§ Presentation Exchange 2.X.X

Specification Status: Pre-Draft

Latest Draft: identity.foundation/presentation-exchange

Ratified Versions:
v1.0.0 - https://identity.foundation/presentation-exchange/spec/v1.0.0
v2.0.0 - https://identity.foundation/presentation-exchange/spec/v2.0.0
v2.1.0 - https://identity.foundation/presentation-exchange/spec/v2.1.0
v2.1.1 - https://identity.foundation/presentation-exchange/spec/v2.1.1
Editors:
Daniel Buchner (Block)
Brent Zundel (Evernym)
Martin Riedel (Consensys Mesh)
Kim Hamilton Duffy (Decentralized Identity Foundation)
Contributors:
Daniel McGrogan (Workday)
Gabe Cohen (Block)
Orie Steele (Transmute)
Wayne Chang (Spruce)
David Chadwick (Crossword Cybersecurity)
Jace Hensley (Bloom)
Niels Klomp (Sphereon)
Andor Kesselman (Benri)
Participate:
GitHub repo
File a bug
Commit history

§ Abstract

A common activity between peers in identity systems that feature the ability to generate self-asserted and third-party issued Claims is the demand and submission of proofs from a Holder to a Verifier. This flow implicitly requires the Holder and Verifier have a mechanism to facilitate the two primary steps in a proving exchange: a way for Verifiers to describe proof requirements, and for Holders to describe submissions of proof which align with those requirements.

To address these needs, this Presentation Exchange specification codifies a Presentation Definition data format Verifiers can use to articulate proof requirements, and a Presentation Submission data format Holders can use to describe proofs submitted in accordance with them.

This specification is designed to be both Claim format and transport envelope agnostic,as long as the format can be serialized as JSON. This means an implementer can use JSON Web Tokens (JWTs), Verifiable Credentials (VCs), JWT-VCs, or any other JSON Claim format, and convey them via Open ID Connect, DIDComm, Credential Handler API, or any other transport envelope. The goal of this flexible format- and transport-agnostic mechanism is to enable unified procedures and code, thereby reducing potentially redundant code and processing requirements.

This specification does not define transport protocols, specific endpoints, or other means for conveying the formatted objects it codifies, but encourages other specifications and projects that do define such mechanisms to utilize these data formats within their flows.

§ Status of This Document

Presentation Exchange v2.X.X is a PRE-DRAFT specification developed within the Decentralized Identity Foundation (DIF). It incorporates requirements and learnings from related work of many active industry players into a shared specification that meets the collective needs of the community.

§ Terminology

Claim
An assertion made about a Subject. Used as an umbrella term for Credential, Assertion, Attestation, etc.
Conformant Consumer
An entity that follows the specified processing rules to consume a Presentation Definition or Presentation Submission that conforms to this specification.
Conformant Producer
An entity that produces a Presentation Definition or Presentation Submission that conforms to this specification.
Embed Locations
Embed Locations are the specific paths and indexes per Embed Target where the Verifier can expect to find the Presentation. See Embed Locations.
Embed Target
Embed Targets are data formats used in messaging protocols that may be used to transport a Presentation Submission. See Embed Targets.
Feature
Features enable Verifiers to express, and Holders to support, extended functionality (relative to the base objects) by defining one or more properties on one or more objects.
Holder
Holders are entities that submit proofs to Verifiers to satisfy the requirements described in a Presentation Definition. A Holder is a Conformant Consumer of a Presentation Definition and a Conformant Producer of a Presentation Submission.
Holder Binding
Holder Bindings are requirements of a certain type of relationship between the Holder and the Claims within the Presentation. See Holder Binding.
Decentralized Web Node
Some examples refer to an unfamiliar query protocol, dwn://, as a way of storing and querying schemata and other resources. While orthogonal to this specification and not yet on a standards track, the concept of “decentralized web nodes” proposes an architecture that may be of interest or utility to implementers of this specification. For more information, see the draft specification hosted at the decentralized identity foundation here
Input Descriptor
Input Descriptors are used by a Verifier to describe the information required of a Holder before an interaction can proceed. See Input Descriptor.
Input Descriptor Object
Input Descriptors Objects are populated with properties describing what type of input data/Claim, or sub-fields thereof, are required for submission to the Verifier. See Input Descriptor Object.
Link Secrets
Link Secrets are values held by the Holder but hidden from other parties. They are typically incorporated into cryptographic signatures used in claims to demonstrate correlation while preventing replay attacks. An Issuer may ascertain that a Holder possesses a link secret without its disclosure. See Link Secrets.
Presentation Definition
Presentation Definitions are objects that articulate what proofs a Verifier requires. These help the Verifier to decide how or whether to interact with a Holder. Presentation Definitions are composed of inputs, which describe the forms and details of the proofs they require, and optional sets of selection rules, to allow Holders flexibility in cases where many different types of proofs may satisfy an input requirement. See Presentation Definition.
Presentation Request
Presentation Requests are transport mechanisms for Presentation. Presentation Requests can take multiple shapes, using a variety of protocols and signature schemes not refined in this specification. They are sent by a Verifier to a Holder. Defining Presentation Requests is outside the scope of this specification. See Presentation Request.
Presentation Submission
Presentation Submissions are objects embedded within target claim negotiation formats that unify the presentation of proofs to a Verifier in accordance with the requirements a Verifier specified in a Presentation Definition. See Presentation Submission.
Subject
Subjects are the entities about which Claims are made. The Subject may not be the same entity as the Holder
Submission Requirement
Submission Requirements are objects that define what combinations of inputs must be submitted to comply with the requirements a Verifier has for proceeding in a flow (e.g. credential issuance, allowing entry, accepting an application). See Submission Requirements.
Submission Requirement Object
Submission Requirement Objects describe valid combinations of inputs in a Presentation Submission. See Submission Requirement Objects.
Submission Requirement Rule
Submission Requirement Rules describe combinatorial rules within a Submission Requirement Object when processing inputs. They may be nested. See Submission Requirement Rules.
Verifier
Verifiers are entities that define what proofs they require from a Holder (via a Presentation Definition) in order to proceed with an interaction. A Verifier is a Conformant Producer of a Presentation Definition and a Conformant Consumer of a Presentation Submission.

§ Overview

The following representative sequence contextualizes the top-level objects described in this specification:

sequenceDiagram Verifier->>Holder: Presentation Definition Holder->>Verifier: Presentation Submission

This specification covers only the data models of these objects and not the exchange protocols or architectural assumptions about how they get transported. Specifically:

§ Structure of this Document

This document has two primary sections: In the first, there is a model for defining the set of information a relying party would like to have presented, and in the second, there is a model for showing that the submitted presentation meets the related definition. Each of these sections begins by defining a base set of properties considered essential for core uses of the model, then describes additional feature sets that expand upon the base to allow more complex uses. Objects are defined such that they may be used on their own or extended through Features defined subsequently in the spec. A Feature must declare if it has dependencies on other Features.

A Feature enables Verifiers to express, and Holders to support, extended functionality (relative to the base objects) by defining one or more properties on one or more objects.

Conformant Consumers are not required to support Features. A Conformant Producer using Features that a Conformant Consumer does not support, might result in a Presentation Submission that can be rejected by a Verifier. This is especially the case when a feature introduces additional constraints on the Input Descriptor Object, like for instance the Relational Constraint Feature, where the subject_is_issuer property could be used by a Verifier to require that certain inputs be self_attested. Depending on the Verifier implementation a submission which is not self attested might be rejected, because the Holder is not aware of the requirement the Feature introduced.

A Conformant Producer and Conformant Consumer implementation may wish to use Feature detection techniques for Features it does not support. Producing an error might be appropriate for certain unsupported Features, preventing submitting inappropriate or too much data, which might result in an error being produced by another Conformant Consumer implementation.

Examples in this document use the Verifiable Credentials Data Model and the Decentralized Identifiers (DIDs) formats for illustrative purposes only; this specification is intended to support any JSON-serializable Claim format.

§ Use Cases

The following is a non-exhaustive list of some use cases which this specification is intended to support.

  1. A Holder's agent can find a Presentation Definition in a well-known location, parse its contents, and use them to filter the Holder's credentials on behalf of the Holder, who can (interactively or programmatically) select credentials which their agent pack into a Presentation Submission submitted back to the Verifier for assessment.
  2. A Verifier's Presentation Definition and a Submission Requirements Object can describe a requirement met by credentials in multiple claim formats, and a Holder's agent can parse them and meet their requirements with a “mixed” Verifiable Presentation or other container that combines credentials in different claim formats, mapping claims to requirements with Embed Targets.
  3. A Verifier can be a Conformant Producer according to this specification without supporting any of the optional features, and any Holder agent which is a Conformant Consumer should be able to parse their artifacts and produce an Presentation Submission fulfilling them (granted they hold credentials that meet the requirements).
  4. A Verifier can be a Conformant Producer according to this specification supporting any combination optional features, and any Holder agent supporting none of those feature can be a Conformant Consumer of that Verifier’s artifacts.

§ Presentation Definition

Presentation Definitions are objects that articulate what proofs a Verifier requires. These help the Verifier to decide how or whether to interact with a Holder. Presentation Definitions are composed of inputs, which describe the forms and details of the proofs they require, and optional sets of selection rules, to allow Holders flexibility in cases where different types of proofs may satisfy an input requirement.

EXAMPLE
{
  "comment": "Note: VP, OIDC, DIDComm, or CHAPI outer wrapper would be here.",
  "presentation_definition": {
    "id": "32f54163-7166-48f1-93d8-ff217bdb0653",
    "input_descriptors": [
      {
        "id": "wa_driver_license",
        "name": "Washington State Business License",
        "purpose": "We can only allow licensed Washington State business representatives into the WA Business Conference",
        "constraints": {
          "fields": [
            {
              "path": [
                "$.credentialSubject.dateOfBirth",
                "$.credentialSubject.dob",
                "$.vc.credentialSubject.dateOfBirth",
                "$.vc.credentialSubject.dob"
              ]
            }
          ]
        }
      }
    ]
  }
}

EXAMPLE
{
  "presentation_definition": {
    "id": "first simple example",
    "input_descriptors": [
      {
        "id": "A specific type of VC",
        "name": "A specific type of VC",
        "purpose": "We want a VC of this type",
        "constraints": {
          "fields": [
            {
              "path": [
                "$.type"
              ],
              "filter": {
                "type": "array",
                "contains": {
                  "type": "string",
                  "pattern": "^<the type of VC e.g. degree certificate>$"
                }
              }
            }
          ]
        }
      }
    ]
  }
}

EXAMPLE
{
    "presentation_definition": {
      "id": "Scalable trust example",
      "input_descriptors": [
        {
          "id": "any type of credit card from any bank",
          "name": "any type of credit card from any bank",
          "purpose": "Please provide your credit card details",
          "constraints": {
            "fields": [
              {
                "path": [
                  "$.termsOfUse.type"
                ],
                "filter": {
                  "type": "string",
                  "pattern": "^https://train.trust-scheme.de/info$"
                }
              },
              {
                "path": [
                  "$.termsOfUse.trustScheme"
                ],
                "filter": {
                  "type": "string",
                  "pattern": "^worldbankfederation.com$"
                }
              },
              {
                "path": [
                  "$.type"
                ],
                "filter": {
                  "type": "string",
                  "pattern": "^creditCard$"
                }
              }
            ]
          }
        }
      ]
    }
  }

