"preferred"
]
},
"statuses": {
"type": "object",
"additionalProperties": false,
"properties": {
"active": {
"$ref": "#/definitions/status_directive"
},
"suspended": {
"$ref": "#/definitions/status_directive"
},
"revoked": {
"$ref": "#/definitions/status_directive"
}
}
},
"fields": {
"type": "array",
"items": {
"$ref": "#/definitions/field"
}
},
"subject_is_issuer": {
"type": "string",
"enum": [
"required",
"preferred"
]
},
"is_holder": {
"type": "array",
"items": {
"type": "object",
"additionalProperties": false,
"properties": {
"field_id": {
"type": "array",
"items": {
"type": "string"
}
},
"directive": {
"type": "string",
"enum": [
"required",
"preferred"
]
}
},
"required": [
"field_id",
"directive"
]
}
},
"same_subject": {
"type": "array",
"items": {
"type": "object",
"additionalProperties": false,
"properties": {
"field_id": {
"type": "array",
"items": {
"type": "string"
}
},
"directive": {
"type": "string",
"enum": [
"required",
"preferred"
]
}
},
"required": [
"field_id",
"directive"
]
}
}
}
}
},
"required": [
"id",
"constraints"
]
},
"submission_requirement": {
"type": "object",
"oneOf": [
{
"properties": {
"name": {
"type": "string"
},
"purpose": {
"type": "string"
},
"rule": {
"type": "string",
"enum": [
"all",
"pick"
]
},
"count": {
"type": "integer",
"minimum": 1
},
"min": {
"type": "integer",
"minimum": 0
},
"max": {
"type": "integer",
"minimum": 0
},
"from": {
"type": "string"
}
},
"required": [
"rule",
"from"
],
"additionalProperties": false
},
{
"properties": {
"name": {
"type": "string"
},
"purpose": {
"type": "string"
},
"rule": {
"type": "string",
"enum": [
"all",
"pick"
]
},
"count": {
"type": "integer",
"minimum": 1
},
"min": {
"type": "integer",
"minimum": 0
},
"max": {
"type": "integer",
"minimum": 0
},
"from_nested": {
"type": "array",
"minItems": 1,
"items": {
"$ref": "#/definitions/submission_requirement"
}
}
},
"required": [
"rule",
"from_nested"
],
"additionalProperties": false
}
]
}
},
"type": "object",
"properties": {
"id": {
"type": "string"
},
"name": {
"type": "string"
},
"purpose": {
"type": "string"
},
"format": {
"$ref": "https://identity.foundation/claim-format-registry/schemas/presentation-definition-claim-format-designations.json"
},
"frame": {
"type": "object",
"additionalProperties": true
},
"submission_requirements": {
"type": "array",
"items": {
"$ref": "#/definitions/submission_requirement"
}
},
"input_descriptors": {
"type": "array",
"items": {
"$ref": "#/definitions/input_descriptor"
}
}
},
"required": [
"id",
"input_descriptors"
],
"additionalProperties": false
}
§ Input Descriptor
{
"$schema": "http://json-schema.org/draft-07/schema#",
"title": "Input Descriptor",
"definitions": {
"status_directive": {
"type": "object",
"additionalProperties": false,
"properties": {
"directive": {
"type": "string",
"enum": [
"required",
"allowed",
"disallowed"
]
},
"type": {
"type": "array",
"minItems": 1,
"items": {
"type": "string"
}
}
}
},
"field": {
"type": "object",
"oneOf": [
{
"properties": {
"id": {
"type": "string"
},
"optional": {
"type": "boolean"
},
"path": {
"type": "array",
"items": {
"type": "string"
}
},
"purpose": {
"type": "string"
},
"intent_to_retain": {
"type": "boolean"
},
"name": {
"type": "string"
},
"filter": {
"$ref": "http://json-schema.org/draft-07/schema#"
}
},
"required": [
"path"
],
"additionalProperties": false
},
{
"properties": {
"id": {
"type": "string"
},
"optional": {
"type": "boolean"
},
"path": {
"type": "array",
"items": {
"type": "string"
}
},
"purpose": {
"type": "string"
},
"intent_to_retain": {
"type": "boolean"
},
"filter": {
"$ref": "http://json-schema.org/draft-07/schema#"
},
"name": {
"type": "string"
},
"predicate": {
"type": "string",
"enum": [
"required",
"preferred"
]
}
},
"required": [
"path",
"filter",
"predicate"
],
"additionalProperties": false
}
]
}
},
"type": "object",
"additionalProperties": false,
"properties": {
"id": {
"type": "string"
},
"name": {
"type": "string"
},
"purpose": {
"type": "string"
},
"group": {
"type": "array",
"items": {
"type": "string"
}
},
"constraints": {
"type": "object",
"additionalProperties": false,
"properties": {
"limit_disclosure": {
"type": "string",
"enum": [
"required",
"preferred"
]
},
"statuses": {
"type": "object",
"additionalProperties": false,
"properties": {
"active": {
"$ref": "#/definitions/status_directive"
},
"suspended": {
"$ref": "#/definitions/status_directive"
},
"revoked": {
"$ref": "#/definitions/status_directive"
