§ Presentation Exchange v1.0.0

Specification Status: DIF Ratified Specification

Latest Draft: identity.foundation/presentation-exchange

Editors:

Daniel Buchner (Microsoft)

Brent Zundel (Evernym)

Martin Riedel (Consensys Mesh)

Contributors:

Daniel McGrogan (Workday)

Gabe Cohen (Workday)

Orie Steele (Transmute)

Wayne Chang (Spruce)

Participate:

GitHub repo

File a bug

Commit history

§ Abstract

A common activity between peers in identity systems that feature the ability to generate self-asserted and third-party issued Claims is the demand and submission of proofs from a Holder to a Verifier. This flow implicitly requires the Holder and Verifier have a mechanism to facilitate the two primary steps in a proving exchange: a way for Verifiers to describe proof requirements, and for Holders to describe submissions of proof which align with those requirements.

To address these needs, this Presentation Exchange specification codifies a Presentation Definition data format Verifiers can use to articulate proof requirements, and a Presentation Submission data format Holders can use to describe proofs submitted in accordance with them.

This specification is designed to be both Claim format and transport envelope agnostic, meaning an implementer can use JSON Web Tokens (JWTs), Verifiable Credentials (VCs), JWT-VCs, or any other Claim format, and convey them via Open ID Connect, DIDComm, Credential Handler API, or any other transport envelope. The goal of this flexible format- and transport-agnostic mechanism is to nullify the redundant handling, code, and hassle involved in presenting and satisfying logical requirements across formats and transport envelopes.

This specification does not define transport protocols, specific endpoints, or other means for conveying the formatted objects it codifies, but encourages other specifications and projects that do define such mechanisms to utilize these data formats within their flows.

§ Status of This Document

Presentation Exchange v1.0 is a DIF Ratified specification that has been developed within the Decentralized Identity Foundation (DIF). It incorporates requirements and learnings from related work of many active industry players into a shared specification that meets the collective needs of the community.

§ Terminology

Claim

An assertion made about a Subject. Used as an umbrella term for Credential, Assertion, Attestation, etc.

Decentralized Identifiers

Unique ID URI string and PKI metadata document format for describing the cryptographic keys and other fundamental PKI values linked to a unique, user-controlled, self-sovereign identifier in a target system (i.e. blockchain, distributed ledger).

Embed Locations

Embed Locations are the specific paths and indexes per Embed Target where the Verifier can expect to find the Presentation. See Embed Locations.

Embed Target

Embed Targets are data formats used in messaging protocols that may be used to transport a Presentation Submission. See Embed Targets.

Holder

Holders are entities that submit proofs to Verifiers to satisfy the requirements described in a Presentation Definition.

Holder Binding

Holder Bindings are requirements of a certain type of relationship between the Holder and the Claims within the Presentation. See Holder Binding.

Identity Hub

Some examples refer to an unfamiliar query protocol, hub:// , as a way of storing and querying schemata and other resources. While orthogonal to this specification and not yet on a standards track, the concept of “identity hubs” proposes an architecture that may be of interest or utility to implementers of this specification. For more information, see the pre-draft specification hosted at the decentralized identity foundation here

Input Descriptor

Input Descriptors are used by a Verifier to describe the information required of a Holder before an interaction can proceed. See Input Descriptor.

Input Descriptor Object

Input Descriptors Objects are populated with properties describing what type of input data/Claim, or sub-fields thereof, are required for submission to the Verifier. See Input Descriptor Object.

Link Secrets

Link Secrets are values held by the Holder but hidden from other parties. They are typically incorporated into cryptographic signatures used in claims to demonstrate correlation while preventing replay attacks. An Issuer may ascertain that a Holder possesses a link secret without its disclosure. See Link Secrets.

Presentation Definition

Presentation Definitions are objects that articulate what proofs a Verifier requires. These help the Verifier to decide how or whether to interact with a Holder. Presentation Definitions are composed of inputs, which describe the forms and details of the proofs they require, and optional sets of selection rules, to allow Holders flexibility in cases where many different types of proofs may satisfy an input requirement. See Presentation Definition.

Presentation Request

Presentation Requests are transport mechanisms for Presentation. Presentation Requests can take multiple shapes, using a variety of protocols and signature schemes not refined in this specification. They are sent by a Verifier to a Holder. Defining Presentation Requests is outside the scope of this specification. See Presentation Request.

Presentation Submission

Presentation Submissions are objects embedded within target claim negotiation formats that unify the presentation of proofs to a Verifier in accordance with the requirements a Verifier specified in a Presentation Definition. See Presentation Submission.

Subject

Subjects are the entities about which [[r:Claims]] are made. The Subject may not be the same entity as the Holder

Submission Requirement

Submission Requirements are objects that define what combinations of inputs must be submitted to comply with the requirements a Verifier has for proceeding in a flow (e.g. credential issuance, allowing entry, accepting an application). See Submission Requirements.

Submission Requirement Object

Submission Requirement Objects describe valid combinations of inputs in a Presentation Submission. See Submission Requirement Objects.

Submission Requirement Rule

Submission Requirement Rules describe combinatorical rules within a Submission Requirement Object when processing inputs. They may be nested. See Submission Requirement Rules.

Verifier

Verifiers are entities that define what proofs they require from a Holder (via a Presentation Definition) in order to proceed with an interaction.

§ Presentation Definition

Presentation Definitions are objects that articulate what proofs a Verifier requires. These help the Verifier to decide how or whether to interact with a Holder. Presentation Definitions are composed of inputs, which describe the forms and details of the proofs they require, and optional sets of selection rules, to allow Holders flexibility in cases where different types of proofs may satisfy an input requirement.