EXAMPLE
{
  "presentation_definition": {
    "id": "Scalable trust example",
    "input_descriptors": [
      {
        "id": "any type of credit card from any bank",
        "name": "any type of credit card from any bank",
        "purpose": "Please provide your credit card details",
        "constraints": {
          "fields": [
            {
              "path": [
                "$.termsOfUse"
              ],
              "filter": {
                "$defs": {
                  "typeString": {
                    "type": "string",
                    "pattern": "^https://train.trust-scheme.de/info$"
                  },
                  "typeStringOrArray": {
                    "anyOf": [
                      {
                        "$ref": "#/$defs/typeString"
                      },
                      {
                        "type": "array",
                        "contains": {
                          "$ref": "#/$defs/typeString"
                        }
                      }
                    ]
                  },
                  "trustSchemeString": {
                    "type": "string",
                    "pattern": "^worldbankfederation.com$"
                  },
                  "trustSchemeStringOrArray": {
                    "anyOf": [
                      {
                        "$ref": "#/$defs/trustSchemeString"
                      },
                      {
                        "type": "array",
                        "contains": {
                          "$ref": "#/$defs/trustSchemeString"
                        }
                      }
                    ]
                  },
                  "tosObject": {
                    "type": "object",
                    "required": [
                      "type",
                      "trustScheme"
                    ],
                    "properties": {
                      "type": {
                        "$ref": "#/$defs/typeStringOrArray"
                      },
                      "trustScheme": {
                        "$ref": "#/$defs/trustSchemeStringOrArray"
                      }
                    }
                  },
                  "tosObjectOrArray": {
                    "anyOf": [
                      {
                        "$ref": "#/$defs/tosObject"
                      },
                      {
                        "type": "array",
                        "contains": {
                          "$ref": "#/$defs/tosObject"
                        }
                      }
                    ]
                  }
                },
                "$ref": "#/$defs/tosObjectOrArray"
              }
            },
            {
              "path": [
                "$.type"
              ],
              "filter": {
                "type": "array",
                "contains": {
                  "type": "string",
                  "pattern": "^creditCard$"
                }
              }
            }
          ]
        }
      }
    ]
  }
}

The following properties are for use at the top-level of a Presentation Definition. Any properties that are not defined below MUST be ignored, unless otherwise specified by a Feature;

{
  "presentation_definition": {
    "id": "32f54163-7166-48f1-93d8-ff217bdb0653",
    "input_descriptors": [],
    "format": {
      "jwt": {
        "alg": ["EdDSA", "ES256K", "ES384"]
      },
      "jwt_vc": {
        "alg": ["ES256K", "ES384"]
      },
      "jwt_vp": {
        "alg": ["EdDSA", "ES256K"]
      },
      "ldp_vc": {
        "proof_type": [
          "JsonWebSignature2020",
          "Ed25519Signature2018",
          "EcdsaSecp256k1Signature2019",
          "RsaSignature2018"
        ]
      },
      "ldp_vp": {
        "proof_type": ["Ed25519Signature2018"]
      },
      "ldp": {
        "proof_type": ["RsaSignature2018"]
      }
    }
  }
}

NOTE

Including purpose information should not be confused with consent to process personal data NOR taken as a substitute for an, e.g., GDPR-conformant expression of “purpose”; instead, it should be thought of as purely informative to the user. Implementers are encouraged to do a proper review of applicable regulatory requirements around consent and purpose disclosures. The DIF Claims & Credentials WG Data Agreement work item is developing a supplemental specification to aid in compliance with privacy regulations (GDPR, CCPA, etc.), and a method for creating immutable records of consent records (data agreements) for using personal data.

§ Input Descriptor

Input Descriptors are objects used to describe the information a Verifier requires of a Holder. All Input Descriptors **MUST** be satisfied, unless otherwise specified by a Feature.

Input Descriptor Objects contain an identifier and may contain constraints on data values, and an explanation why a certain item or set of data is being requested.

§ Input Descriptor Object

The following properties are for use at the top-level of a Input Descriptor Objects. Any properties that are not defined below MUST be ignored, unless otherwise specified by a Feature;

§ Presentation Request

A Presentation Request is any transport mechanism used to send a Presentation Definition from a Verifier to a Holder. A wide variety of transport mechanisms or Claim exchange protocols may be used to send Presentation Definitions. This specification does not define Presentation Requests and is designed to be agnostic to them. Please note, however, that different use cases, supported signature schemes, protocols, and threat models may require a Presentation Requestto have certain properties. Some of these are expressed below:

§ Presentation Submission

Presentation Submissions are objects embedded within target Claim negotiation formats that express how the inputs presented as proofs to a Verifier are provided in accordance with the requirements specified in a Presentation Definition. Embedded Presentation Submission objects **MUST** be located within target data format as the value of a presentation_submission property, which is composed and embedded as follows:

EXAMPLE
{
  // NOTE: VP, OIDC, DIDComm, or CHAPI outer wrapper properties would be here.

  "presentation_submission": {
    "id": "a30e3b91-fb77-4d22-95fa-871689c322e2",
    "definition_id": "32f54163-7166-48f1-93d8-ff217bdb0653",
    "descriptor_map": [
      {
        "id": "banking_input_2",
        "format": "jwt_vc",
        "path": "$.verifiableCredential[0]"
      },
      {
        "id": "employment_input",
        "format": "ldp_vc",
        "path": "$.verifiableCredential[1]"
      },
      {
        "id": "citizenship_input_1",
        "format": "ldp_vc",
        "path": "$.verifiableCredential[2]"
      }
    ]
  }
}

§ Processing of Submission Entries

To process the Submission Entries of a Presentation Submission, use the following process:

  1. For each Submission Entry in the descriptor_map array:
    1. Execute the path field’s JSONPath expression string on the Current Traversal Object, or if none is designated, the top level of the Embed Target.
    2. Decode and parse the value returned from JSONPath execution in accordance with the Claim Format Designation specified in the object’s format property. If the value parses and validates in accordance with the Claim Format Designation specified, let the resulting object be the Current Traversal Object
    3. If the path_nested property is present, process the Nested Submission Traversal Object value using the process described in Step 1.
  2. If parsing of the Submission Entry (and any Nested Submission Traversal Objects present within it) produces a valid result, process it as the submission against the Input Descriptor indicated by the id property of the containing Input Descriptor Mapping Object.

**Example Nested Submission**

{
  "presentation_submission": {
    "id": "a30e3b91-fb77-4d22-95fa-871689c322e2",
    "definition_id": "32f54163-7166-48f1-93d8-ff217bdb0653",
    "descriptor_map": [
      {
        "id": "banking_input_2",
        "format": "jwt_vp",
        "path": "$.outerClaim[0]",
        "path_nested": {
          "id": "banking_input_2",
          "format": "ldp_vc",
          "path": "$.innerClaim[1]",
          "path_nested": {
            "id": "banking_input_2",
            "format": "jwt_vc",
            "path": "$.mostInnerClaim[2]"
          }
        }
      }
    ]
  }
}

§ Limited Disclosure Submissions

For all Claims submitted in relation to Input Descriptor Objects that include a constraints object with a limit_disclosure property set to the string value required, ensure that the data submitted is limited to the entries specified in the fields property of the constraints object. If the fields property **is not** present, or contains zero field objects, the submission **SHOULD NOT** include any data from the Claim. For example, a Verifier may simply want to know whether a Holder has a valid, signed Claim of a particular type, without disclosing any of the data it contains.

§ Validation of Claims

Once a Claim has been ingested via a Presentation Submission, any validation beyond the process of evaluation defined by the Input Evaluation section is outside the scope of Presentation Exchange. Verification of signatures and other cryptographic proofs are a function of the given Claim format, and should be evaluated in accordance with the given Claim format’s standardized processing steps. Additional verification of Claim data or subsequent validation required by a given Verifier are left to the Verifier's systems, code and business processes to define and execute.

During validation, each Input Descriptor Object **MUST** only refer to a single discrete container within a Presentation Submission, such that all checks refer to properties within the same container and are protected by the same digital signature, if the container format supports digital signatures. Examples of discrete container formats include a single Verifiable Credential within a Verifiable Presentation as defined in W3C Verifiable Credentials, OpenID Connect Tokens, and JSON Web Tokens. This is to ensure that related requirements, for example, “given name” and “family name” within the same Input Descriptor Object also come from the same container.

§ Embed Targets

The following section details where the Presentation Submission is to be embedded within a target data structure, as well as how to formulate the JSONPath expressions to select the Claims within the target data structure.

§ Embed Locations

The following are the locations at which the presentation_submission object **MUST** be embedded for known target formats. For any location besides the top level of the embed target, the location is described in JSONPath syntax.

Target Location
OpenID top-level
DIDComms $.presentations~attach.data.json
VP top-level
CHAPI $.data

§ Features

§ Submission Requirement Feature

The Submission Requirement Feature introduces extensions enabling Verifiers to express what combinations of inputs must be submitted to comply with its requirements for proceeding in a flow (e.g. credential issuance, allowing entry, accepting an application).

EXAMPLE
{
  "comment": "VP, OIDC, DIDComm, or CHAPI outer wrapper here",
  "presentation_definition": {
    "id": "32f54163-7166-48f1-93d8-ff217bdb0653",
    "submission_requirements": [{
      "name": "Citizenship Information",
      "rule": "pick",
      "count": 1,
      "from": "A"
    }],
    "input_descriptors": [
      {
        "id": "citizenship_input_1",
        "name": "EU Driver's License",
        "group": ["A"],
        "constraints": {
          "fields": [
            {
              "path": ["$.credentialSchema.id", "$.vc.credentialSchema.id"],
              "filter": {
                "type": "string",
                "const": "https://eu.com/claims/DriversLicense.json"
              }
            },
            {
              "path": ["$.issuer", "$.vc.issuer", "$.iss"],
              "purpose": "We can only accept digital driver's licenses issued by national authorities of member states or trusted notarial auditors.",
              "filter": {
                "type": "string",
                "pattern": "^did:example:gov1$|^did:example:gov2$"
              }
            },
            {
              "path": ["$.credentialSubject.dob", "$.vc.credentialSubject.dob", "$.dob"],
              "filter": {
                "type": "string",
                "format": "date"
              }
            }
          ]
        }
      },
      {
        "id": "citizenship_input_2",
        "name": "US Passport",
        "group": ["A"],
        "constraints": {
          "fields": [
            {
              "path": ["$.credentialSchema.id", "$.vc.credentialSchema.id"],
              "filter": {
                "type": "string",
                "const": "hub://did:foo:123/Collections/schema.us.gov/passport.json"
              }
            },
            {
              "path": ["$.credentialSubject.birth_date", "$.vc.credentialSubject.birth_date", "$.birth_date"],
              "filter": {
                "type": "string",
                "format": "date"
              }
            }
          ]
        }
      }
    ]
  }
}