}
}
},
"fields": {
"type": "array",
"items": {
"$ref": "#/definitions/field"
}
},
"subject_is_issuer": {
"type": "string",
"enum": [
"required",
"preferred"
]
},
"is_holder": {
"type": "array",
"items": {
"type": "object",
"additionalProperties": false,
"properties": {
"field_id": {
"type": "array",
"items": {
"type": "string"
}
},
"directive": {
"type": "string",
"enum": [
"required",
"preferred"
]
}
},
"required": [
"field_id",
"directive"
]
}
},
"same_subject": {
"type": "array",
"items": {
"type": "object",
"additionalProperties": false,
"properties": {
"field_id": {
"type": "array",
"items": {
"type": "string"
}
},
"directive": {
"type": "string",
"enum": [
"required",
"preferred"
]
}
},
"required": [
"field_id",
"directive"
]
}
}
}
}
},
"required": [
"id"
]
}
§ Presentation Submission
{
"$schema": "http://json-schema.org/draft-07/schema#",
"title": "Presentation Submission",
"type": "object",
"properties": {
"presentation_submission": {
"type": "object",
"properties": {
"id": { "type": "string" },
"definition_id": { "type": "string" },
"descriptor_map": {
"type": "array",
"items": { "$ref": "#/definitions/descriptor" }
}
},
"required": ["id", "definition_id", "descriptor_map"],
"additionalProperties": false
}
},
"definitions": {
"descriptor": {
"type": "object",
"properties": {
"id": { "type": "string" },
"path": { "type": "string" },
"path_nested": {
"type": "object",
"$ref": "#/definitions/descriptor"
},
"format": {
"$ref": "https://identity.foundation/claim-format-registry/schemas/presentation-submission-claim-format-designations.json#/definitions/format"
}
},
"required": ["id", "path", "format"],
"additionalProperties": false
}
},
"required": ["presentation_submission"],
"additionalProperties": false
}
§ Submission Requirement
{
"$schema": "http://json-schema.org/draft-07/schema#",
"title": "Presentation Submission Requirement",
"definitions": {
"submission_requirement": {
"type": "object",
"oneOf": [
{
"properties": {
"name": { "type": "string" },
"purpose": { "type": "string" },
"rule": {
"type": "string",
"enum": ["all", "pick"]
},
"count": { "type": "integer", "minimum": 1 },
"min": { "type": "integer", "minimum": 0 },
"max": { "type": "integer", "minimum": 0 },
"from": { "type": "string" }
},
"required": ["rule", "from"],
"additionalProperties": false
},
{
"properties": {
"name": { "type": "string" },
"purpose": { "type": "string" },
"rule": {
"type": "string",
"enum": ["all", "pick"]
},
"count": { "type": "integer", "minimum": 1 },
"min": { "type": "integer", "minimum": 0 },
"max": { "type": "integer", "minimum": 0 },
"from_nested": {
"type": "array",
"minItems": 1,
"items": {
"$ref": "#/definitions/submission_requirement"
}
}
},
"required": ["rule", "from_nested"],
"additionalProperties": false
}
]
}
},
"$ref": "#/definitions/submission_requirement"
}
§ Submission Requirements
{
"$schema": "http://json-schema.org/draft-07/schema#",
"title": "Submission Requirements",
"definitions": {
"submission_requirements": {
"type": "object",
"oneOf": [
{
"properties": {
"name": {
"type": "string"
},
"purpose": {
"type": "string"
},
"rule": {
"type": "string",
"enum": [
"all",
"pick"
]
},
"count": {
"type": "integer",
"minimum": 1
},
"min": {
"type": "integer",
"minimum": 0
},
"max": {
"type": "integer",
"minimum": 0
},
"from": {
"type": "string"
}
},
"required": [
"rule",
"from"
],
"additionalProperties": false
},
{
"properties": {
"name": {
"type": "string"
},
"purpose": {
"type": "string"
},
"rule": {
"type": "string",
"enum": [
"all",
"pick"
]
},
"count": {
"type": "integer",
"minimum": 1
},
"min": {
"type": "integer",
"minimum": 0
},
"max": {
"type": "integer",
"minimum": 0
},
"from_nested": {
"type": "array",
"minItems": 1,
"items": {
"$ref": "#/definitions/submission_requirements"
}
}
},
"required": [
"rule",
"from_nested"
],
"additionalProperties": false
}
]
}
},
"type": "object",
"properties": {
"submission_requirements": {
"type": "array",
"items": {
"$ref": "#/definitions/submission_requirements"
}
}
},
"required": [
"submission_requirements"
],
"additionalProperties": false
}
§ Format Declaration
Defined in the Claim Format Registry
§ JSONPath Syntax Definition
The Presentation Exchange specification adopts and defines the following syntax from the JSONPath object query language, which implementers **MUST** support for evaluation of the portions of the Presentation Exchange specification that call for JSONPath expression execution.