{
  "comment": "Note: VP, OIDC, DIDComm, or CHAPI outer wrapper would be here.",
  "presentation_definition": {
    "id": "32f54163-7166-48f1-93d8-ff217bdb0653",
    "input_descriptors": [
      {
        "id": "wa_driver_license",
        "name": "Washington State Business License",
        "purpose": "We can only allow licensed Washington State business representatives into the WA Business Conference",
        "schema": [{
            "uri": "https://licenses.example.com/business-license.json"
        }]
      }
    ]
  }
}

{
  "comment": "Note: VP, OIDC, DIDComm, or CHAPI outer wrapper would be here.",
  "presentation_definition": {
    "id": "32f54163-7166-48f1-93d8-ff217bdb0653",
    "input_descriptors": [
      {
        "id": "bankaccount_input",
        "name": "Full Bank Account Routing Information",
        "purpose": "We can only remit payment to a currently-valid bank account, submitted as an ABA RTN + Acct # or IBAN.",
        "schema": [{
            "uri": "https://bank-standards.example.com/fullaccountroute.json"
        }],
        "constraints": {
          "limit_disclosure": "required",
          "fields": [
            {
              "path": [
                  "$.issuer", 
                  "$.vc.issuer", 
                  "$.iss"
              ],
              "purpose": "We can only verify bank accounts if they are attested by a trusted bank, auditor, or regulatory authority.",
              "filter": {
                "type": "string",
                "pattern": "did:example:123|did:example:456"
              }
            }
          ]
        }
      },
      {
        "id": "us_passport_input",
        "name": "US Passport",
        "schema": [
          {
            "uri": "hub://did:foo:123/Collections/schema.us.gov/passport.json"
          }
        ],
        "constraints": {
          "fields": [
            {
              "path": ["$.credentialSubject.birth_date", "$.vc.credentialSubject.birth_date", "$.birth_date"],
              "filter": {
                "type": "string",
                "format": "date",
                "minimum": "1999-05-16"
              }
            }
          ]
        }

      }
    ]
  }
}

{
  "comment": "VP, OIDC, DIDComm, or CHAPI outer wrapper here",
  "presentation_definition": {
    "id": "32f54163-7166-48f1-93d8-ff217bdb0653",
    "submission_requirements": [{
      "name": "Citizenship Information",
      "rule": "pick",
      "count": 1,
      "from": "A"
    }],
    "input_descriptors": [
      {
        "id": "citizenship_input_1",
        "name": "EU Driver's License",
        "group": ["A"],
        "schema": [
          {
            "uri": "https://eu.com/claims/DriversLicense.json"
          }
        ],
        "constraints": {
          "fields": [
            {
              "path": ["$.issuer", "$.vc.issuer", "$.iss"],
              "purpose": "We can only accept digital driver's licenses issued by national authorities of member states or trusted notarial auditors.",
              "filter": {
                "type": "string",
                "pattern": "did:example:gov1|did:example:gov2"
              }
            },
            {
              "path": ["$.credentialSubject.dob", "$.vc.credentialSubject.dob", "$.dob"],
              "filter": {
                "type": "string",
                "format": "date",
                "maximum": "1999-06-15"
              }
            }
          ]
        }
      },
      {
        "id": "citizenship_input_2",
        "name": "US Passport",
        "group": ["A"],
        "schema": [
          {
            "uri": "hub://did:foo:123/Collections/schema.us.gov/passport.json"
          }
        ],
        "constraints": {
          "fields": [
            {
              "path": ["$.credentialSubject.birth_date", "$.vc.credentialSubject.birth_date", "$.birth_date"],
              "filter": {
                "type": "string",
                "format": "date",
                "maximum": "1999-05-16"
              }
            }
          ]
        }
      }
    ]
  }
}