EXAMPLE
{
  "comment": "VP, OIDC, DIDComm, or CHAPI outer wrapper here",
  "presentation_definition": {
    "id": "32f54163-7166-48f1-93d8-ff217bdb0653",
    "submission_requirements": [
      {
        "name": "Banking Information",
        "purpose": "We can only remit payment to a currently-valid bank account in the US, Germany or France.",
        "rule": "pick",
        "count": 1,
        "from": "A"
      },
      {
        "name": "Employment Information",
        "purpose": "We are only verifying one current employment relationship, not any other information about employment.",
        "rule": "all",
        "from": "B"
      },
      {
        "name": "Eligibility to Drive on US Roads",
        "purpose": "We need to verify eligibility to drive on US roads via US or EU driver's license, but no biometric or identifying information contained there.",
        "rule": "pick",
        "count": 1,
        "from": "C"
      }
    ],
    "input_descriptors": [
      {
        "id": "banking_input_1",
        "name": "Bank Account Information",
        "purpose": "Bank Account required to remit payment.",
        "group": ["A"],
        "constraints": {
          "limit_disclosure": "required",
          "fields": [
            {
              "path": ["$.credentialSchema", "$.vc.credentialSchema"],
              "filter": {
                "allOf": [
                  {
                    "type": "array",
                    "contains": {
                      "type": "object",
                      "properties": {
                        "id": {
                          "type": "string",
                          "pattern": "^https://bank-standards.example.com#accounts$"
                        }
                      },
                      "required": ["id"]
                    }
                  },
                  {
                    "type": "array",
                    "contains": {
                      "type": "object",
                      "properties": {
                        "id": {
                          "type": "string",
                          "pattern": "^https://bank-standards.example.com#investments$"
                        }
                      },
                      "required": ["id"]
                    }
                  }
                ]
              }
            },
            {
              "path": ["$.issuer", "$.vc.issuer", "$.iss"],
              "purpose": "We can only verify bank accounts if they are attested by a trusted bank, auditor or regulatory authority.",
              "filter": {
                "type": "string",
                "pattern": "^did:example:123$|^did:example:456$"
              }
            },
            {
              "path": [
                "$.credentialSubject.account[*].account_number",
                "$.vc.credentialSubject.account[*].account_number",
                "$.account[*].account_number"
              ],
              "purpose": "We can only remit payment to a currently-valid bank account in the US, France, or Germany, submitted as an ABA Acct # or IBAN.",
              "filter": {
                "type": "string",
                "pattern": "^[0-9]{10-12}|^(DE|FR)[0-9]{2}\\s?([0-9a-zA-Z]{4}\\s?){4}[0-9a-zA-Z]{2}$"
              },
              "intent_to_retain": true
            },
            {
              "path": ["$.credentialSubject.portfolio_value", "$.vc.credentialSubject.portfolio_value", "$.portfolio_value"],
              "purpose": "A current portfolio value of at least one million dollars is required to insure your application",
              "filter": {
                "type": "number",
                "minimum": 1000000
              },
              "intent_to_retain": true
            }
          ]
        }
      },
      {
        "id": "banking_input_2",
        "name": "Bank Account Information",
        "purpose": "We can only remit payment to a currently-valid bank account.",
        "group": ["A"],
        "constraints": {
          "fields": [
            {
              "path": ["$.credentialSchema.id", "$.vc.credentialSchema.id"],
              "filter": {
                "type": "string",
                "pattern": "^https://bank-schemas.org/1.0.0/accounts.json|https://bank-schemas.org/2.0.0/accounts.json$"
              }
            },
            {
              "path": [
                "$.issuer",
                "$.vc.issuer",
                "$.iss"
              ],
              "purpose": "We can only verify bank accounts if they are attested by a trusted bank, auditor or regulatory authority.",
              "filter": {
                "type": "string",
                "pattern": "^did:example:123$|^did:example:456$"
              }
            },
            {
              "path": [
                "$.credentialSubject.account[*].id",
                "$.vc.credentialSubject.account[*].id",
                "$.account[*].id"
              ],
              "purpose": "We can only remit payment to a currently-valid bank account in the US, France, or Germany, submitted as an ABA Acct # or IBAN.",
              "filter": {
                "type": "string",
                "pattern": "^[0-9]{10-12}|^(DE|FR)[0-9]{2}\\s?([0-9a-zA-Z]{4}\\s?){4}[0-9a-zA-Z]{2}$"
              },
              "intent_to_retain": true
            },
            {
              "path": [
                "$.credentialSubject.account[*].route",
                "$.vc.credentialSubject.account[*].route",
                "$.account[*].route"
              ],
              "purpose": "We can only remit payment to a currently-valid account at a US, Japanese, or German federally-accredited bank, submitted as an ABA RTN or SWIFT code.",
              "filter": {
                "type": "string",
                "pattern": "^[0-9]{9}|^([a-zA-Z]){4}([a-zA-Z]){2}([0-9a-zA-Z]){2}([0-9a-zA-Z]{3})?$"
              },
              "intent_to_retain": true
            }
          ]
        }
      },
      {
        "id": "employment_input",
        "name": "Employment History",
        "purpose": "We are only verifying one current employment relationship, not any other information about employment.",
        "group": ["B"],
        "constraints": {
          "limit_disclosure": "required",
          "fields": [
            {
              "path": ["$.credentialSchema", "$.vc.credentialSchema"],
              "filter": {
                "type": "string",
                "const": "https://business-standards.org/schemas/employment-history.json"
              }
            },
            {
              "path": ["$.jobs[*].active"],
              "filter": {
                "type": "boolean",
                "pattern": "true"
              }
            }
          ]
        }
      },
      {
        "id": "drivers_license_input_1",
        "name": "EU Driver's License",
        "group": ["C"],
        "constraints": {
          "fields": [
            {
              "path": ["$.credentialSchema.id", "$.vc.credentialSchema.id"],
              "filter": {
                "type": "string",
                "const": "https://schema.eu/claims/DriversLicense.json"
              }
            },
            {
              "path": ["$.issuer", "$.vc.issuer", "$.iss"],
              "purpose": "We can only accept digital driver's licenses issued by national authorities of EU member states or trusted notarial auditors.",
              "filter": {
                "type": "string",
                "pattern": "did:example:gov1|did:example:gov2"
              }
            },
            {
              "path": ["$.credentialSubject.dob", "$.vc.credentialSubject.dob", "$.dob"],
              "purpose": "We must confirm that the driver was at least 21 years old on April 16, 2020.",
              "filter": {
                "type": "string",
                "format": "date"
              }
            }
          ]
        }
      },
      {
        "id": "drivers_license_input_2",
        "name": "Driver's License from one of 50 US States",
        "group": ["C"],
        "constraints": {
          "fields": [
            {
              "path": ["$.credentialSchema.id", "$.vc.credentialSchema.id"],
              "filter": {
                "type": "string",
                "const": "hub://did:foo:123/Collections/schema.us.gov/american_drivers_license.json"
              }
            },
            {
              "path": ["$.issuer", "$.vc.issuer", "$.iss"],
              "purpose": "We can only accept digital driver's licenses issued by the 50 US states' automative affairs agencies.",
              "filter": {
                "type": "string",
                "pattern": "did:example:gov1|did:web:dmv.ca.gov|did:example:oregonDMV"
              }
            },
            {
              "path": ["$.credentialSubject.birth_date", "$.vc.credentialSubject.birth_date", "$.birth_date"],
              "purpose": "We must confirm that the driver was at least 21 years old on April 16, 2020.",
              "filter": {
                "type": "string",
                "format": "date",
                "forrmatMaximum": "1999-05-16"
              }
            }
          ]
        }
      }
    ]
  }
}

§ Presentation Definition Extensions

The Submission Requirement Feature extends the Presentation Definition object to add a submission_requirements property.

When using this Feature:

§ Input Descriptor Extensions

EXAMPLE
{
  "presentation_definition": {
    "id": "32f54163-7166-48f1-93d8-ff217bdb0653",
    "input_descriptors": [
      {
        "id": "banking_input_1",
        "name": "Bank Account Information",
        "purpose": "We can only remit payment to a currently-valid bank account.",
        "group": [
          "A"
        ],
        "constraints": {
          "fields": [
            {
              "path": ["$.credentialSchema.id", "$.vc.credentialSchema.id"],
              "filter": {
                "type": "string",
                "pattern": "^https://bank-schemas.org/1.0.0/accounts.json|https://bank-schemas.org/2.0.0/accounts.json$"
              }
            },
            {
              "path": [
                "$.issuer",
                "$.vc.issuer",
                "$.iss"
              ],
              "purpose": "We can only verify bank accounts if they are attested by a trusted bank, auditor or regulatory authority.",
              "filter": {
                "type": "string",
                "pattern": "^did:example:123$|^did:example:456$"
              },
              "intent_to_retain": true
            },
            {
              "path": [
                "$.credentialSubject.account[*].id",
                "$.vc.credentialSubject.account[*].id",
                "$.account[*].id"
              ],
              "purpose": "We can only remit payment to a currently-valid bank account in the US, France, or Germany, submitted as an ABA Acct # or IBAN.",
              "filter": {
                "type": "string",
                "pattern": "^[0-9]{10-12}|^(DE|FR)[0-9]{2}\\s?([0-9a-zA-Z]{4}\\s?){4}[0-9a-zA-Z]{2}$"
              },
              "intent_to_retain": true
            },
            {
              "path": [
                "$.credentialSubject.account[*].route",
                "$.vc.credentialSubject.account[*].route",
                "$.account[*].route"
              ],
              "purpose": "We can only remit payment to a currently-valid account at a US, Japanese, or German federally-accredited bank, submitted as an ABA RTN or SWIFT code.",
              "filter": {
                "type": "string",
                "pattern": "^[0-9]{9}|^([a-zA-Z]){4}([a-zA-Z]){2}([0-9a-zA-Z]){2}([0-9a-zA-Z]{3})?$"
              },
              "intent_to_retain": true
            }
          ]
        }
      }
    ]
  }
}

EXAMPLE
{
  "presentation_definition": {
    "id": "32f54163-7166-48f1-93d8-ff217bdb0653",
    "input_descriptors": [
      {
        "id": "employment_input_xyz_gov",
        "group": ["B"],
        "name": "Verify XYZ Government Employment",
        "purpose": "Verifying current employment at XYZ Government agency as proxy for permission to access this resource",
        "constraints": {
          "fields": [
            {
              "path": ["$.credentialSchema.id", "$.vc.credentialSchema.id"],
              "filter": {
                "type": "string",
                "const": "https://login.idp.com/xyz.gov/.well-known/openid-configuration"
              }
            },
            {
              "path": ["$.status"],
              "filter": {
                "type": "string",
                "pattern": "^active$"
              }
            }
          ]
        }
      }
    ]
  }
}

The Submission Requirement Feature extends the Input Descriptor Object to add a group property.

When using this Feature:

§ Submission Requirements

Presentation Definitions **MAY** include Submission Requirements which define what combinations of inputs a Holder must submit to comply with the requirements of a Verifier.

Submission Requirements introduce a set of rule types and mapping instructions a Conformant Consumer can ingest to present requirement optionality to the user, and subsequently submit inputs in a way that maps back to the rules the Verifier has asserted.

The following section defines the format for Submission Requirements and the selection syntax Verifiers can use to specify which combinations of inputs are acceptable.

If present, all Submission Requirements **MUST** be satisfied, and all input_descriptors **MUST** be grouped. Any unused Input Descriptors that remain after satisfying all Submission Requirements **MUST** be ignored.

EXAMPLE
{
  "submission_requirements": [
    {
      "name": "Banking Information",
      "purpose": "We need you to prove you currently hold a bank account older than 12months.",
      "rule": "pick",
      "count": 1,
      "from": "A"
    },
    {
      "name": "Employment Information",
      "purpose": "We are only verifying one current employment relationship, not any other information about employment.",
      "rule": "all",
      "from": "B"
    },
    {
      "name": "Citizenship Information",
      "rule": "pick",
      "count": 1,
      "from_nested": [
        {
          "name": "United States Citizenship Proofs",
          "purpose": "We need you to prove your US citizenship.",
          "rule": "all",
          "from": "C"
        },
        {
          "name": "European Union Citizenship Proofs",
          "purpose": "We need you to prove you are a citizen of an EU member state.",
          "rule": "all",
          "from": "D"
        }
      ]
    }
  ]
}
§ Submission Requirement Objects

Submission Requirement Objects are JSON objects constructed as follows:

§ Submission Requirement Rules

Submission Requirement Rules are used within Submission Requirement Objects to describe the specific combinatorial rules that must be applied to submit a particular subset of requested inputs. The specified Submission Requirement Rule determines the behavior of the corresponding from or from_nested property, as described below. A conformant implementation **MUST** support the following rules:

§ all rule

For an all rule Submission Requirement Object:

EXAMPLE
{
  "submission_requirements": [
    {
      "name": "Submission of educational transcripts",
      "purpose": "We need your complete educational transcripts to process your application",
      "rule": "all",
      "from": "A"
    }
  ]
}

§ pick rule

For a pick rule Submission Requirement Object:

If Submission Requirement Object has a from property, this directs the Conformant Consumer to submit inputs from the set of Input Descriptors with a matching group string. In the first example that follows, the Submission Requirement requests a single input from Input Descriptor group "B". In the second example, the Submission Requirement requests 2 or more inputs from Input Descriptor group "B".