JSONPath | Description |
---|---|
$ |
The root object/element |
@ |
The current object/element |
. |
Child member operator |
.. |
Recursive descendant operator; JSONPath borrows this syntax from E4X |
* |
Wildcard matching all objects/elements regardless their names |
[] |
Subscript operator |
[,] |
Union operator for alternate names or array indices as a set |
[start:end:step] |
Array slice operator borrowed from ES4 / Python |
?() |
Applies a filter (script) expression via static evaluation (see Security Considerations) |
() |
Script expression via static evaluation (see Security Considerations) |
Example JSON Object
{
"store": {
"book": [
{
"category": "reference",
"author": "Nigel Rees",
"title": "Sayings of the Century",
"price": 8.95
}, {
"category": "fiction",
"author": "Evelyn Waugh",
"title": "Sword of Honour",
"price": 12.99
}, {
"category": "fiction",
"author": "Herman Melville",
"title": "Moby Dick",
"isbn": "0-553-21311-3",
"price": 8.99
}, {
"category": "fiction",
"author": "J. R. R. Tolkien",
"title": "The Lord of the Rings",
"isbn": "0-395-19395-8",
"price": 22.99
}
],
"bicycle": {
"color": "red",
"price": 19.95
}
}
}
Example JSONPath Expressions
JSONPath | Description |
---|---|
$.store.book[*].author |
The authors of all books in the store |
$..author |
All authors |
$.store.* |
All things in store, which are some books and a red bicycle |
$.store..price |
The price of everything in the store |
$..book[2] |
The third book |
$..book[(@.length-1)] |
The last book via script subscript (see Security Considerations) |
$..book[-1:] |
The last book via slice |
$..book[0,1] |
The first two books via subscript union |
$..book[:2] |
The first two books via subscript array slice |
$..book[?(@.isbn)] |
Filter all books with isbn number (see Security Considerations) |
$..book[?(@.price<10)] |
Filter all books cheaper than 10 (see Security Considerations) |
$..book[?(@.price==8.95)] |
Filter all books that cost 8.95 (see Security Considerations) |
$..book[?(@.price<30 && @.category=="fiction")] |
Filter all fiction books cheaper than 30 |
$..* |
All members of JSON structure |
§ Normative References
- OIDC
- Open ID Connect. Jones, M., Bradley, J., and N. Sakimura. Status: Approved Specification
- Linked Data Proof
- Data Integrity 1.0. Dave Longley, Manu Sporny. 2022-03. Status: Draft Community Group Report.
- JSON Schema
- JSON Schema Draft-07. OpenJS Foundation. 2018-03-19. Status: Internet-Draft.
- RFC7518
- JSON Web Algorithms (JWA). M. Jones; 2015-05. Status: Proposed Standard.
- RFC7519
- JSON Web Token (JWT). M. Jones; J. Bradley; N. Sakimura; 2015-05. Status: Proposed Standard.
- RFC7797
- JSON Web Signature (JWS) Unencoded Payload Option. M. Jones; 2016-02. Status: Proposed Standard.
- VC-DATA-MODEL
- Verifiable Credentials Data Model 1.0. Manu Sporny; Grant Noble; Dave Longley; Daniel Burnett; Brent Zundel; 2019-11-19. Status: REC.
§ Informative References
- CHAPI
- W3C Credential Handler API 1.0. Dave Longley, Manu Sporny. 2020-2-19. Status: Draft Community Group Report.
- DIDComm
- DIF DIDComm Messaging. Daniel Hardman, Sam Curren. Status: Working Group Draft.
§ Appendix
§ Security Considerations
JSONPath and JSON schemas are used in this specification. Both allow the use of Regular Expressions, and JSONPath additionally allows the use of function extensions. Both introduce important security risks, which implementors should mitigate.
§ Regular Expression Security Considerations
A general best practice, which this specification emphasizes, is that implementations should protect against the potential security threats caused by accepting arbitrary Regular Expressions, including those resulting in denial-of-service attacks through expensive-to-compute expressions. Specifically, the Presentation Definition and Presentation Submission should be treated as input from untrusted sources.