{
  "comment": "VP, OIDC, DIDComm, or CHAPI outer wrapper here",
  "presentation_definition": {
    "id": "32f54163-7166-48f1-93d8-ff217bdb0653",
    "submission_requirements": [
      {
        "name": "Banking Information",
        "purpose": "We can only remit payment to a currently-valid bank account in the US, Germany or France.",
        "rule": "pick",
        "count": 1,
        "from": "A"
      },
      {
        "name": "Employment Information",
        "purpose": "We are only verifying one current employment relationship, not any other information about employment.",
        "rule": "all",
        "from": "B"
      },
      {
        "name": "Eligibility to Drive on US Roads",
        "purpose": "We need to verify eligibility to drive on US roads via US or EU driver's license, but no biometric or identifying information contained there.",
        "rule": "pick",
        "count": 1,
        "from": "C"
      }
    ],
    "input_descriptors": [
      {
        "id": "banking_input_1",
        "name": "Bank Account Information",
        "purpose": "Bank Account required to remit payment.",
        "group": ["A"],
        "schema": [
          {
            "uri": "https://bank-standards.example.com#accounts",
            "required": true
          },
          {
            "uri": "https://bank-standards.example.com#investments",
            "required": true
          }
        ],
        "constraints": {
          "limit_disclosure": "required",
          "fields": [
            {
              "path": ["$.issuer", "$.vc.issuer", "$.iss"],
              "purpose": "We can only verify bank accounts if they are attested by a trusted bank, auditor or regulatory authority.",
              "filter": {
                "type": "string",
                "pattern": "did:example:123|did:example:456"
              }
            },
            {
              "path": [
                "$.credentialSubject.account[*].account_number", 
                "$.vc.credentialSubject.account[*].account_number", 
                "$.account[*].account_number"
              ],
              "purpose": "We can only remit payment to a currently-valid bank account in the US, France, or Germany, submitted as an ABA Acct # or IBAN.",
              "filter": {
                "type": "string",
                "pattern": "^[0-9]{10-12}|^(DE|FR)[0-9]{2}\\s?([0-9a-zA-Z]{4}\\s?){4}[0-9a-zA-Z]{2}$"
              }
            },
            {
              "path": ["$.credentialSubject.portfolio_value", "$.vc.credentialSubject.portfolio_value", "$.portfolio_value"],
              "purpose": "A current portfolio value of at least one million dollars is required to insure your application",
              "filter": {
                "type": "number",
                "minimum": 1000000
              }
            }
          ]
        }
      },
      {
        "id": "banking_input_2",
        "name": "Bank Account Information",
        "purpose": "We can only remit payment to a currently-valid bank account.",
        "group": ["A"],
        "schema": [
          {
            "uri": "https://bank-schemas.org/1.0.0/accounts.json"
          },
          {
            "uri": "https://bank-schemas.org/2.0.0/accounts.json"
          }
        ],
        "constraints": {
          "fields": [
            {
              "path": [
                "$.issuer", 
                "$.vc.issuer", 
                "$.iss"
              ],
              "purpose": "We can only verify bank accounts if they are attested by a trusted bank, auditor or regulatory authority.",
              "filter": {
                "type": "string",
                "pattern": "did:example:123|did:example:456"
              }
            },
            { 
              "path": [
                "$.credentialSubject.account[*].id", 
                "$.vc.credentialSubject.account[*].id", 
                "$.account[*].id"
              ],
              "purpose": "We can only remit payment to a currently-valid bank account in the US, France, or Germany, submitted as an ABA Acct # or IBAN.",
              "filter": {
                "type": "string",
                "pattern": "^[0-9]{10-12}|^(DE|FR)[0-9]{2}\\s?([0-9a-zA-Z]{4}\\s?){4}[0-9a-zA-Z]{2}$"
              }
            },
            {
              "path": [
                "$.credentialSubject.account[*].route", 
                "$.vc.credentialSubject.account[*].route", 
                "$.account[*].route"
              ],
              "purpose": "We can only remit payment to a currently-valid account at a US, Japanese, or German federally-accredited bank, submitted as an ABA RTN or SWIFT code.",
              "filter": {
                "type": "string",
                "pattern": "^[0-9]{9}|^([a-zA-Z]){4}([a-zA-Z]){2}([0-9a-zA-Z]){2}([0-9a-zA-Z]{3})?$"
              }
            }
          ]
        }
      },
      {
        "id": "employment_input",
        "name": "Employment History",
        "purpose": "We are only verifying one current employment relationship, not any other information about employment.",
        "group": ["B"],
        "schema": [
          {
            "uri": "https://business-standards.org/schemas/employment-history.json"
          }
        ],
        "constraints": {
          "limit_disclosure": "required",
          "fields": [
            {
              "path": ["$.jobs[*].active"],
              "filter": {
                "type": "boolean",
                "pattern": "true"
              }
            }
          ]
        }
      },
      {
        "id": "drivers_license_input_1",
        "name": "EU Driver's License",
        "group": ["C"],
        "schema": [
          {
            "uri": "https://schema.eu/claims/DriversLicense.json"
          }
        ],
        "constraints": {
          "fields": [
            {
              "path": ["$.issuer", "$.vc.issuer", "$.iss"],
              "purpose": "We can only accept digital driver's licenses issued by national authorities of EU member states or trusted notarial auditors.",
              "filter": {
                "type": "string",
                "pattern": "did:example:gov1|did:example:gov2"
              }
            },
            {
              "path": ["$.credentialSubject.dob", "$.vc.credentialSubject.dob", "$.dob"],
              "purpose": "We must confirm that the driver was at least 21 years old on April 16, 2020.",
              "filter": {
                "type": "string",
                "format": "date",
                "maximum": "1999-05-16"
              }
            }
          ]
        }
      },
      {
        "id": "drivers_license_input_2",
        "name": "Driver's License from one of 50 US States",
        "group": ["C"],
        "schema": [
          {
            "uri": "hub://did:foo:123/Collections/schema.us.gov/american_drivers_license.json"
          }
        ],
        "constraints": {
          "fields": [
            {
              "path": ["$.issuer", "$.vc.issuer", "$.iss"],
              "purpose": "We can only accept digital driver's licenses issued by the 50 US states' automative affairs agencies.",
              "filter": {
                "type": "string",
                "pattern": "did:example:gov1|did:web:dmv.ca.gov|did:example:oregonDMV"
              }
            },
            {
              "path": ["$.credentialSubject.birth_date", "$.vc.credentialSubject.birth_date", "$.birth_date"],
              "purpose": "We must confirm that the driver was at least 21 years old on April 16, 2020.",
              "filter": {
                "type": "string",
                "format": "date",
                "maximum": "1999-05-16"
              }
            }
          ]
        }
      }
    ]
  }
}

The following properties are for use at the top-level of a Presentation Definition. Any properties that are not defined below MUST be ignored:

• id - The Presentation Definition MUST contain an id property. The value of this property MUST be a unique identifier, such as a UUID.

• input_descriptors - The Presentation Definition MUST contain an input_descriptors property. Its value MUST be an array of Input Descriptor Objects, the composition of which are described in the Input Descriptors section below.

  The Input Descriptors required for submission are described by the submission_requirements. If no submission_requirements value is present, all inputs listed in the input_descriptors array are required for submission.

• name - The Presentation Definition MAY contain a name property. If present, its value SHOULD be a human-friendly string intended to constitute a distinctive designation of the Presentation Definition.

• purpose - The Presentation Definition MAY contain a purpose property. If present, its value MUST be a string that describes the purpose for which the Presentation Definition's inputs are being requested.

• The Presentation Definition MAY include a format property. If present, its value MUST be an object with one or more properties matching the registered Claim Format Designations (e.g., jwt, jwt_vc, jwt_vp, etc.). Te properties inform the Holder of the Claim format configurations the Verifier can process. The value for each claim format property MUST be an object composed as follows:

  • The object MUST include a format-specific property (i.e., alg, proof_type) that expresses which algorithms the Verifier supports for the format. Its value MUST be an array of one or more format-specific algorithmic identifier references, as noted in the Claim Format Designations section.

    For example:

{
  "presentation_definition": {
    "id": "32f54163-7166-48f1-93d8-ff217bdb0653",
    "input_descriptors": [],
    "format": {
      "jwt": {
        "alg": ["EdDSA", "ES256K", "ES384"]
      },
      "jwt_vc": {
        "alg": ["ES256K", "ES384"]
      },
      "jwt_vp": {
        "alg": ["EdDSA", "ES256K"]
      },
      "ldp_vc": {
        "proof_type": [
          "JsonWebSignature2020",
          "Ed25519Signature2018",
          "EcdsaSecp256k1Signature2019",
          "RsaSignature2018"
        ]
      },
      "ldp_vp": {
        "proof_type": ["Ed25519Signature2018"]
      },
      "ldp": {
        "proof_type": ["RsaSignature2018"]
      }
    }
  }
}

• submission_requirements - The Presentation Definition MAY contain a submission_requirements property. If present, its value MUST be an object conforming to the Submission Requirement format described in the Submission Requirement section below.