EXAMPLE
{
  "submission_requirements": [
    {
      "name": "Citizenship Proof",
      "purpose": "We need to confirm you are a citizen of one of the following countries before accepting your application",
      "rule": "pick",
      "count": 1,
      "from": "B"
    }
  ]
}
EXAMPLE
{
  "submission_requirements": [
    {
      "name": "Eligibility to Work Proof",
      "purpose": "We need to prove you are eligible for full-time employment in 2 or more of the following countries",
      "rule": "pick",
      "min": 2,
      "from": "B"
    }
  ]
}

If the Submission Requirement Object has a from_nested property, this directs the Conformant Consumer to submit inputs such that the number of satisfied Submission Requirement Objects matches the number requested. In the following example, the from_nested property contains an array of Submission Requirement Objects which requests either all members from group "A" or two members from group "B":

EXAMPLE
{
  "submission_requirements": [
    {
      "name": "Confirm banking relationship or employment and residence proofs",
      "purpose": "Recent bank statements or proofs of both employment and residence will be validated to initiate your loan application but not stored",
      "rule": "pick",
      "count": 1,
      "from_nested": [
        { "rule": "all", "from": "A" },
        { "rule": "pick", "count": 2, "from": "B" }
      ]
    }
  ]
}

§ Property Values and Evaluation

The following property value and evaluation guidelines summarize many of the processing-related rules above:

§ Predicate Feature

The predicate Feature introduces properties enabling Verifier to request that Holder apply a predicate and return the result.

§ Applying a predicate

The predicate Feature extends the Input Descriptor Object constraints.fields object to add a predicate property.

When using this Feature, the fields object **MAY** contain a predicate property. If the predicate property is present, the filter property **MUST** also be present.

NOTE

Holder returns a boolean, rather than a value returned from evaluation of the JSONPath string expressions in the path array. The boolean returned is the result of using the filter property’s JSON Schema descriptors against the evaluated value. Exclusion of the predicate property indicates that the Conformant Consumer returns the value returned from evaluation of the JSONPath string expressions in the path array.

The value of predicate **MUST** be one of the following strings:

If the predicate property is not present, a Conformant Consumer **MUST NOT** return derived predicate values.

If the predicate property is present, the set of JSON Schema descriptors which comprise the value of the filter property **MUST** be restricted according to the desired predicate operation, as follows:

At this time, additional predicate operations are not supported.

§ Relational Constraint Feature

The Relational Constraint Feature extends the Input Descriptor Object constraints object with additional properties.

When using this Feature:

§ Credential Status Constraint Feature

The values of all status properties are objects, composed as follows:

§ JSON-LD Framing Feature

The JSON-LD Framing Feature extends Presentation Definition to support extended with the JSON-LD document framing.

When using this Feature:

§ Retention Feature

The Retention Feature extends the Input Descriptor Object's field object, allowing a Verifier to indicate it will retain the submitted value for the specific field. It is currently presented to support mDL systems, and may be deprecated in the future or moved to a separate specification for more robust mDL interoperability at a later time.

A Conformant Consumer **MUST NOT** retain any data, including digests, signatures, and derived data received, except for claims from the Presentation Submission descriptors for which the accompanying Input Descriptor Object's field intent_to_retain property was set to true.

Retain is defined as: “to store for a period longer than necessary to conduct the exchange between Holder and Verifier in realtime”.

When using this Feature:

§ Input Evaluation

A Conformant Consumer of a Presentation Definition must filter inputs they hold (signed Claims, raw data, etc.) to determine whether they possess the inputs requested by the Verifier. A Conformant Consumer of a Presentation Definition **MUST** use the following process to validate whether or not its candidate inputs meet the requirements it describes:

For each Input Descriptor in the input_descriptors array of a Presentation Definition, a Conformant Consumer compares each candidate input (JWT, Verifiable Credential, etc.) it holds to determine whether there is a match.

For each candidate input:

  1. If the constraints property of the Input Descriptor contains a fields property with one or more fields objects, evaluate each fields object against the candidate input as described in the following subsequence.

    Accept the candidate input if every fields object yields a Field Query Result; else, reject.

    1. For each JSONPath expression in the path array (incrementing from the 0-index), evaluate the JSONPath expression against the candidate input and repeat the following subsequence on the result.

      Repeat until a Field Query Result is found, or the path array elements are exhausted:

      1. If the result returned no JSONPath match, skip to the next path array element.
      2. Else, evaluate the first JSONPath match (candidate) as follows:
        1. If the fields object has no filter, or if candidate validates against the JSON Schema descriptor specified in filter, then:
          • If not using the Predicate Feature, set Field Query Result to be candidate.
          • If using the Predicate Feature:
            • If the fields object has a predicate, set Field Query Result to the boolean value resulting from evaluating the Field Query Result against the JSON Schema descriptor value of the filter property.
            • Else, set Field Query Result to be candidate.
        2. Else, skip to the next path array element.
      3. If no path entries are found that satisfy the fields object’s constraints, and the fields object **DOES NOT** contain the optional property or it is set to false, reject the field as invalid. If no path entry
        satisfies the fields object’s constraints for any of the specified path queries, and the fields object **DOES** contain the optional property set to the value true, treat the field as valid and proceed to the next fields object.
  2. If all of the previous validation steps are successful mark the candidate input as a match for use in a Presentation Submission.

    NOTE

    Submission Requirement Feature Only

    If present at the top level of the Input Descriptor, keep a relative reference to the group values the input is designated for.

  3. If the constraints property of the Input Descriptor contains a limit_disclosure property set to the string value required, ensure that any subsequent submission of data in relation to the candidate input is limited to the entries specified in the fields property. If the fields property **is not** present, or contains zero field objects, submission **SHOULD NOT** include any Claim data from the Claim. For example, a Verifier may simply want to know a Holder has a valid, signed Claims of a particular type, without disclosing any of the data it contains.

NOTE

Relational Constraint Feature Only

  1. If the constraints property of the Input Descriptor contains a subject_is_issuer property set to the value required, ensure that any submission of data in relation to the candidate input is fulfilled using a self_attested Claim.
  2. If the constraints property of the Input Descriptor contains an is_holder property, ensure that for each object in the array, any submission of data in relation to the candidate input is fulfilled by the Subject of the attributes so identified by the strings in the field_id array.
  3. If the constraints property of the Input Descriptor contains a same_subject property, ensure that for each object in the array, all of the attributes so identified by the strings in the field_id array are about the same Subject.

§ Expired and Revoked Data

Certain types of Claims have concepts of expiration and revocation. Expiration is mechanism used to communicate a time after which a Claim will no longer be valid. Revocation is a mechanism used by an issuer to express the status of a Claim after issuance. Different Claim specifications handle these concepts in different ways.

Presentation Definitions have a need to specify whether expired, revoked, or Claims of other statuses can be accepted. For Claims that have simple status properties, Input Descriptor Filters JSON Schema can be used to specify acceptable criteria.

The first example below demonstrates expiry using the VC Data Model’s expirationDate property. The second example below demonstrates revocation, or more generally, credential status using the VC Data Model’s credentialStatus property. Using the syntax provided in the example, a Verifier will have all requisite information to resolve the status of a Claim.

EXAMPLE
{
  "id": "drivers_license_information",
  "name": "Verify Valid License",
  "purpose": "We need you to show that your driver's license will be valid through December of this year.",
  "constraints": {
    "fields": [
      {
        "path": ["$.credentialSchema.id", "$.vc.credentialSchema.id"],
        "filter": {
          "type": "string",
          "const": "https://yourwatchful.gov/drivers-license-schema.json"
        }
      },
      {
        "path": ["$.expirationDate"],
        "filter": {
          "type": "string",
          "format": "date-time"
        }
      }
    ]
  }
}

EXAMPLE
{
  "id": "drivers_license_information",
  "name": "Verify Valid License",
  "purpose": "We need to know that your license has not been revoked.",
  "constraints": {
    "fields": [
      {
        "path": ["$.credentialSchema.id", "$.vc.credentialSchema.id"],
        "filter": {
          "type": "string",
          "const": "https://yourwatchful.gov/drivers-license-schema.json"
        }
      },
      {
        "path": ["$.credentialStatus"]
      }
    ]
  }
}

§ Holder and Subject Binding

Claims often rely on proofs of Holder or Subject binding for their validity. A Verifier may wish to determine that a particular Claim, or set of Claims is bound to a particular Holder or Subject. This can help the Verifier to determine the legitimacy of the presented proofs.

Some mechanisms which enable proof of Holder binding are described below. These include proof of identifier control, proof the Holder knows a secret value, and biometrics. An Issuer can make proofs of Holder binding possible by including Holder information either in the Claim or the Claim signature.

Some examples of Subject binding include matching the Subject of one Claim with that of another, or matching the Subject of a Claim with the Holder.

§ Proof of Identifier Control

A number of Claim types include an identifier for the Claim Subject. A Verifier may wish to ascertain that one of the Subject identified in the Claim is the one submitting the proof, or has consented to the proof submission. A Claim may also include an identifier for the Holder, independent of the Subject identifiers.

One mechanism for providing such proofs is the use of a DID as the identifier for the Claim Subject or Holder. DIDs enable an entity to provide a cryptographic proof of control of the identifier, usually through a demonstration that the DID Controller knows some secret value, such as a private key.

The Holder or Subject can demonstrate this proof of control when the Claim is presented. In addition to verifying the authenticity and origin of the Claim itself, a Verifier can verify that the Holder or Subject of the Claim still controls the identifier.

Some Claim signatures support the inclusion of Holder-provided secrets that become incorporated into the signature, but remain hidden from the Claim issuer. One common use of this capability is to bind the Claim to the Holder. This is sometimes called a link secret.

Just as with proof of control of an identifier, link secret proofs demonstrate that the Holder knows some secret value. Upon presentation to a Verifier, the Holder demonstrates knowledge of the secret without revealing it. The Verifier can verify that the Holder knows the link secret, and that the link secret is contained in the Claim signature. The Holder can provide this proof for each presented Claim, thereby linking them together.

§ Biometrics

This type of Holder binding, instead of relying on demonstrating knowledge of some secret value, relies on the evaluation of biometric data. There are a number of mechanisms for safely embedding biometric information in a Claim such that only a person who can confirm the biometric may present the Claim.

§ Claim Format Designations

Within the Presentation Exchange specification, there are numerous sections where Verifiers and Holders convey what Claim format variants they can receive or are submitting. These formats are codified by abbreviation tags which are defined in a separate registry also hosted at the DIF, and maintained by the same authors as this specification. The registry includes JSON Schema documents, which are referenced in schemas defined in this specification. To add abbreviations for a claim format supported by a working implementation, please follow these instructions and open a PR to open a pull request at the registry repository.
This registry is not meant to be exhaustive nor restrictive; an implementation that supports additional claim formats can still be considered fully conformant.

§ JSON Schema

This specification leverages JSON Schema in multiple places: for processing Input Descriptors, as well as for evaluating the data objects defined by Presentation Exchange itself for conformance with the specification.

To facilitate consistent implementation of the specification and to facilitate interoperability implementers *MUST use JSON Schema Draft 7. Draft 7 is widely used, adopted, has significant support in open source software, and supports the features of JSON Schema used by this specification.

The relevant links to the Draft 7 specifications can be found here.

§ Vocabulary Definition

The Presentation Exchange specification adopts and defines the following JSON Schema data format and processing variant, which implementers **MUST** support for evaluation of the portions of the Presentation Exchange specification that call for JSON Schema validation.