§ JSONPath-specific Considerations
This specification uses JSONPath in 2 locations: Presentation Definition Input Descriptors, defining where data is to be found, and Presentation Submission Descriptor Map, defining how submitted Claims map to the Presentation Definition.
Implementors should follow precautions related to regular expressions in JSONPath and additionl precautions related to JSONPath’s support of function extensions.
§ Function Extension Security Considerations
Further, implementors should guard against risks introduced by JSONPath’s support of function extensions. This includes function extensions accepting regular expression parameters (e.g., search and match), and more generally, any function extension that may be vulnerable to exploits on receiving arbitrary input.
The JSONPath IETF document provides more details on the security considerations described here.
§ Recommendations and Alternatives
This specification recommends avoiding use of JSONPath’s regular expression and function extension features if other approaches can achieve the same goal. This describes reasons implementors consider using these features and alternatives.
While these features may enable Input Descriptor flexibility, they can result in complex, sometimes opaque, matching logic. Because Relying Parties typically know the type of credentials and claims they want to receive, it’s recommended to use a direct alternative.
On the Presentation Submission side, JSONPath filtering features can typically be avoided in favor of correlating input descriptor field ids in the descriptor_map
with exact paths to the Verifiable Credentials or claims.
If use is necessary, implementations should use proper security and execution time guards, e.g., through sandboxed execution with a timeout.
§ JSON Schema-specific Considerations
§ Attack Vectors on JSON Schema
JSON Schema allows the use of Regular Expressions, to which the security considerations mentioned above apply.
Further, implementations that support validating or evaluating instance string data based on “contentEncoding” and/or “contentMediaType” are at risk of evaluating data in an unsafe way based on misleading information. Applications can mitigate this risk by only performing such processing when a relationship between the schema and instance is established (e.g., they share the same authority).
§ Recommendations and Alternatives
Not using Regular Expressions mainly applies to the pattern
property of the filter. This specification recommends using other means, such as const
, format
, and enum
to filter values.
§ What is new
The summary and details below highlight the differences between V1 and V2 of this specification.
Summary of changes:
- Introduction of Features.
- Introduction of Status Constraint.
- Introduction of Retention.
- Introduction of JSON-LD Framing.
- Introduction of an
optional
property for the fields object. - Introduction of an optional
name
property for the Input Descriptor Objects. - Removal of
schema
property from Input Descriptor Objects. - Input Descriptor
format
was moved to an external registry and can be restrained. - Input Descriptor
constraint
property has been made mandatory. - More concise language for consumers and producers.
§ Features
Features enable Verifiers to express, and Holders to support, extended functionality (relative to the base objects) by defining one or more properties on one or more objects. Features themselves are optional, but they can express mandatory properties and objects. The spec has been rearranged and several Features are introduced like for instance the Predicate, Relational Constraint, Credential Status Constraint In the previous versions most of these Features were part of the spec that any Conformant Producer or Conformant Consumer had to implement.
§ Status Constraint Feature
The Status Constraint Feature allows to put active, revoked or expired constraint on the statuses of Verifiable Credentials. The type
property allows status objects to express which credential status types from the VC Data Model are supported.
§ Retention Feature
The Retention feature indicates whether the Verifier intents to retain the Claim’s data being requested.
§ JSON-LD Framing Feature
The Presentation Definition now may contain a frame
property which must be a JSON LD Framing Document object to allow for selective disclosure using frames.
§ Introduction of an optional name
property to the input descriptor object
An Input Descriptor Object may now contain an name
property, indicating a human readable representation of the target.
§ Introduction of an optional property for the fields object
The fields object of an Input Descriptor Object may now contain an optional
property, indicating optionality of the field.
§ Removal of schema property from Input Descriptor Objects
Previously an Input Descriptor Object had a schema
property that contained an array of URIs for Claim schema’s. It introduced ambiguity and was the source of confusion. It has been replaced with a fields
property in the constraints object of the Input Descriptor Object, allowing for a more expressive approach to restrict to certain types for instance.
As a result, the support for hashlinks has also been removed from the specification, as these could be used as URIs in the schema
property previously.
§ Input Descriptor Format was moved to an external registry and can be restrained
Previously the Verifiable Credential and Verifiable Presentation formats, like jwt
, jwt_vp
, ldp_vc
were listed in the specification. They have been moved to an external registry to allow for future extension without the need to update the specification. See Claim Format Designations for more information.
Also the Input Descriptor Object now may contain a format
property, next to the toplevel format
property, to constrain a submission of a single object to a subset of formats.