  If not present, all inputs listed in the input_descriptors array are required for submission.

§ Input Descriptor

Input Descriptors are objects used to describe the information a Verifier requires of a Holder. If no Submission Requirements are present, all Input Descriptors MUST be satisfied.

Input Descriptor Objects contain an identifier, a schema URI that links to the schema of the requested input data, and may contain constraints on data values, and an explanation why a certain item or set of data is being requested:

{
  "presentation_definition": {
    "id": "32f54163-7166-48f1-93d8-ff217bdb0653",
    "input_descriptors": [
      {
        "id": "banking_input_1",
        "name": "Bank Account Information",
        "purpose": "We can only remit payment to a currently-valid bank account.",
        "group": [
          "A"
        ],
        "schema": [
          {
            "uri": "https://bank-schemas.org/1.0.0/accounts.json"
          },
          {
            "uri": "https://bank-schemas.org/2.0.0/accounts.json"
          }
        ],
        "constraints": {
          "fields": [
            {
              "path": [
                "$.issuer",
                "$.vc.issuer",
                "$.iss"
              ],
              "purpose": "We can only verify bank accounts if they are attested by a trusted bank, auditor or regulatory authority.",
              "filter": {
                "type": "string",
                "pattern": "did:example:123|did:example:456"
              }
            },
            {
              "path": [
                "$.credentialSubject.account[*].id",
                "$.vc.credentialSubject.account[*].id",
                "$.account[*].id"
              ],
              "purpose": "We can only remit payment to a currently-valid bank account in the US, France, or Germany, submitted as an ABA Acct # or IBAN.",
              "filter": {
                "type": "string",
                "pattern": "^[0-9]{10-12}|^(DE|FR)[0-9]{2}\\s?([0-9a-zA-Z]{4}\\s?){4}[0-9a-zA-Z]{2}$"
              }
            },
            {
              "path": [
                "$.credentialSubject.account[*].route",
                "$.vc.credentialSubject.account[*].route",
                "$.account[*].route"
              ],
              "purpose": "We can only remit payment to a currently-valid account at a US, Japanese, or German federally-accredited bank, submitted as an ABA RTN or SWIFT code.",
              "filter": {
                "type": "string",
                "pattern": "^[0-9]{9}|^([a-zA-Z]){4}([a-zA-Z]){2}([0-9a-zA-Z]){2}([0-9a-zA-Z]{3})?$"
              }
            }
          ]
        }
      }
    ]
  }
}

{
  "presentation_definition": {
    "id": "32f54163-7166-48f1-93d8-ff217bdb0653",
    "input_descriptors": [
      {
        "id": "employment_input_xyz_gov",
        "group": ["B"],
        "schema": [
          {
            "uri": "https://login.idp.com/xyz.gov/.well-known/openid-configuration",
            "required": true
          }
        ],
        "name": "Verify XYZ Government Employment",
        "purpose": "Verifying current employment at XYZ Government agency as proxy for permission to access this resource",
        "constraints": {
          "fields": [
            {
              "path": ["$.status"],
              "filter": {
                "type": "string",
                "pattern": "active"
              }
            }
          ]
        }
      }
    ]
  }
}

§ Input Descriptor Object

Input Descriptor Objects are composed as follows:

• The Input Descriptor Object MUST contain an id property. The value of the id property MUST be a string that does not conflict with the id of another Input Descriptor Object in the same Presentation Definition.
• The Input Descriptor Object MUST contain a schema property. The value of the schema property MUST be an array composed of objects as follows:
  • The schema object MUST contain a uri property, and its value MUST be a string consisting of a valid URI for an acceptable Claim schema.
  • The schema object MAY contain a required property. If present, the value of this property MUST be a boolean. A value of true indicates that the given schema object is required to be the schema of the inputs used to fulfill the given Submission Requirement.
• The Input Descriptor Object MAY contain a group property. If present, its value MUST match one of the grouping strings listed in the from values of a Submission Requirement Rule object.
• The Input Descriptor Object MAY contain a name property. If present, its value SHOULD be a human-friendly name that describes what the target schema represents.
• The Input Descriptor Object MAY contain a purpose property. If present, its value MUST be a string that describes the purpose for which the Claim's data is being requested.
• The Input Descriptor Object MAY contain a constraints property. If present, its value MUST be an object composed as follows:

  • The constraints object MAY contain a limit_disclosure property. If present, its value MUST be onf the following strings:

    • required - This indicates that the processing entity MUST limit submitted fields to those listed in the fields array (if present).
    • preferred - This indicates that the processing entity SHOULD limit submitted fields to those listed in the fields array (if present).

    Omission of the limit_disclosure property indicates the processing entity MAY submit a response that contains more than the data described in the fields array.

  • The constraints object MAY contain a statuses property. If present, its value MUST be an object that includes one or more of the following status properties:

    • active - A credential is active if it is not revoked, expired, suspended, or in any type of deactivated state.
    • suspended - A credential is suspended if the Issuer has published an explicit signal that the credential is in an inactive state and should not currently be relied upon, but may become active again in the future.
    • revoked - A credential is revoked if the Issuer has published an explicit signal that the credential in question should not be relied upon going forward as an accurate reflection of the Issuer’s statements about the Subject within the scope of the credential.

    The values of all status properties are objects, composed as follows:

    • status objects MUST include a directive property, and its value MUST be one of the following strings:
      • required - the credential MUST be of the specified status.
      • allowed - the credential MAY be of the specified status.
      • disallowed - the credential MUST NOT be of the specified status.