§ Presentation Definition (in an envelope)

{
  "$schema": "http://json-schema.org/draft-07/schema#",
  "title": "Presentation Definition Envelope",
  "definitions": {
    "status_directive": {
      "type": "object",
      "additionalProperties": false,
      "properties": {
        "directive": {
          "type": "string",
          "enum": [
            "required",
            "allowed",
            "disallowed"
          ]
        },
        "type": {
          "type": "array",
          "minItems": 1,
          "items": {
            "type": "string"
          }
        }
      }
    },
    "field": {
      "type": "object",
      "oneOf": [
        {
          "properties": {
            "id": {
              "type": "string"
            },
            "optional": {
              "type": "boolean"
            },
            "path": {
              "type": "array",
              "items": {
                "type": "string"
              }
            },
            "purpose": {
              "type": "string"
            },
            "name": {
              "type": "string"
            },
            "intent_to_retain": {
              "type": "boolean"
            },
            "filter": {
              "$ref": "http://json-schema.org/draft-07/schema#"
            }
          },
          "required": [
            "path"
          ],
          "additionalProperties": false
        },
        {
          "properties": {
            "id": {
              "type": "string"
            },
            "optional": {
              "type": "boolean"
            },
            "path": {
              "type": "array",
              "items": {
                "type": "string"
              }
            },
            "purpose": {
              "type": "string"
            },
            "intent_to_retain": {
              "type": "boolean"
            },
            "filter": {
              "$ref": "http://json-schema.org/draft-07/schema#"
            },
            "name": {
              "type": "string"
            },
            "predicate": {
              "type": "string",
              "enum": [
                "required",
                "preferred"
              ]
            }
          },
          "required": [
            "path",
            "filter",
            "predicate"
          ],
          "additionalProperties": false
        }
      ]
    },
    "input_descriptor": {
      "type": "object",
      "additionalProperties": false,
      "properties": {
        "id": {
          "type": "string"
        },
        "name": {
          "type": "string"
        },
        "purpose": {
          "type": "string"
        },
        "format": {
          "$ref": "https://identity.foundation/claim-format-registry/schemas/presentation-definition-claim-format-designations.json"
        },
        "group": {
          "type": "array",
          "items": {
            "type": "string"
          }
        },
        "constraints": {
          "type": "object",
          "additionalProperties": false,
          "properties": {
            "limit_disclosure": {
              "type": "string",
              "enum": [
                "required",
                "preferred"
              ]
            },
            "statuses": {
              "type": "object",
              "additionalProperties": false,
              "properties": {
                "active": {
                  "$ref": "#/definitions/status_directive"
                },
                "suspended": {
                  "$ref": "#/definitions/status_directive"
                },
                "revoked": {
                  "$ref": "#/definitions/status_directive"
                }
              }
            },
            "fields": {
              "type": "array",
              "items": {
                "$ref": "#/definitions/field"
              }
            },
            "subject_is_issuer": {
              "type": "string",
              "enum": [
                "required",
                "preferred"
              ]
            },
            "is_holder": {
              "type": "array",
              "items": {
                "type": "object",
                "additionalProperties": false,
                "properties": {
                  "field_id": {
                    "type": "array",
                    "items": {
                      "type": "string"
                    }
                  },
                  "directive": {
                    "type": "string",
                    "enum": [
                      "required",
                      "preferred"
                    ]
                  }
                },
                "required": [
                  "field_id",
                  "directive"
                ]
              }
            },
            "same_subject": {
              "type": "array",
              "items": {
                "type": "object",
                "additionalProperties": false,
                "properties": {
                  "field_id": {
                    "type": "array",
                    "items": {
                      "type": "string"
                    }
                  },
                  "directive": {
                    "type": "string",
                    "enum": [
                      "required",
                      "preferred"
                    ]
                  }
                },
                "required": [
                  "field_id",
                  "directive"
                ]
              }
            }
          }
        }
      },
      "required": [
        "id",
        "constraints"
      ]
    },
    "submission_requirement": {
      "type": "object",
      "oneOf": [
        {
          "properties": {
            "name": {
              "type": "string"
            },
            "purpose": {
              "type": "string"
            },
            "rule": {
              "type": "string",
              "enum": [
                "all",
                "pick"
              ]
            },
            "count": {
              "type": "integer",
              "minimum": 1
            },
            "min": {
              "type": "integer",
              "minimum": 0
            },
            "max": {
              "type": "integer",
              "minimum": 0
            },
            "from": {
              "type": "string"
            }
          },
          "required": [
            "rule",
            "from"
          ],
          "additionalProperties": false
        },
        {
          "properties": {
            "name": {
              "type": "string"
            },
            "purpose": {
              "type": "string"
            },
            "rule": {
              "type": "string",
              "enum": [
                "all",
                "pick"
              ]
            },
            "count": {
              "type": "integer",
              "minimum": 1
            },
            "min": {
              "type": "integer",
              "minimum": 0
            },
            "max": {
              "type": "integer",
              "minimum": 0
            },
            "from_nested": {
              "type": "array",
              "minItems": 1,
              "items": {
                "$ref": "#/definitions/submission_requirement"
              }
            }
          },
          "required": [
            "rule",
            "from_nested"
          ],
          "additionalProperties": false
        }
      ]
    },
    "presentation_definition": {
      "type": "object",
      "properties": {
        "id": {
          "type": "string"
        },
        "name": {
          "type": "string"
        },
        "purpose": {
          "type": "string"
        },
        "format": {
          "$ref": "https://identity.foundation/claim-format-registry/schemas/presentation-definition-claim-format-designations.json#"
        },
        "frame": {
          "type": "object",
          "additionalProperties": true
        },
        "submission_requirements": {
          "type": "array",
          "items": {
            "$ref": "#/definitions/submission_requirement"
          }
        },
        "input_descriptors": {
          "type": "array",
          "items": {
            "$ref": "#/definitions/input_descriptor"
          }
        }
      },
      "required": [
        "id",
        "input_descriptors"
      ],
      "additionalProperties": false
    }
  },
  "type": "object",
  "properties": {
    "presentation_definition": {
      "$ref": "#/definitions/presentation_definition"
    }
  }
}

§ Presentation Definition (plain object)

{
  "$schema": "http://json-schema.org/draft-07/schema#",
  "title": "Presentation Definition",
  "definitions": {
    "status_directive": {
      "type": "object",
      "additionalProperties": false,
      "properties": {
        "directive": {
          "type": "string",
          "enum": [
            "required",
            "allowed",
            "disallowed"
          ]
        },
        "type": {
          "type": "array",
          "minItems": 1,
          "items": {
            "type": "string"
          }
        }
      }
    },
    "field": {
      "type": "object",
      "oneOf": [
        {
          "properties": {
            "id": {
              "type": "string"
            },
            "optional": {
              "type": "boolean"
            },
            "path": {
              "type": "array",
              "items": {
                "type": "string"
              }
            },
            "purpose": {
              "type": "string"
            },
            "name": {
              "type": "string"
            },
            "intent_to_retain": {
              "type": "boolean"
            },
            "filter": {
              "$ref": "http://json-schema.org/draft-07/schema#"
            }
          },
          "required": [
            "path"
          ],
          "additionalProperties": false
        },
        {
          "properties": {
            "id": {
              "type": "string"
            },
            "optional": {
              "type": "boolean"
            },
            "path": {
              "type": "array",
              "items": {
                "type": "string"
              }
            },
            "purpose": {
              "type": "string"
            },
            "intent_to_retain": {
              "type": "boolean"
            },
            "filter": {
              "$ref": "http://json-schema.org/draft-07/schema#"
            },
            "name": {
              "type": "string"
            },
            "predicate": {
              "type": "string",
              "enum": [
                "required",
                "preferred"
              ]
            }
          },
          "required": [
            "path",
            "filter",
            "predicate"
          ],
          "additionalProperties": false
        }
      ]
    },
    "input_descriptor": {
      "type": "object",
      "additionalProperties": false,
      "properties": {
        "id": {
          "type": "string"
        },
        "name": {
          "type": "string"
        },
        "purpose": {
          "type": "string"
        },
        "format": {
          "$ref": "https://identity.foundation/claim-format-registry/schemas/presentation-definition-claim-format-designations.json"
        },
        "group": {
          "type": "array",
          "items": {
            "type": "string"
          }
        },
        "constraints": {
          "type": "object",
          "additionalProperties": false,
          "properties": {
            "limit_disclosure": {
              "type": "string",
              "enum": [
                "required",
                "preferred"
              ]
            },
            "statuses": {
              "type": "object",
              "additionalProperties": false,
              "properties": {
                "active": {
                  "$ref": "#/definitions/status_directive"
                },
                "suspended": {
                  "$ref": "#/definitions/status_directive"
                },
                "revoked": {
                  "$ref": "#/definitions/status_directive"
                }
              }
            },
            "fields": {
              "type": "array",
              "items": {
                "$ref": "#/definitions/field"
              }
            },
            "subject_is_issuer": {
              "type": "string",
              "enum": [
                "required",
                "preferred"
              ]
            },
            "is_holder": {
              "type": "array",
              "items": {
                "type": "object",
                "additionalProperties": false,
                "properties": {
                  "field_id": {
                    "type": "array",
                    "items": {
                      "type": "string"
                    }
                  },
                  "directive": {
                    "type": "string",
                    "enum": [
                      "required",
                      "preferred"
                    ]
                  }
                },
                "required": [
                  "field_id",
                  "directive"
                ]
              }
            },
            "same_subject": {
              "type": "array",
              "items": {
                "type": "object",
                "additionalProperties": false,
                "properties": {
                  "field_id": {
                    "type": "array",
                    "items": {
                      "type": "string"
                    }
                  },
                  "directive": {
                    "type": "string",
                    "enum": [
                      "required",
                      "preferred"
                    ]
                  }
                },
                "required": [
                  "field_id",
                  "directive"
                ]
              }
            }
          }
        }
      },
      "required": [
        "id",
        "constraints"
      ]
    },
    "submission_requirement": {
      "type": "object",
      "oneOf": [
        {
          "properties": {
            "name": {
              "type": "string"
            },
            "purpose": {
              "type": "string"
            },
            "rule": {
              "type": "string",
              "enum": [
                "all",
                "pick"
              ]
            },
            "count": {
              "type": "integer",
              "minimum": 1
            },
            "min": {
              "type": "integer",
              "minimum": 0
            },
            "max": {
              "type": "integer",
              "minimum": 0
            },
            "from": {
              "type": "string"
            }
          },
          "required": [
            "rule",
            "from"
          ],
          "additionalProperties": false
        },
        {
          "properties": {
            "name": {
              "type": "string"
            },
            "purpose": {
              "type": "string"
            },
            "rule": {
              "type": "string",
              "enum": [
                "all",
                "pick"
              ]
            },
            "count": {
              "type": "integer",
              "minimum": 1
            },
            "min": {
              "type": "integer",
              "minimum": 0
            },
            "max": {
              "type": "integer",
              "minimum": 0
            },
            "from_nested": {
              "type": "array",
              "minItems": 1,
              "items": {
                "$ref": "#/definitions/submission_requirement"
              }
            }
          },
          "required": [
            "rule",
            "from_nested"
          ],
          "additionalProperties": false
        }
      ]
    }
  },
  "type": "object",
  "properties": {
    "id": {
      "type": "string"
    },
    "name": {
      "type": "string"
    },
    "purpose": {
      "type": "string"
    },
    "format": {
      "$ref": "https://identity.foundation/claim-format-registry/schemas/presentation-definition-claim-format-designations.json"
    },
    "frame": {
      "type": "object",
      "additionalProperties": true
    },
    "submission_requirements": {
      "type": "array",
      "items": {
        "$ref": "#/definitions/submission_requirement"
      }
    },
    "input_descriptors": {
      "type": "array",
      "items": {
        "$ref": "#/definitions/input_descriptor"
      }
    }
  },
  "required": [
    "id",
    "input_descriptors"
  ],
  "additionalProperties": false
}