§ The Input Descriptor constraint property has been made mandatory
The Input Descriptor Object now must contain a constraints
property, where it was optional before. Given other optional fields, omission of the constraints
property could potentially lead to an Input Descriptor Object that didn’t express anything actionable anymore.
§ More concise language for consumers and producers
Language around consumers and producers of Presentation Definition and Presentation Submission objects has been made more concise to prevent confusion.
§ name
and description
properties added to the spec.
§ Embed Target Examples
§ Presentation Submissions
{
"@context": [
"https://www.w3.org/2018/credentials/v1",
"https://identity.foundation/presentation-exchange/submission/v1"
],
"type": [
"VerifiablePresentation",
"PresentationSubmission"
],
"presentation_submission": {
"id": "a30e3b91-fb77-4d22-95fa-871689c322e2",
"definition_id": "32f54163-7166-48f1-93d8-ff217bdb0653",
"descriptor_map": [
{
"id": "banking_input_2",
"format": "jwt_vc",
"path": "$.verifiableCredential[0]"
},
{
"id": "employment_input",
"format": "ldp_vc",
"path": "$.verifiableCredential[1]"
},
{
"id": "citizenship_input_1",
"format": "ldp_vc",
"path": "$.verifiableCredential[2]"
}
]
},
"verifiableCredential": [
{
"comment": "IN REALWORLD VPs, THIS WILL BE A BIG UGLY OBJECT INSTEAD OF THE DECODED JWT PAYLOAD THAT FOLLOWS",
"vc": {
"@context": "https://www.w3.org/2018/credentials/v1",
"id": "https://eu.com/claims/DriversLicense",
"type": ["EUDriversLicense"],
"issuer": "did:example:123",
"issuanceDate": "2010-01-01T19:73:24Z",
"credentialSubject": {
"id": "did:example:ebfeb1f712ebc6f1c276e12ec21",
"accounts": [
{
"id": "1234567890",
"route": "DE-9876543210"
},
{
"id": "2457913570",
"route": "DE-0753197542"
}
]
}
}
},
{
"@context": "https://www.w3.org/2018/credentials/v1",
"id": "https://business-standards.org/schemas/employment-history.json",
"type": ["VerifiableCredential", "GenericEmploymentCredential"],
"issuer": "did:foo:123",
"issuanceDate": "2010-01-01T19:73:24Z",
"credentialSubject": {
"id": "did:example:ebfeb1f712ebc6f1c276e12ec21",
"active": true
},
"proof": {
"type": "EcdsaSecp256k1VerificationKey2019",
"created": "2017-06-18T21:19:10Z",
"proofPurpose": "assertionMethod",
"verificationMethod": "https://example.edu/issuers/keys/1",
"jws": "..."
}
},
{
"@context": "https://www.w3.org/2018/credentials/v1",
"id": "https://eu.com/claims/DriversLicense",
"type": ["EUDriversLicense"],
"issuer": "did:foo:123",
"issuanceDate": "2010-01-01T19:73:24Z",
"credentialSubject": {
"id": "did:example:ebfeb1f712ebc6f1c276e12ec21",
"license": {
"number": "34DGE352",
"dob": "07/13/80"
}
},
"proof": {
"type": "RsaSignature2018",
"created": "2017-06-18T21:19:10Z",
"proofPurpose": "assertionMethod",
"verificationMethod": "https://example.edu/issuers/keys/1",
"jws": "..."
}
}
],
"proof": {
"type": "RsaSignature2018",
"created": "2018-09-14T21:19:10Z",
"proofPurpose": "authentication",
"verificationMethod": "did:example:ebfeb1f712ebc6f1c276e12ec21#keys-1",
"challenge": "1f44d55f-f161-4938-a659-f8026467f126",
"domain": "4jt78h47fh47",
"jws": "..."