        "statuses": {
          "active": {
            "directive": "required"  // other values: "allowed", "disallowed"
          },
          "suspended": {...},
          "revoked": {...}
        }
      

    NOTE

    There is no assumed direct mapping between these values and a corresponding status object in the underlying credentials. On the contrary, the encoding and decoding of a credential status (which may include fetching remote status information or cryptographic operations) is an implementation detail which takes place at a lower layer of abstraction and in accordance with the supported verifiable credential formats and presentation protocols.

  • The constraints object MAY contain a subject_is_issuer property. If present, its value MUST be one of the following strings:

    • required - This indicates that the processing entity MUST submit a response that has been self-attested, i.e., the Claim used in the presentation was ‘issued’ by the Subject of the Claim.
    • preferred - This indicates that it is RECOMMENDED that the processing entity submit a response that has been self-attested, i.e., the Claim used in the presentation was ‘issued’ by the Subject of the Claim.
    NOTE

    The subject_is_issuer property could be used by a Verifier to require that certain inputs be self_attested. For example, a college application Presentation Definition might contain an Input Descriptor for an essay submission. In this case, the Verifier would be able to require that the essay be provided by the same Subject as any other Claims in the presented application.

  • The constraints object MAY contain an is_holder property. If present, its value MUST be an array of objects composed as follows:

    • The is-holder object MUST contain a field_id property. The value of this property MUST be an array of strings, with each string matching the string value from a field object’s id property. This identifies the attribute whose Subject is of concern to the Verifier.
    • The is-holder object MUST contain a directive property. The value of this property MUST be one of the following strings:
      • required - This indicates that the processing entity MUST include proof that the Subject of each attribute identified by a value in the field_id array is the same as the entity submitting the response.
      • preferred - This indicates that it is RECOMMENDED that the processing entity include proof that the Subject of each attribute identified by a value in the field_id array is the same as the entity submitting the response.

    The is_holder property would be used by a Verifier to require that certain inputs be provided by a certain Subject. For example, an identity verification Presentation Definition might contain an Input Descriptor for a birthdate from a birth certificate. Using is_holder, the Verifier would be able to require that the Holder of the birth certificate Claim is the same as the Subject of the birthdate attribute. This is especially useful in cases where a Claim may have multiple Subjects.

    For more information about techniques used to prove binding to a Holder, please see Holder Binding.

  • The constraints object MAY contain a same_subject property. If present, its value MUST be an array of objects composed as follows:

    • The same-subject object MUST contain a field_id property. The value of this property MUST be an array of strings, with each string matching the string value from a field object’s id property. This identifies the attributes whose Subject is of concern to the Verifier. It is important to note that the attributes whose Subject is of concern to the Verifier MAY be identified in the field object of a different Input Descriptor Object.
    • The same-subject object MUST contain a directive property. The value of this property MUST be one of the following strings:
      • required - This indicates that the processing entity MUST include proof that the Subject of each attribute identified by a value in the field_id array is the same as the Subject of the attributes identified by the other values in the field_id array.
      • preferred - This indicates that it is RECOMMENDED that the processing entity include proof that the Subject of each attribute identified by a value in the field_id array is the same as the Subject of the attributes identified by the other values in the field_id array.

    The same_subject property would be used by a Verifier to require that certain provided inputs be about the same Subject. For example, a Presentation Definition might contain an Input Descriptor which calls for a street address from a driver license Claim and another Input Descriptor which calls for a name from a birth certificate Claim. Using the same_subject property, Verifier would be able to require that the Subject of the street address attribute Claim is the same as the Subject of the name attribute.

  • The constraints object MAY contain a fields property. If present, its value MUST be an array of objects composed as follows:

    • The fields object MUST contain a path property. The value of this property MUST be an array of one or more JSONPath string expressions (as defined in the JSONPath Syntax Definition section) that select a target value from the input. The array MUST be evaluated from 0-index forward, and the first expressions to return a value will be used for the rest of the entry’s evaluation. The ability to declare multiple expressions in this way allows the Verifier to account for format differences - for example: normalizing the differences in structure between JSON-LD/JWT-based Verifiable Credentials and vanilla JSON Web Tokens (JWTs) [RFC7797].

    • The fields object MAY contain an id property. If present, its value MUST be a string that is unique from every other field object’s id property, including those contained in other Input Descriptor Objects.

    • The fields object MAY contain a purpose property. If present, its value MUST be a string that describes the purpose for which the field is being requested.

    • The fields object MAY contain a filter property, and if present its value MUST be a JSON Schema descriptor used to filter against the values returned from evaluation of the JSONPath string expressions in the path array.

    • The fields object MAY contain a predicate property. If the predicate property is present, the filter property MUST also be present.

      NOTE

      processing entity returns a boolean, rather than a value returned from evaluation of the JSONPath string expressions in the path array. The boolean returned is the result of using the filter property’s JSON Schema descriptors against the evaluated value. Exclusion of the predicate property indicates that the processing entity returns the value returned from evaluation of the JSONPath string expressions in the path array.

      The value of predicate MUST be one of the following strings:

      • required - This indicates that the returned value MUST be the boolean result of applying the value of the filter property to the result of evaluating the path property.
        NOTE

        may severely limit the responses a Holder may be able to make. Many signature schemes do not support deriving predicates, even those signature schemes which are otherwise ZKP-capable. A Verifier should be sure they support such schemes, and have high confidence they are also supported by the Holder, before indicating predicate responses are required.:::

      • preferred - This indicates that the returned value SHOULD be the boolean result of applying the value of the filter property to the result of evaluating the path property.

      If the predicate property is not present, a processing entity MUST NOT return derived predicate values.