§ Input Descriptor

{
  "$schema": "http://json-schema.org/draft-07/schema#",
  "title": "Input Descriptor",
  "definitions": {
    "status_directive": {
      "type": "object",
      "additionalProperties": false,
      "properties": {
        "directive": {
          "type": "string",
          "enum": [
            "required",
            "allowed",
            "disallowed"
          ]
        },
        "type": {
          "type": "array",
          "minItems": 1,
          "items": {
            "type": "string"
          }
        }
      }
    },
    "field": {
      "type": "object",
      "oneOf": [
        {
          "properties": {
            "id": {
              "type": "string"
            },
            "optional": {
              "type": "boolean"
            },
            "path": {
              "type": "array",
              "items": {
                "type": "string"
              }
            },
            "purpose": {
              "type": "string"
            },
            "intent_to_retain": {
              "type": "boolean"
            },
            "name": {
              "type": "string"
            },
            "filter": {
              "$ref": "http://json-schema.org/draft-07/schema#"
            }
          },
          "required": [
            "path"
          ],
          "additionalProperties": false
        },
        {
          "properties": {
            "id": {
              "type": "string"
            },
            "optional": {
              "type": "boolean"
            },
            "path": {
              "type": "array",
              "items": {
                "type": "string"
              }
            },
            "purpose": {
              "type": "string"
            },
            "intent_to_retain": {
              "type": "boolean"
            },
            "filter": {
              "$ref": "http://json-schema.org/draft-07/schema#"
            },
            "name": {
              "type": "string"
            },
            "predicate": {
              "type": "string",
              "enum": [
                "required",
                "preferred"
              ]
            }
          },
          "required": [
            "path",
            "filter",
            "predicate"
          ],
          "additionalProperties": false
        }
      ]
    }
  },
  "type": "object",
  "additionalProperties": false,
  "properties": {
    "id": {
      "type": "string"
    },
    "name": {
      "type": "string"
    },
    "purpose": {
      "type": "string"
    },
    "group": {
      "type": "array",
      "items": {
        "type": "string"
      }
    },
    "constraints": {
      "type": "object",
      "additionalProperties": false,
      "properties": {
        "limit_disclosure": {
          "type": "string",
          "enum": [
            "required",
            "preferred"
          ]
        },
        "statuses": {
          "type": "object",
          "additionalProperties": false,
          "properties": {
            "active": {
              "$ref": "#/definitions/status_directive"
            },
            "suspended": {
              "$ref": "#/definitions/status_directive"
            },
            "revoked": {
              "$ref": "#/definitions/status_directive"
            }
          }
        },
        "fields": {
          "type": "array",
          "items": {
            "$ref": "#/definitions/field"
          }
        },
        "subject_is_issuer": {
          "type": "string",
          "enum": [
            "required",
            "preferred"
          ]
        },
        "is_holder": {
          "type": "array",
          "items": {
            "type": "object",
            "additionalProperties": false,
            "properties": {
              "field_id": {
                "type": "array",
                "items": {
                  "type": "string"
                }
              },
              "directive": {
                "type": "string",
                "enum": [
                  "required",
                  "preferred"
                ]
              }
            },
            "required": [
              "field_id",
              "directive"
            ]
          }
        },
        "same_subject": {
          "type": "array",
          "items": {
            "type": "object",
            "additionalProperties": false,
            "properties": {
              "field_id": {
                "type": "array",
                "items": {
                  "type": "string"
                }
              },
              "directive": {
                "type": "string",
                "enum": [
                  "required",
                  "preferred"
                ]
              }
            },
            "required": [
              "field_id",
              "directive"
            ]
          }
        }
      }
    }
  },
  "required": [
    "id"
  ]
}

§ Presentation Submission

{
  "$schema": "http://json-schema.org/draft-07/schema#",
  "title": "Presentation Submission",
  "type": "object",
  "properties": {
    "presentation_submission": {
      "type": "object",
      "properties": {
        "id": { "type": "string" },
        "definition_id": { "type": "string" },
        "descriptor_map": {
          "type": "array",
          "items": { "$ref": "#/definitions/descriptor" }
        }
      },
      "required": ["id", "definition_id", "descriptor_map"],
      "additionalProperties": false
    }
  },
  "definitions": {
    "descriptor": {
      "type": "object",
      "properties": {
        "id": { "type": "string" },
        "path": { "type": "string" },
        "path_nested": {
          "type": "object",
          "$ref": "#/definitions/descriptor"
        },
        "format": {
          "$ref": "https://identity.foundation/claim-format-registry/schemas/presentation-submission-claim-format-designations.json#/definitions/format"
        }
      },
      "required": ["id", "path", "format"],
      "additionalProperties": false
    }
  },
  "required": ["presentation_submission"],
  "additionalProperties": false
}

§ Submission Requirement

{
  "$schema": "http://json-schema.org/draft-07/schema#",
  "title": "Presentation Submission Requirement",
  "definitions": {
    "submission_requirement": {
      "type": "object",
      "oneOf": [
        {
          "properties": {
            "name": { "type": "string" },
            "purpose": { "type": "string" },
            "rule": {
              "type": "string",
              "enum": ["all", "pick"]
            },
            "count": { "type": "integer", "minimum": 1 },
            "min": { "type": "integer", "minimum": 0 },
            "max": { "type": "integer", "minimum": 0 },
            "from": { "type": "string" }
          },
          "required": ["rule", "from"],
          "additionalProperties": false
        },
        {
          "properties": {
            "name": { "type": "string" },
            "purpose": { "type": "string" },
            "rule": {
              "type": "string",
              "enum": ["all", "pick"]
            },
            "count": { "type": "integer", "minimum": 1 },
            "min": { "type": "integer", "minimum": 0 },
            "max": { "type": "integer", "minimum": 0 },
            "from_nested": {
              "type": "array",
              "minItems": 1,
              "items": {
                "$ref": "#/definitions/submission_requirement"
              }
            }
          },
          "required": ["rule", "from_nested"],
          "additionalProperties": false
        }
      ]
    }
  },
  "$ref": "#/definitions/submission_requirement"
}

§ Submission Requirements

{
  "$schema": "http://json-schema.org/draft-07/schema#",
  "title": "Submission Requirements",
  "definitions": {
    "submission_requirements": {
      "type": "object",
      "oneOf": [
        {
          "properties": {
            "name": {
              "type": "string"
            },
            "purpose": {
              "type": "string"
            },
            "rule": {
              "type": "string",
              "enum": [
                "all",
                "pick"
              ]
            },
            "count": {
              "type": "integer",
              "minimum": 1
            },
            "min": {
              "type": "integer",
              "minimum": 0
            },
            "max": {
              "type": "integer",
              "minimum": 0
            },
            "from": {
              "type": "string"
            }
          },
          "required": [
            "rule",
            "from"
          ],
          "additionalProperties": false
        },
        {
          "properties": {
            "name": {
              "type": "string"
            },
            "purpose": {
              "type": "string"
            },
            "rule": {
              "type": "string",
              "enum": [
                "all",
                "pick"
              ]
            },
            "count": {
              "type": "integer",
              "minimum": 1
            },
            "min": {
              "type": "integer",
              "minimum": 0
            },
            "max": {
              "type": "integer",
              "minimum": 0
            },
            "from_nested": {
              "type": "array",
              "minItems": 1,
              "items": {
                "$ref": "#/definitions/submission_requirements"
              }
            }
          },
          "required": [
            "rule",
            "from_nested"
          ],
          "additionalProperties": false
        }
      ]
    }
  },
  "type": "object",
  "properties": {
    "submission_requirements": {
      "type": "array",
      "items": {
        "$ref": "#/definitions/submission_requirements"
      }
    }
  },
  "required": [
    "submission_requirements"
  ],
  "additionalProperties": false
}

§ Format Declaration

Defined in the Claim Format Registry

§ JSONPath Syntax Definition

The Presentation Exchange specification adopts and defines the following syntax from the JSONPath object query language, which implementers **MUST** support for evaluation of the portions of the Presentation Exchange specification that call for JSONPath expression execution.

JSONPath Description
$ The root object/element
@ The current object/element
. Child member operator
.. Recursive descendant operator; JSONPath borrows this syntax from E4X
* Wildcard matching all objects/elements regardless their names
[] Subscript operator
[,] Union operator for alternate names or array indices as a set
[start:end:step] Array slice operator borrowed from ES4 / Python
?() Applies a filter (script) expression via static evaluation (see Security Considerations)
() Script expression via static evaluation (see Security Considerations)

Example JSON Object

{
  "store": {
    "book": [
      {
        "category": "reference",
        "author": "Nigel Rees",
        "title": "Sayings of the Century",
        "price": 8.95
      }, {
        "category": "fiction",
        "author": "Evelyn Waugh",
        "title": "Sword of Honour",
        "price": 12.99
      }, {
        "category": "fiction",
        "author": "Herman Melville",
        "title": "Moby Dick",
        "isbn": "0-553-21311-3",
        "price": 8.99
      }, {
        "category": "fiction",
        "author": "J. R. R. Tolkien",
        "title": "The Lord of the Rings",
        "isbn": "0-395-19395-8",
        "price": 22.99
      }
    ],
    "bicycle": {
      "color": "red",
      "price": 19.95
    }
  }
}

Example JSONPath Expressions

JSONPath Description
$.store.book[*].author The authors of all books in the store
$..author All authors
$.store.* All things in store, which are some books and a red bicycle
$.store..price The price of everything in the store
$..book[2] The third book
$..book[(@.length-1)] The last book via script subscript (see Security Considerations)
$..book[-1:] The last book via slice
$..book[0,1] The first two books via subscript union
$..book[:2] The first two books via subscript array slice
$..book[?(@.isbn)] Filter all books with isbn number (see Security Considerations)
$..book[?(@.price<10)] Filter all books cheaper than 10 (see Security Considerations)
$..book[?(@.price==8.95)] Filter all books that cost 8.95 (see Security Considerations)
$..book[?(@.price<30 && @.category=="fiction")] Filter all fiction books cheaper than 30
$..* All members of JSON structure

§ Normative References

OIDC
Open ID Connect. Jones, M., Bradley, J., and N. Sakimura. Status: Approved Specification
Linked Data Proof
Data Integrity 1.0. Dave Longley, Manu Sporny. 2022-03. Status: Draft Community Group Report.
JSON Schema
JSON Schema Draft-07. OpenJS Foundation. 2018-03-19. Status: Internet-Draft.

RFC7518
JSON Web Algorithms (JWA). M. Jones; 2015-05. Status: Proposed Standard.
RFC7519
JSON Web Token (JWT). M. Jones; J. Bradley; N. Sakimura; 2015-05. Status: Proposed Standard.
RFC7797
JSON Web Signature (JWS) Unencoded Payload Option. M. Jones; 2016-02. Status: Proposed Standard.
VC-DATA-MODEL
Verifiable Credentials Data Model 1.0. Manu Sporny; Grant Noble; Dave Longley; Daniel Burnett; Brent Zundel; 2019-11-19. Status: REC.

§ Informative References

CHAPI
W3C Credential Handler API 1.0. Dave Longley, Manu Sporny. 2020-2-19. Status: Draft Community Group Report.
DIDComm
DIF DIDComm Messaging. Daniel Hardman, Sam Curren. Status: Working Group Draft.

§ Appendix

§ Security Considerations

JSONPath and JSON schemas are used in this specification. Both allow the use of Regular Expressions, and JSONPath additionally allows the use of function extensions. Both introduce important security risks, which implementors should mitigate.