}
}
{
"iss": "https://self-issued.me",
"sub": "248289761001",
"preferred_username": "superman445",
"presentation_submission": {
"id": "a30e3b91-fb77-4d22-95fa-871689c322e2",
"definition_id": "32f54163-7166-48f1-93d8-ff217bdb0653",
"descriptor_map": [
{
"id": "banking_input_2",
"format": "jwt",
"path": "$._claim_sources.banking_input_2.JWT"
},
{
"id": "employment_input",
"format": "jwt_vc",
"path": "$._claim_sources.employment_input.VC_JWT"
},
{
"id": "citizenship_input_1",
"format": "ldp_vc",
"path": "$._claim_sources.citizenship_input_1.VC"
}
]
},
"_claim_names": {
"verified_claims": [
"banking_input_2",
"employment_input",
"citizenship_input_1"
]
},
"_claim_sources": {
"banking_input_2": {
"JWT": "eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJodHRwczovL3NlcnZlci5vdGhlcm9wLmNvbSIsInN1YiI6ImU4MTQ4NjAzLTg5MzQtNDI0NS04MjViLWMxMDhiOGI2Yjk0NSIsInZlcmlmaWVkX2NsYWltcyI6eyJ2ZXJpZmljYXRpb24iOnsidHJ1c3RfZnJhbWV3b3JrIjoiaWFsX2V4YW1wbGVfZ29sZCJ9LCJjbGFpbXMiOnsiZ2l2ZW5fbmFtZSI6Ik1heCIsImZhbWlseV9uYW1lIjoiTWVpZXIiLCJiaXJ0aGRhdGUiOiIxOTU2LTAxLTI4In19fQ.FArlPUtUVn95HCExePlWJQ6ctVfVpQyeSbe3xkH9MH1QJjnk5GVbBW0qe1b7R3lE-8iVv__0mhRTUI5lcFhLjoGjDS8zgWSarVsEEjwBK7WD3r9cEw6ZAhfEkhHL9eqAaED2rhhDbHD5dZWXkJCuXIcn65g6rryiBanxlXK0ZmcK4fD9HV9MFduk0LRG_p4yocMaFvVkqawat5NV9QQ3ij7UBr3G7A4FojcKEkoJKScdGoozir8m5XD83Sn45_79nCcgWSnCX2QTukL8NywIItu_K48cjHiAGXXSzydDm_ccGCe0sY-Ai2-iFFuQo2PtfuK2SqPPmAZJxEFrFoLY4g"
},
"employment_input": {
"VC": {
"@context": "https://www.w3.org/2018/credentials/v1",
"id": "https://business-standards.org/schemas/employment-history.json",
"type": ["VerifiableCredential", "GenericEmploymentCredential"],
"issuer": "did:foo:123",
"issuanceDate": "2010-01-01T19:73:24Z",
"credentialSubject": {
"id": "did:example:ebfeb1f712ebc6f1c276e12ec21",
"active": true
},
"proof": {
"type": "EcdsaSecp256k1VerificationKey2019",
"created": "2017-06-18T21:19:10Z",
"proofPurpose": "assertionMethod",
"verificationMethod": "https://example.edu/issuers/keys/1",
"jws": "..."
}
}
},
"citizenship_input_1": {
"VC": {
"@context": "https://www.w3.org/2018/credentials/v1",
"id": "https://eu.com/claims/DriversLicense",
"type": ["EUDriversLicense"],
"issuer": "did:foo:123",
"issuanceDate": "2010-01-01T19:73:24Z",
"credentialSubject": {
"id": "did:example:ebfeb1f712ebc6f1c276e12ec21",
"license": {
"number": "34DGE352",
"dob": "07/13/80"
}
},
"proof": {
"type": "EcdsaSecp256k1VerificationKey2019",
"created": "2017-06-18T21:19:10Z",
"proofPurpose": "assertionMethod",
"verificationMethod": "https://example.edu/issuers/keys/1",
"jws": "..."
}
}
}
}
}
{
"type": "web",
"dataType": "VerifiablePresentation",
"data": {
"comment": "Presentation Submission goes here"
}
}
{
"@type": "https://didcomm.org/present-proof/%VER/presentation",