      If the predicate property is present, the set of JSON Schema descriptors which comprise the value of the filter property MUST be restricted according to the desired predicate operation, as follows:

      • To express the following range proofs, use the JSON Schema numeric range properties:
        • greater-than - Use the exclusiveMinimum descriptor. For example, to request a proof that an attribute is greater than 10000, use the following as the value of the filter object:

          {
            "type": "number",
            "exclusiveMinimum": 10000,
          }
          

        • less-than - Use the exclusiveMaximum descriptor. For example, to request a proof that an attribute is less than 85, use the following as the value of the filter object:

          {
            "type": "number",
            "exclusiveMaximum": 85,
          }
          

        • greater-than or equal-to - Use the minimum descriptor. For example, to request a proof that an attribute is greater than or equal to 18, use the following as the value of the filter object:

          {
            "type": "number",
            "minimum": 18,
          }
          

        • less-than or equal-to - Use the maximum descriptor. For example, to request a proof that an attribute is less than or equal to 65536, use the following as the value of the filter object:

          {
            "type": "number",
            "maximum": 65536,
          }
          

      • to express the following equality proofs, use the JSON Schema const descriptor:
        • equal-to - Use the const descriptor. For example to request proof that an attribute has the value “Chad”, use the following as the value of the filter object:

          {
            "const": "Chad"
          }
          

        • not equal-to - Use the const descriptor with the not operator. For example, to request proof that an attribute does not have the value “Karen”, use the following as the value of the filter object:

          {
            "not": {
              "const": "Karen"
            }
          }
          

      • to express set-membership proofs, use the JSON Schema enum descriptor:
        • in-set - Use the enum descriptor. For example, to request proof that an attribute is contained in the set of rainbow colors, use the following as the value of the filter object:

          {
            "type": "string",
            "enum": ["red", "yellow", "blue"]
          }
          

        • not-in-set - Use the enum descriptor with the not operator. For example, to request proof that an attribute is not contained in the set of primary colors, use the following as the value of the filter object:

          {
            "not": {
              "enum": ["red", "yellow", "blue"]
            }
          }
          

      At this time, additional predicate operations are not supported.

§ Submission Requirements

Presentation Definitions MAY include Submission Requirements which define what combinations of inputs a processing entity must submit to comply with the requirements of a Verifier.

Submission Requirements introduce a set of rule types and mapping instructions a processing entity can ingest to present requirement optionality to the user, and subsequently submit inputs in a way that maps back to the rules the Verifier has asserted.

The following section defines the format for Submission Requirements and the selection syntax Verifiers can use to specify which combinations of inputs are acceptable.

If present, all Submission Requirements MUST be satisfied, and all input_descriptors MUST be grouped. Any unused [ref:Input Descriptors]] that remain after satisfying all Submission Requirements MUST be ignored.

{
  "submission_requirements": [
    {
      "name": "Banking Information",
      "purpose": "We need you to prove you currently hold a bank account older than 12months.",
      "rule": "pick",
      "count": 1,
      "from": "A"
    },
    {
      "name": "Employment Information",
      "purpose": "We are only verifying one current employment relationship, not any other information about employment.",
      "rule": "all",
      "from": "B"
    },
    {
      "name": "Citizenship Information",
      "rule": "pick",
      "count": 1,
      "from_nested": [
        {
          "name": "United States Citizenship Proofs",
          "purpose": "We need you to prove your US citizenship.",
          "rule": "all",
          "from": "C"
        },
        {
          "name": "European Union Citizenship Proofs",
          "purpose": "We need you to prove you are a citizen of an EU member state.",
          "rule": "all",
          "from": "D"
        }
      ]
    }
  ]
}

§ Submission Requirement Objects

Submission Requirement Objects are JSON objects constructed as follows:

• A Submission Requirement Object MUST contain a rule property. The value of this property MUST be a string that matches one of the Submission Requirement Rules values listed in the section below.
• A Submission Requirement Object MUST contain either a from or from_nested property. If both properties are present, the implementation MUST produce an error. The values of the from and from_nested properties are defined as follows:
  • from - The value of the from property MUST be a group string matching one of the group strings specified for one or more [[ref:Input Descriptor Objects].
  • from_nested - The value of the from_nested property MUST be an array Submission Requirement Objects.
• The Submission Requirement Object MAY contain a name property. If present, its value MUST be a string. The string MAY be used by a consuming User Agent to display the general name of the requirement set to a user.
• The Submission Requirement Objects MAY contain a purpose property. If present, its value MUST be a string that describes the purpose for which the submission is being requested.
• The Submission Requirement Objects MAY contain additional properties as required by certain Submission Requirement Rules. For example, count, min, and max may be present with a pick rule.

§ Submission Requirement Rules

Submission Requirement Rules are used within Submission Requirement Objects to describe the specific combinatorial rules that must be applied to submit a particular subset of reqested inputs. The specified Submission Requirement Rule determines the behavior of the corresponding from or from_nested property, as described below. A conformant implementation MUST support the following rules:

§ all rule

For an all rule Submission Requirement Object:

• The value of the rule property MUST be the string “all”.
• The following behavior is required for the from or from_nested property:
  • from - All Input Descriptors matching the group string of the from value MUST be submitted to the Verifier.
  • from_nested - All Submission Requirement Objects specified in the from_nested array must be satisfied by the inputs submitted to the Verifier.

{
  "submission_requirements": [
    {
      "name": "Submission of educational transcripts",
      "purpose": "We need your complete educational transcripts to process your application",
      "rule": "all",
      "from": "A"
    }
  ]
}

§ pick rule

For a pick rule Submission Requirement Object:

• The value of the rule property MUST be the string “pick”.
• The Submission Requirement Object MAY contain a count property. If present, its value MUST be an integer greater than zero. This indicates the number of input Descriptors or Submission Requirement Objects to be submitted.
• The Submission Requirement Object MAY contain a min property. If present, its value MUST be an integer greater than or equal to zero. This indicates the minimum number of input Descriptors or Submission Requirement Objects to be submitted.
• The Submission Requirement Object MAY contain a max property. If present, its value MUST be an integer greater than zero and, if also present, greater than the value of the min property. This indicates the maximum number of input Descriptors or Submission Requirement Objects to be submitted.
• The following behavior is required for the from or from_nested property:
  • from - The specified number of Input Descriptors matching the group string of the from value MUST be submitted to the Verifier.
  • from_nested - The specified number of Submission Requirement Objects in the from_nested array must be satisfied by the inputs submitted to the Verifier.