§ Regular Expression Security Considerations

A general best practice, which this specification emphasizes, is that implementations should protect against the potential security threats caused by accepting arbitrary Regular Expressions, including those resulting in denial-of-service attacks through expensive-to-compute expressions. Specifically, the Presentation Definition and Presentation Submission should be treated as input from untrusted sources.

§ JSONPath-specific Considerations

This specification uses JSONPath in 2 locations: Presentation Definition Input Descriptors, defining where data is to be found, and Presentation Submission Descriptor Map, defining how submitted Claims map to the Presentation Definition.

Implementors should follow precautions related to regular expressions in JSONPath and additionl precautions related to JSONPath’s support of function extensions.

§ Function Extension Security Considerations

Further, implementors should guard against risks introduced by JSONPath’s support of function extensions. This includes function extensions accepting regular expression parameters (e.g., search and match), and more generally, any function extension that may be vulnerable to exploits on receiving arbitrary input.

The JSONPath IETF document provides more details on the security considerations described here.

§ Recommendations and Alternatives

This specification recommends avoiding use of JSONPath’s regular expression and function extension features if other approaches can achieve the same goal. This describes reasons implementors consider using these features and alternatives.

While these features may enable Input Descriptor flexibility, they can result in complex, sometimes opaque, matching logic. Because Relying Parties typically know the type of credentials and claims they want to receive, it’s recommended to use a direct alternative.

On the Presentation Submission side, JSONPath filtering features can typically be avoided in favor of correlating input descriptor field ids in the descriptor_map with exact paths to the Verifiable Credentials or claims.

If use is necessary, implementations should use proper security and execution time guards, e.g., through sandboxed execution with a timeout.

§ JSON Schema-specific Considerations

§ Attack Vectors on JSON Schema

JSON Schema allows the use of Regular Expressions, to which the security considerations mentioned above apply.

Further, implementations that support validating or evaluating instance string data based on “contentEncoding” and/or “contentMediaType” are at risk of evaluating data in an unsafe way based on misleading information. Applications can mitigate this risk by only performing such processing when a relationship between the schema and instance is established (e.g., they share the same authority).

§ Recommendations and Alternatives

Not using Regular Expressions mainly applies to the pattern property of the filter. This specification recommends using other means, such as const, format, and enum to filter values.

§ What is new

The summary and details below highlight the differences between V1 and V2 of this specification.

Summary of changes:

  • Introduction of Features.
  • Introduction of Status Constraint.
  • Introduction of Retention.
  • Introduction of JSON-LD Framing.
  • Introduction of an optional property for the fields object.
  • Introduction of an optional name property for the Input Descriptor Objects.
  • Removal of schema property from Input Descriptor Objects.
  • Input Descriptor format was moved to an external registry and can be restrained.
  • Input Descriptor constraint property has been made mandatory.
  • More concise language for consumers and producers.

§ Features

Features enable Verifiers to express, and Holders to support, extended functionality (relative to the base objects) by defining one or more properties on one or more objects. Features themselves are optional, but they can express mandatory properties and objects. The spec has been rearranged and several Features are introduced like for instance the Predicate, Relational Constraint, Credential Status Constraint In the previous versions most of these Features were part of the spec that any Conformant Producer or Conformant Consumer had to implement.

§ Status Constraint Feature

The Status Constraint Feature allows to put active, revoked or expired constraint on the statuses of Verifiable Credentials. The type property allows status objects to express which credential status types from the VC Data Model are supported.

§ Retention Feature

The Retention feature indicates whether the Verifier intents to retain the Claim’s data being requested.

§ JSON-LD Framing Feature

The Presentation Definition now may contain a frame property which must be a JSON LD Framing Document object to allow for selective disclosure using frames.

§ Introduction of an optional name property to the input descriptor object

An Input Descriptor Object may now contain an name property, indicating a human readable representation of the target.

§ Introduction of an optional property for the fields object

The fields object of an Input Descriptor Object may now contain an optional property, indicating optionality of the field.

§ Removal of schema property from Input Descriptor Objects

Previously an Input Descriptor Object had a schema property that contained an array of URIs for Claim schema’s. It introduced ambiguity and was the source of confusion. It has been replaced with a fields property in the constraints object of the Input Descriptor Object, allowing for a more expressive approach to restrict to certain types for instance. As a result, the support for hashlinks has also been removed from the specification, as these could be used as URIs in the schema property previously.

§ Input Descriptor Format was moved to an external registry and can be restrained

Previously the Verifiable Credential and Verifiable Presentation formats, like jwt, jwt_vp, ldp_vc were listed in the specification. They have been moved to an external registry to allow for future extension without the need to update the specification. See Claim Format Designations for more information. Also the Input Descriptor Object now may contain a format property, next to the toplevel format property, to constrain a submission of a single object to a subset of formats.

§ The Input Descriptor constraint property has been made mandatory

The Input Descriptor Object now must contain a constraints property, where it was optional before. Given other optional fields, omission of the constraints property could potentially lead to an Input Descriptor Object that didn’t express anything actionable anymore.

§ More concise language for consumers and producers

Language around consumers and producers of Presentation Definition and Presentation Submission objects has been made more concise to prevent confusion.

§ name and description properties added to the spec.

§ Embed Target Examples

§ Presentation Submissions

EXAMPLE
{
  "@context": [
    "https://www.w3.org/2018/credentials/v1",
    "https://identity.foundation/presentation-exchange/submission/v1"
  ],
  "type": [
    "VerifiablePresentation",
    "PresentationSubmission"
  ],
  "presentation_submission": {
    "id": "a30e3b91-fb77-4d22-95fa-871689c322e2",
    "definition_id": "32f54163-7166-48f1-93d8-ff217bdb0653",
    "descriptor_map": [
      {
        "id": "banking_input_2",
        "format": "jwt_vc",
        "path": "$.verifiableCredential[0]"
      },
      {
        "id": "employment_input",
        "format": "ldp_vc",
        "path": "$.verifiableCredential[1]"
      },
      {
        "id": "citizenship_input_1",
        "format": "ldp_vc",
        "path": "$.verifiableCredential[2]"
      }
    ]
  },
  "verifiableCredential": [
    {
      "comment": "IN REALWORLD VPs, THIS WILL BE A BIG UGLY OBJECT INSTEAD OF THE DECODED JWT PAYLOAD THAT FOLLOWS",
      "vc": {
        "@context": "https://www.w3.org/2018/credentials/v1",
        "id": "https://eu.com/claims/DriversLicense",
        "type": ["EUDriversLicense"],
        "issuer": "did:example:123",
        "issuanceDate": "2010-01-01T19:73:24Z",
        "credentialSubject": {
          "id": "did:example:ebfeb1f712ebc6f1c276e12ec21",
          "accounts": [
            {
              "id": "1234567890",
              "route": "DE-9876543210"
            },
            {
              "id": "2457913570",
              "route": "DE-0753197542"
            }
          ]
        }
      }
    },
    {
      "@context": "https://www.w3.org/2018/credentials/v1",
      "id": "https://business-standards.org/schemas/employment-history.json",
      "type": ["VerifiableCredential", "GenericEmploymentCredential"],
      "issuer": "did:foo:123",
      "issuanceDate": "2010-01-01T19:73:24Z",
      "credentialSubject": {
        "id": "did:example:ebfeb1f712ebc6f1c276e12ec21",
        "active": true
      },
      "proof": {
        "type": "EcdsaSecp256k1VerificationKey2019",
        "created": "2017-06-18T21:19:10Z",
        "proofPurpose": "assertionMethod",
        "verificationMethod": "https://example.edu/issuers/keys/1",
        "jws": "..."
      }
    },
    {
      "@context": "https://www.w3.org/2018/credentials/v1",
      "id": "https://eu.com/claims/DriversLicense",
      "type": ["EUDriversLicense"],
      "issuer": "did:foo:123",
      "issuanceDate": "2010-01-01T19:73:24Z",
      "credentialSubject": {
        "id": "did:example:ebfeb1f712ebc6f1c276e12ec21",
        "license": {
          "number": "34DGE352",
          "dob": "07/13/80"
        }
      },
      "proof": {
        "type": "RsaSignature2018",
        "created": "2017-06-18T21:19:10Z",
        "proofPurpose": "assertionMethod",
        "verificationMethod": "https://example.edu/issuers/keys/1",
        "jws": "..."
      }
    }
  ],
  "proof": {
    "type": "RsaSignature2018",
    "created": "2018-09-14T21:19:10Z",
    "proofPurpose": "authentication",
    "verificationMethod": "did:example:ebfeb1f712ebc6f1c276e12ec21#keys-1",
    "challenge": "1f44d55f-f161-4938-a659-f8026467f126",
    "domain": "4jt78h47fh47",
    "jws": "..."
  }
}

EXAMPLE
{
  "iss": "https://self-issued.me",
  "sub": "248289761001",
  "preferred_username": "superman445",
  "presentation_submission": {
    "id": "a30e3b91-fb77-4d22-95fa-871689c322e2",
    "definition_id": "32f54163-7166-48f1-93d8-ff217bdb0653",
    "descriptor_map": [
      {
        "id": "banking_input_2",
        "format": "jwt",
        "path": "$._claim_sources.banking_input_2.JWT"
      },
      {
        "id": "employment_input",
        "format": "jwt_vc",
        "path": "$._claim_sources.employment_input.VC_JWT"
      },
      {
        "id": "citizenship_input_1",
        "format": "ldp_vc",
        "path": "$._claim_sources.citizenship_input_1.VC"
      }
    ]
  },
  "_claim_names": {
    "verified_claims": [
      "banking_input_2",
      "employment_input",
      "citizenship_input_1"
    ]
  },
  "_claim_sources": {
    "banking_input_2": {
      "JWT": "eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJodHRwczovL3NlcnZlci5vdGhlcm9wLmNvbSIsInN1YiI6ImU4MTQ4NjAzLTg5MzQtNDI0NS04MjViLWMxMDhiOGI2Yjk0NSIsInZlcmlmaWVkX2NsYWltcyI6eyJ2ZXJpZmljYXRpb24iOnsidHJ1c3RfZnJhbWV3b3JrIjoiaWFsX2V4YW1wbGVfZ29sZCJ9LCJjbGFpbXMiOnsiZ2l2ZW5fbmFtZSI6Ik1heCIsImZhbWlseV9uYW1lIjoiTWVpZXIiLCJiaXJ0aGRhdGUiOiIxOTU2LTAxLTI4In19fQ.FArlPUtUVn95HCExePlWJQ6ctVfVpQyeSbe3xkH9MH1QJjnk5GVbBW0qe1b7R3lE-8iVv__0mhRTUI5lcFhLjoGjDS8zgWSarVsEEjwBK7WD3r9cEw6ZAhfEkhHL9eqAaED2rhhDbHD5dZWXkJCuXIcn65g6rryiBanxlXK0ZmcK4fD9HV9MFduk0LRG_p4yocMaFvVkqawat5NV9QQ3ij7UBr3G7A4FojcKEkoJKScdGoozir8m5XD83Sn45_79nCcgWSnCX2QTukL8NywIItu_K48cjHiAGXXSzydDm_ccGCe0sY-Ai2-iFFuQo2PtfuK2SqPPmAZJxEFrFoLY4g"
    },
    "employment_input": {
      "VC": {
        "@context": "https://www.w3.org/2018/credentials/v1",
        "id": "https://business-standards.org/schemas/employment-history.json",
        "type": ["VerifiableCredential", "GenericEmploymentCredential"],
        "issuer": "did:foo:123",
        "issuanceDate": "2010-01-01T19:73:24Z",
        "credentialSubject": {
          "id": "did:example:ebfeb1f712ebc6f1c276e12ec21",
          "active": true
        },
        "proof": {
          "type": "EcdsaSecp256k1VerificationKey2019",
          "created": "2017-06-18T21:19:10Z",
          "proofPurpose": "assertionMethod",
          "verificationMethod": "https://example.edu/issuers/keys/1",
          "jws": "..."
        }
      }
    },
    "citizenship_input_1": {
      "VC": {
        "@context": "https://www.w3.org/2018/credentials/v1",
        "id": "https://eu.com/claims/DriversLicense",
        "type": ["EUDriversLicense"],
        "issuer": "did:foo:123",
        "issuanceDate": "2010-01-01T19:73:24Z",
        "credentialSubject": {
          "id": "did:example:ebfeb1f712ebc6f1c276e12ec21",
          "license": {
            "number": "34DGE352",
            "dob": "07/13/80"
          }
        },
        "proof": {
          "type": "EcdsaSecp256k1VerificationKey2019",
          "created": "2017-06-18T21:19:10Z",
          "proofPurpose": "assertionMethod",
          "verificationMethod": "https://example.edu/issuers/keys/1",
          "jws": "..."
        }
      }
    }
  }
}