"@id": "f1ca8245-ab2d-4d9c-8d7d-94bf310314ef",
"comment": "some comment",
"formats" : [{
"attach_id" : "2a3f1c4c-623c-44e6-b159-179048c51260",
"format" : "dif/presentation-exchange/[email protected]"
}],
"presentations~attach": [{
"@id": "2a3f1c4c-623c-44e6-b159-179048c51260",
"mime-type": "application/ld+json",
"data": {
"json": {
"comment": "Presentation Submission goes here"
}
}
}]
}
eyJhbGciOiJFZERTQSIsImtpZCI6ImRpZDprZXk6ejZNa2diZldhYloxeHFkVlNCQ1hzYU1UYkw4YXVwWjl0N2VWcHRLa1hncnA0bVE3IiwidHlwIjoiSldUIn0.eyJpYXQiOjE2NzM1ODUxMDEsImlzcyI6ImRpZDprZXk6ejZNa2diZldhYloxeHFkVlNCQ1hzYU1UYkw4YXVwWjl0N2VWcHRLa1hncnA0bVE3IiwidnAiOnsiQGNvbnRleHQiOlsiaHR0cHM6Ly93d3cudzMub3JnLzIwMTgvY3JlZGVudGlhbHMvdjEiXSwiaG9sZGVyIjoiZGlkOmtleTp6Nk1rZ2JmV2FiWjF4cWRWU0JDWHNhTVRiTDhhdXBaOXQ3ZVZwdEtrWGdycDRtUTciLCJwcmVzZW50YXRpb25fc3VibWlzc2lvbiI6eyJkZWZpbml0aW9uX2lkIjoiNjQ0MjIyODktMTJkZS00OWI5LWJiZjAtMDA1YmM2MTBjMmFkIiwiZGVzY3JpcHRvcl9tYXAiOlt7ImZvcm1hdCI6Imp3dF92cCIsImlkIjoid2FfZHJpdmVyX2xpY2Vuc2UiLCJwYXRoIjoiJC52ZXJpZmlhYmxlQ3JlZGVudGlhbFswXSJ9XSwiaWQiOiIwZjI4YjM3Mi03MmQ1LTQ5M2UtYmM4Ni1iMGY3MWJhMGI4N2IifSwidHlwZSI6WyJWZXJpZmlhYmxlUHJlc2VudGF0aW9uIl0sInZlcmlmaWFibGVDcmVkZW50aWFsIjpbImV5SmhiR2NpT2lKRlpFUlRRU0lzSW10cFpDSTZJbVJwWkRwclpYazZlalpOYTIxWU1YWTRUakUyV0VkblNsVkZRakp4WW1GWFdUWjFTMU51YzJORWNrZGtjMDF4ZUdaVlp6TnJSbkIwSWl3aWRIbHdJam9pU2xkVUluMC5leUpsZUhBaU9qSTFPREF4TXpBd09EQXNJbWx6Y3lJNkltUnBaRHByWlhrNmVqWk5hMjFZTVhZNFRqRTJXRWRuU2xWRlFqSnhZbUZYV1RaMVMxTnVjMk5FY2tka2MwMXhlR1pWWnpOclJuQjBJaXdpYW5ScElqb2lNelJpTVdJME5XVXRZbUkyWXkwMFpUVTRMV0kyTnpVdE1qa3pPRE5qT0RJNE1qazBJaXdpYm1KbUlqb3hOamN6TlRnMU1UQXhMQ0p6ZFdJaU9pSmthV1E2YTJWNU9ubzJUV3RuWW1aWFlXSmFNWGh4WkZaVFFrTlljMkZOVkdKTU9HRjFjRm81ZERkbFZuQjBTMnRZWjNKd05HMVJOeUlzSW5aaklqcDdJa0JqYjI1MFpYaDBJanBiSW1oMGRIQnpPaTh2ZDNkM0xuY3pMbTl5Wnk4eU1ERTRMMk55WldSbGJuUnBZV3h6TDNZeElsMHNJbWxrSWpvaU16UmlNV0kwTldVdFltSTJZeTAwWlRVNExXSTJOelV0TWprek9ETmpPREk0TWprMElpd2lkSGx3WlNJNld5SldaWEpwWm1saFlteGxRM0psWkdWdWRHbGhiQ0pkTENKcGMzTjFaWElpT2lKa2FXUTZhMlY1T25vMlRXdHRXREYyT0U0eE5saEhaMHBWUlVJeWNXSmhWMWsyZFV0VGJuTmpSSEpIWkhOTmNYaG1WV2N6YTBad2RDSXNJbWx6YzNWaGJtTmxSR0YwWlNJNklqSXdNak10TURFdE1UTlVNRFE2TkRVNk1ERmFJaXdpWlhod2FYSmhkR2x2YmtSaGRHVWlPaUl5TURVeExURXdMVEExVkRFME9qUTRPakF3TGpBd01Gb2lMQ0pqY21Wa1pXNTBhV0ZzVTNWaWFtVmpkQ0k2ZXlKaFpHUnBkR2x2Ym1Gc1RtRnRaU0k2SWsxamJHOTJhVzRpTENKa1lYUmxUMlpDYVhKMGFDSTZJakU1T0RjdE1ERXRNRElpTENKbVlXMXBiSGxPWVcxbElqb2lRVzVrY21Weklpd2laMmwyWlc1T1lXMWxJam9pVlhKcFltVWlMQ0pwWkNJNkltUnBaRHByWlhrNmVqWk5hMmRpWmxkaFlsb3hlSEZrVmxOQ1ExaHpZVTFVWWt3NFlYVndXamwwTjJWV2NIUkxhMWhuY25BMGJWRTNJbjE5ZlEuZ3NTdjFnbFo4cHVhT21JaWQ5X2EtaUdTOXB6bkdZSTlCRlVxSUpPcEstRXA5SDdLRkI1RmZ5S2FDTFF5bWtseEp3cXYzRnRyOGF4bmotVVBuT3pqQ2ciXX19.zvvz2_CkCGPdXCN9oTGhMEuv--ezv31bDHT6_zt1MXB4E0wBZjIlxODqdVZP8BhTC1lXrzgltyQsro_7odTcDg