If Submission Requirement Object has a from property, this directs the processing entity to submit inputs from the set of Input Descriptors with a matching group string. In the first example that follows, the Submission Requirement requests a single input from Input Descriptor group "B". In the second example, the Submission Requirement requests from 2 to 4 inputs from Input Descriptor group "B".

{
  "submission_requirements": [
    {
      "name": "Citizenship Proof",
      "purpose": "We need to confirm you are a citizen of one of the following countries before accepting your application",
      "rule": "pick",
      "count": 1,
      "from": "B"
    }
  ]
}

{
  "submission_requirements": [
    {
      "name": "Eligibility to Work Proof",
      "purpose": "We need to prove you are eligible for full-time employment in 2 or more of the following countries",
      "rule": "pick",
      "min": 2,
      "from": "B"
    }
  ]
}

If the Submission Requirement Object has a from_nested property, this directs the processing entity to submit inputs such that the number of satisfied Submission Requirement Objects matches the number requested. In the following example, the from_nested property contains an array of Submission Requirement Objects which requests either all members from group "A" or two members from group "B":

{
  "submission_requirements": [
    {
      "name": "Confirm banking relationship or employment and residence proofs",
      "purpose": "Recent bank statements or proofs of both employment and residence will be validated to initiate your loan application but not stored",
      "rule": "pick",
      "count": 1,
      "from_nested": [
        { "rule": "all", "from": "A" },
        { "rule": "pick", "count": 2, "from": "B" }
      ]
    }
  ]
}

§ JSON Schema

The following JSON Schema Draft 7 definition summarizes many of the format-related rules above:

{
  "$schema": "http://json-schema.org/draft-07/schema#",
  "definitions": {
    "submission_requirements": {
      "type": "object",
      "oneOf": [
        {
          "properties": {
            "name": { "type": "string" },
            "purpose": { "type": "string" },
            "rule": {
              "type": "string",
              "enum": ["all", "pick"]
            },
            "count": { "type": "integer", "minimum": 1 },
            "min": { "type": "integer", "minimum": 0 },
            "max": { "type": "integer", "minimum": 0 },
            "from": { "type": "string" }
          },
          "required": ["rule", "from"],
          "additionalProperties": false
        },
        {
          "properties": {
            "name": { "type": "string" },
            "purpose": { "type": "string" },
            "rule": {
              "type": "string",
              "enum": ["all", "pick"]
            },
            "count": { "type": "integer", "minimum": 1 },
            "min": { "type": "integer", "minimum": 0 },
            "max": { "type": "integer", "minimum": 0 },
            "from_nested": {
              "type": "array",
              "minItems": 1,
              "items": {
                "$ref": "#/definitions/submission_requirements"
              }
            }
          },
          "required": ["rule", "from_nested"],
          "additionalProperties": false
        }
      ]
    }
  },
  "type": "object",
  "properties": {
    "submission_requirements": {
      "type": "array",
      "items": {
        "$ref": "#/definitions/submission_requirements"
      }
    }
  },
  "required": ["submission_requirements"],
  "additionalProperties": false
}

§ Property Values and Evaluation

The following property value and evaluation guidelines summarize many of the processing-related rules above:

• The rule property value may be either "all" or "pick", and a conformant implementation MUST produce an error if an unknown rule value is present.
• The Submission Requirement Object MUST contain a from property or a from_nested property, not both. If present their values must be a string or an array, respectively. If any of these conditions are not met, a conformant implementation MUST produce an error.
• A conformant implementation could use the following algorithm To determine whether a Submission Requirement is satisfied:
  • If the rule is "all", then the Submission Requirement MUST contain a from property or a from_nested property, and of whichever are present, all inputs from the from group string or the from_nested Submission Requirements array MUST be submitted or satisfied, respectively.
  • If the rule is "pick", then the Submission Requirement MUST contain a from property or a from_nested property, and of whichever are present, they must be evaluated as follows:
    • if a count property is present, the number of inputs submitted, or nested Submission Requirements satisfied, MUST be exactly equal to the value of count property.
    • if a min property is present, the number of inputs submitted, or nested Submission Requirements satisfied, MUST be equal to or greater than the value of the min property.
    • if a max property is present, the number of inputs submitted, or nested Submission Requirements satisfied, MUST be equal to or less than the value of the max property.

§ Input Evaluation

A processing entity of a Presentation Definition must filter inputs they hold (signed Claims, raw data, etc.) to determine whether they possess the inputs requested by the Verifier. A processing entity of a Presentation Definition SHOULD use the following process to validate whether or not its candidate inputs meet the requirements it describes:

For each Input Descriptor in the input_descriptors array of a Presentation Definition, a processing entity SHOULD compare each candidate input (JWT, Verifiable Credential, etc.) it holds to determine whether there is a match.

For each candidate input:

1. The URI for the schema of the candidate input MUST match one of the Input Descriptor schema object uri values exactly.

   If the Input Descriptor schema object uri is a hashlink or similar value that points to immutable content, then the content of the retrieved schema must also match.

   If one of the values is an exact match, proceed, if there are no exact matches, skip to the next candidate input.

2. If the constraints property of the Input Descriptor is present, and it contains a fields property with one or more field objects, evaluate each against the candidate input as follows:

   1. Iterate the Input Descriptor path array of JSONPath string expressions from 0-index, executing each expression against the candidate input. Cease iteration at the first expression that returns a matching Field Query Result and use the result for the rest of the field’s evaluation. If no result is returned for any of the expressions, skip to the next candidate input.
   2. If the filter property of the field entry is present, validate the Field Query Result from the step above against the JSON Schema descriptor value.
   3. If the predicate property of the field entry is present, a boolean value should be returned rather than the value of the Field Query Result. Calculate this boolean value by evaluating the Field Query Result against the JSON Schema descriptor value of the filter property.
   4. If the result is valid, proceed iterating the rest of the fields entries.

3. If all of the previous validation steps are successful, mark the candidate input as a match for use in a Presentation Submission.

   If present at the top level of the Input Descriptor, keep a relative reference to the group values the input is designated for.