EXAMPLE
{
    "type": "web",
    "dataType": "VerifiablePresentation",
    "data": {
      "comment": "Presentation Submission goes here"
    }
  }
  
EXAMPLE
{
    "@type": "https://didcomm.org/present-proof/%VER/presentation",
    "@id": "f1ca8245-ab2d-4d9c-8d7d-94bf310314ef",
    "comment": "some comment",
    "formats" : [{
        "attach_id" : "2a3f1c4c-623c-44e6-b159-179048c51260",
        "format" : "dif/presentation-exchange/[email protected]"
    }],
    "presentations~attach": [{
        "@id": "2a3f1c4c-623c-44e6-b159-179048c51260",
        "mime-type": "application/ld+json",
        "data": {
            "json": {
              "comment": "Presentation Submission goes here"
            }
        }
    }]
}
EXAMPLE
eyJhbGciOiJFZERTQSIsImtpZCI6ImRpZDprZXk6ejZNa2diZldhYloxeHFkVlNCQ1hzYU1UYkw4YXVwWjl0N2VWcHRLa1hncnA0bVE3IiwidHlwIjoiSldUIn0.eyJpYXQiOjE2NzM1ODUxMDEsImlzcyI6ImRpZDprZXk6ejZNa2diZldhYloxeHFkVlNCQ1hzYU1UYkw4YXVwWjl0N2VWcHRLa1hncnA0bVE3IiwidnAiOnsiQGNvbnRleHQiOlsiaHR0cHM6Ly93d3cudzMub3JnLzIwMTgvY3JlZGVudGlhbHMvdjEiXSwiaG9sZGVyIjoiZGlkOmtleTp6Nk1rZ2JmV2FiWjF4cWRWU0JDWHNhTVRiTDhhdXBaOXQ3ZVZwdEtrWGdycDRtUTciLCJwcmVzZW50YXRpb25fc3VibWlzc2lvbiI6eyJkZWZpbml0aW9uX2lkIjoiNjQ0MjIyODktMTJkZS00OWI5LWJiZjAtMDA1YmM2MTBjMmFkIiwiZGVzY3JpcHRvcl9tYXAiOlt7ImZvcm1hdCI6Imp3dF92cCIsImlkIjoid2FfZHJpdmVyX2xpY2Vuc2UiLCJwYXRoIjoiJC52ZXJpZmlhYmxlQ3JlZGVudGlhbFswXSJ9XSwiaWQiOiIwZjI4YjM3Mi03MmQ1LTQ5M2UtYmM4Ni1iMGY3MWJhMGI4N2IifSwidHlwZSI6WyJWZXJpZmlhYmxlUHJlc2VudGF0aW9uIl0sInZlcmlmaWFibGVDcmVkZW50aWFsIjpbImV5SmhiR2NpT2lKRlpFUlRRU0lzSW10cFpDSTZJbVJwWkRwclpYazZlalpOYTIxWU1YWTRUakUyV0VkblNsVkZRakp4WW1GWFdUWjFTMU51YzJORWNrZGtjMDF4ZUdaVlp6TnJSbkIwSWl3aWRIbHdJam9pU2xkVUluMC5leUpsZUhBaU9qSTFPREF4TXpBd09EQXNJbWx6Y3lJNkltUnBaRHByWlhrNmVqWk5hMjFZTVhZNFRqRTJXRWRuU2xWRlFqSnhZbUZYV1RaMVMxTnVjMk5FY2tka2MwMXhlR1pWWnpOclJuQjBJaXdpYW5ScElqb2lNelJpTVdJME5XVXRZbUkyWXkwMFpUVTRMV0kyTnpVdE1qa3pPRE5qT0RJNE1qazBJaXdpYm1KbUlqb3hOamN6TlRnMU1UQXhMQ0p6ZFdJaU9pSmthV1E2YTJWNU9ubzJUV3RuWW1aWFlXSmFNWGh4WkZaVFFrTlljMkZOVkdKTU9HRjFjRm81ZERkbFZuQjBTMnRZWjNKd05HMVJOeUlzSW5aaklqcDdJa0JqYjI1MFpYaDBJanBiSW1oMGRIQnpPaTh2ZDNkM0xuY3pMbTl5Wnk4eU1ERTRMMk55WldSbGJuUnBZV3h6TDNZeElsMHNJbWxrSWpvaU16UmlNV0kwTldVdFltSTJZeTAwWlRVNExXSTJOelV0TWprek9ETmpPREk0TWprMElpd2lkSGx3WlNJNld5SldaWEpwWm1saFlteGxRM0psWkdWdWRHbGhiQ0pkTENKcGMzTjFaWElpT2lKa2FXUTZhMlY1T25vMlRXdHRXREYyT0U0eE5saEhaMHBWUlVJeWNXSmhWMWsyZFV0VGJuTmpSSEpIWkhOTmNYaG1WV2N6YTBad2RDSXNJbWx6YzNWaGJtTmxSR0YwWlNJNklqSXdNak10TURFdE1UTlVNRFE2TkRVNk1ERmFJaXdpWlhod2FYSmhkR2x2YmtSaGRHVWlPaUl5TURVeExURXdMVEExVkRFME9qUTRPakF3TGpBd01Gb2lMQ0pqY21Wa1pXNTBhV0ZzVTNWaWFtVmpkQ0k2ZXlKaFpHUnBkR2x2Ym1Gc1RtRnRaU0k2SWsxamJHOTJhVzRpTENKa1lYUmxUMlpDYVhKMGFDSTZJakU1T0RjdE1ERXRNRElpTENKbVlXMXBiSGxPWVcxbElqb2lRVzVrY21Weklpd2laMmwyWlc1T1lXMWxJam9pVlhKcFltVWlMQ0pwWkNJNkltUnBaRHByWlhrNmVqWk5hMmRpWmxkaFlsb3hlSEZrVmxOQ1ExaHpZVTFVWWt3NFlYVndXamwwTjJWV2NIUkxhMWhuY25BMGJWRTNJbjE5ZlEuZ3NTdjFnbFo4cHVhT21JaWQ5X2EtaUdTOXB6bkdZSTlCRlVxSUpPcEstRXA5SDdLRkI1RmZ5S2FDTFF5bWtseEp3cXYzRnRyOGF4bmotVVBuT3pqQ2ciXX19.zvvz2_CkCGPdXCN9oTGhMEuv--ezv31bDHT6_zt1MXB4E0wBZjIlxODqdVZP8BhTC1lXrzgltyQsro_7odTcDg
EXAMPLE
{
  "iat": 1673585101,
  "iss": "did:key:z6MkgbfWabZ1xqdVSBCXsaMTbL8aupZ9t7eVptKkXgrp4mQ7",
  "vp": {
    "@context": [
      "https://www.w3.org/2018/credentials/v1"
    ],
    "holder": "did:key:z6MkgbfWabZ1xqdVSBCXsaMTbL8aupZ9t7eVptKkXgrp4mQ7",
    "presentation_submission": {
      "definition_id": "64422289-12de-49b9-bbf0-005bc610c2ad",
      "descriptor_map": [
        {
          "format": "jwt_vp",
          "id": "wa_driver_license",
          "path": "$.verifiableCredential[0]"
        }
      ],
      "id": "0f28b372-72d5-493e-bc86-b0f71ba0b87b"
    },
    "type": [
      "VerifiablePresentation"
    ],
    "verifiableCredential": [
      "eyJhbGciOiJFZERTQSIsImtpZCI6ImRpZDprZXk6ejZNa21YMXY4TjE2WEdnSlVFQjJxYmFXWTZ1S1Nuc2NEckdkc01xeGZVZzNrRnB0IiwidHlwIjoiSldUIn0.eyJleHAiOjI1ODAxMzAwODAsImlzcyI6ImRpZDprZXk6ejZNa21YMXY4TjE2WEdnSlVFQjJxYmFXWTZ1S1Nuc2NEckdkc01xeGZVZzNrRnB0IiwianRpIjoiMzRiMWI0NWUtYmI2Yy00ZTU4LWI2NzUtMjkzODNjODI4Mjk0IiwibmJmIjoxNjczNTg1MTAxLCJzdWIiOiJkaWQ6a2V5Ono2TWtnYmZXYWJaMXhxZFZTQkNYc2FNVGJMOGF1cFo5dDdlVnB0S2tYZ3JwNG1RNyIsInZjIjp7IkBjb250ZXh0IjpbImh0dHBzOi8vd3d3LnczLm9yZy8yMDE4L2NyZWRlbnRpYWxzL3YxIl0sImlkIjoiMzRiMWI0NWUtYmI2Yy00ZTU4LWI2NzUtMjkzODNjODI4Mjk0IiwidHlwZSI6WyJWZXJpZmlhYmxlQ3JlZGVudGlhbCJdLCJpc3N1ZXIiOiJkaWQ6a2V5Ono2TWttWDF2OE4xNlhHZ0pVRUIycWJhV1k2dUtTbnNjRHJHZHNNcXhmVWcza0ZwdCIsImlzc3VhbmNlRGF0ZSI6IjIwMjMtMDEtMTNUMDQ6NDU6MDFaIiwiZXhwaXJhdGlvbkRhdGUiOiIyMDUxLTEwLTA1VDE0OjQ4OjAwLjAwMFoiLCJjcmVkZW50aWFsU3ViamVjdCI6eyJhZGRpdGlvbmFsTmFtZSI6Ik1jbG92aW4iLCJkYXRlT2ZCaXJ0aCI6IjE5ODctMDEtMDIiLCJmYW1pbHlOYW1lIjoiQW5kcmVzIiwiZ2l2ZW5OYW1lIjoiVXJpYmUiLCJpZCI6ImRpZDprZXk6ejZNa2diZldhYloxeHFkVlNCQ1hzYU1UYkw4YXVwWjl0N2VWcHRLa1hncnA0bVE3In19fQ.gsSv1glZ8puaOmIid9_a-iGS9pznGYI9BFUqIJOpK-Ep9H7KFB5FfyKaCLQymklxJwqv3Ftr8axnj-UPnOzjCg"
    ]
  }
}

§ IANA Considerations

§ JSON Web Token Claims Registration

This specification registers the Claims in section Registry Contents in the IANA JSON Web Token Claims registry defined in RFC 751 JSON Web Token (JWT).

§ Registry Contents
Presentation Definition Values
Claim Name: presentation_definition
Claim Description: Presentation Definition
Change Controller: DIF Claims & Credentials - Working Group - https://github.com/decentralized-identity/claims-credentials/blob/main/CODEOWNERS
Specification Document(s): Section 5 of this document
Presentation Submission Values
-------------------------- ----------------------------------------------------------------------------------------------------------------------------
Claim Name: presentation_submission
Claim Description: Presentation Submission
Change Controller: DIF Claims & Credentials - Working Group - https://github.com/decentralized-identity/claims-credentials/blob/main/CODEOWNERS
Specification Document(s): Section 6 of this document
Table of Contents