{
"iat": 1673585101,
"iss": "did:key:z6MkgbfWabZ1xqdVSBCXsaMTbL8aupZ9t7eVptKkXgrp4mQ7",
"vp": {
"@context": [
"https://www.w3.org/2018/credentials/v1"
],
"holder": "did:key:z6MkgbfWabZ1xqdVSBCXsaMTbL8aupZ9t7eVptKkXgrp4mQ7",
"presentation_submission": {
"definition_id": "64422289-12de-49b9-bbf0-005bc610c2ad",
"descriptor_map": [
{
"format": "jwt_vp",
"id": "wa_driver_license",
"path": "$.verifiableCredential[0]"
}
],
"id": "0f28b372-72d5-493e-bc86-b0f71ba0b87b"
},
"type": [
"VerifiablePresentation"
],
"verifiableCredential": [
"eyJhbGciOiJFZERTQSIsImtpZCI6ImRpZDprZXk6ejZNa21YMXY4TjE2WEdnSlVFQjJxYmFXWTZ1S1Nuc2NEckdkc01xeGZVZzNrRnB0IiwidHlwIjoiSldUIn0.eyJleHAiOjI1ODAxMzAwODAsImlzcyI6ImRpZDprZXk6ejZNa21YMXY4TjE2WEdnSlVFQjJxYmFXWTZ1S1Nuc2NEckdkc01xeGZVZzNrRnB0IiwianRpIjoiMzRiMWI0NWUtYmI2Yy00ZTU4LWI2NzUtMjkzODNjODI4Mjk0IiwibmJmIjoxNjczNTg1MTAxLCJzdWIiOiJkaWQ6a2V5Ono2TWtnYmZXYWJaMXhxZFZTQkNYc2FNVGJMOGF1cFo5dDdlVnB0S2tYZ3JwNG1RNyIsInZjIjp7IkBjb250ZXh0IjpbImh0dHBzOi8vd3d3LnczLm9yZy8yMDE4L2NyZWRlbnRpYWxzL3YxIl0sImlkIjoiMzRiMWI0NWUtYmI2Yy00ZTU4LWI2NzUtMjkzODNjODI4Mjk0IiwidHlwZSI6WyJWZXJpZmlhYmxlQ3JlZGVudGlhbCJdLCJpc3N1ZXIiOiJkaWQ6a2V5Ono2TWttWDF2OE4xNlhHZ0pVRUIycWJhV1k2dUtTbnNjRHJHZHNNcXhmVWcza0ZwdCIsImlzc3VhbmNlRGF0ZSI6IjIwMjMtMDEtMTNUMDQ6NDU6MDFaIiwiZXhwaXJhdGlvbkRhdGUiOiIyMDUxLTEwLTA1VDE0OjQ4OjAwLjAwMFoiLCJjcmVkZW50aWFsU3ViamVjdCI6eyJhZGRpdGlvbmFsTmFtZSI6Ik1jbG92aW4iLCJkYXRlT2ZCaXJ0aCI6IjE5ODctMDEtMDIiLCJmYW1pbHlOYW1lIjoiQW5kcmVzIiwiZ2l2ZW5OYW1lIjoiVXJpYmUiLCJpZCI6ImRpZDprZXk6ejZNa2diZldhYloxeHFkVlNCQ1hzYU1UYkw4YXVwWjl0N2VWcHRLa1hncnA0bVE3In19fQ.gsSv1glZ8puaOmIid9_a-iGS9pznGYI9BFUqIJOpK-Ep9H7KFB5FfyKaCLQymklxJwqv3Ftr8axnj-UPnOzjCg"
]
}
}
§ IANA Considerations
§ JSON Web Token Claims Registration
This specification registers the Claims in section Registry Contents in the IANA JSON Web Token Claims registry defined in RFC 751 JSON Web Token (JWT).
§ Registry Contents
Presentation Definition | Values |
---|---|
Claim Name: | presentation_definition |
Claim Description: | Presentation Definition |
Change Controller: | DIF Claims & Credentials - Working Group - https://github.com/decentralized-identity/claims-credentials/blob/main/CODEOWNERS |
Specification Document(s): | Section 5 of this document |
Presentation Submission | Values |
-------------------------- | ---------------------------------------------------------------------------------------------------------------------------- |
Claim Name: | presentation_submission |
Claim Description: | Presentation Submission |
Change Controller: | DIF Claims & Credentials - Working Group - https://github.com/decentralized-identity/claims-credentials/blob/main/CODEOWNERS |
Specification Document(s): | Section 6 of this document |