4. If the constraints property of the Input Descriptor is present, and it contains a limit_disclosure property set to the string value required, ensure that any subsequent submission of data in relation to the candidate input is limited to the entries specified in the fields property. If the fields property is not present, or contains zero field objects, submission SHOULD NOT include any Claim data from the Claim. For example, a Verifier may simply want to know a Holder has a valid, signed Claims of a particular type, without disclosing any of the data it contains.

5. If the constraints property of the Input Descriptor is present, and it contains a subject_is_issuer property set to the value required, ensure that any submission of data in relation to the candidate input is fulfilled using a self_attested Claim.

6. If the constraints property of the Input Descriptor is present, and it contains an is_holder property, ensure that for each object in the array, any submission of data in relation to the candidate input is fulfilled by the Subject of the attributes so identified by the strings in the field_id array.

7. If the constraints property of the Input Descriptor is present, and it contains a same_subject property, ensure that for each object in the array, all of the attributes so identified by the strings in the field_id array are about the same Subject.

§ Expired and Revoked Data

Certain types of Claims have concepts of expiration and revocation. Expiration is mechanism used to communicate a time after which a Claim will no longer be valid. Revocation is a mechanism used by an issuer to express the status of a Claim after issuance. Different Claim specifications handle these concepts in different ways.

Presentation Definitions have a need to specify whether expired, revoked, or Claims of other statuses can be accepted. For Claims that have simple status properties, Input Descriptor Filters JSON Schema can be used to specify acceptable criteria.

The first example below demonstrates expiry using the VC Data Model’s expirationDate property. The second example below demonstrates revocation, or more generally, credential status using the VC Data Model’s credentialStatus property. Using the syntax provided in the example, a Verifier will have all requisite information to resolve the status of a Claim.

{
  "id": "drivers_license_information",
  "name": "Verify Valid License",
  "purpose": "We need you to show that your driver's license will be valid through December of this year.",
  "schema": [
    {
      "uri": "https://yourwatchful.gov/drivers-license-schema.json",
      "required": true
    }
  ],
  "constraints": {
    "fields": [
      {
        "path": ["$.expirationDate"],
        "filter": {
          "type": "string",
          "format": "date-time",
          "minimum": "2020-12-31T23:59:59.000Z"
        }
      }
    ]
  }
}

{
  "id": "drivers_license_information",
  "name": "Verify Valid License",
  "purpose": "We need to know that your license has not been revoked.",
  "schema": [
    {
      "uri": "https://yourwatchful.gov/drivers-license-schema.json"
    }
  ],
  "constraints": {
    "fields": [
      {
        "path": ["$.credentialStatus"]
      }
    ]
  }
}

{
  "$schema": "http://json-schema.org/draft-07/schema#",
  "title": "Presentation Definition",
  "definitions": {
    "schema": {
      "type": "object",
      "properties": {
        "uri": { "type": "string" },
        "required": { "type": "boolean" }
      },
      "required": ["uri"],
      "additionalProperties": false
    },
    "filter": {
      "type": "object",
      "properties": {
        "type": { "type": "string" },
        "format": { "type": "string" },
        "pattern": { "type": "string" },
        "minimum": { "type": ["number", "string"] },
        "minLength": { "type": "integer" },
        "maxLength": { "type": "integer" },
        "exclusiveMinimum": { "type": ["number", "string"] },
        "exclusiveMaximum": { "type": ["number", "string"] },
        "maximum": { "type": ["number", "string"] },
        "const": { "type": ["number", "string"] },
        "enum": {
          "type": "array",
          "items": { "type": ["number", "string"] }
        },
        "not": {
          "type": "object",
          "minProperties": 1
        }
      },
      "required": ["type"],
      "additionalProperties": false
    },
    "format": {
      "type": "object",
      "patternProperties": {
        "^jwt$|^jwt_vc$|^jwt_vp$": {
          "type": "object",
          "properties": {
            "alg": {
              "type": "array",
              "minItems": 1,
              "items": { "type": "string" }
            }
          },
          "required": ["alg"],
          "additionalProperties": false
        },
        "^ldp_vc$|^ldp_vp$|^ldp$": {
          "type": "object",
          "properties": {
            "proof_type": {
              "type": "array",
              "minItems": 1,
              "items": { "type": "string" }
            }
          },
          "required": ["proof_type"],
          "additionalProperties": false
        },
        "additionalProperties": false
      },
      "additionalProperties": false
    },
    "submission_requirements": {
      "type": "object",
      "oneOf": [
        {
          "properties": {
            "name": { "type": "string" },
            "purpose": { "type": "string" },
            "rule": {
              "type": "string",
              "enum": ["all", "pick"]
            },
            "count": { "type": "integer", "minimum": 1 },
            "min": { "type": "integer", "minimum": 0 },
            "max": { "type": "integer", "minimum": 0 },
            "from": { "type": "string" }
          },
          "required": ["rule", "from"],
          "additionalProperties": false
        },
        {
          "properties": {
            "name": { "type": "string" },
            "purpose": { "type": "string" },
            "rule": {
              "type": "string",
              "enum": ["all", "pick"]
            },
            "count": { "type": "integer", "minimum": 1 },
            "min": { "type": "integer", "minimum": 0 },
            "max": { "type": "integer", "minimum": 0 },
            "from_nested": {
              "type": "array",
              "minItems": 1,
              "items": {
                "$ref": "#/definitions/submission_requirements"
              }
            }
          },
          "required": ["rule", "from_nested"],
          "additionalProperties": false
        }
      ]
    },
    "input_descriptors": {
      "type": "object",
      "properties": {
        "id": { "type": "string" },
        "name": { "type": "string" },
        "purpose": { "type": "string" },
        "group": {
          "type": "array",
          "items": { "type": "string" }
        },
        "schema": {
          "type": "array",
          "items": { "$ref": "#/definitions/schema" }
        },
        "constraints": {
          "type": "object",
          "properties": {
            "limit_disclosure": {
              "type": "string",
              "enum": ["required", "preferred"]
            },
            "statuses": {
              "type": "object",
              "properties": {
                "active": {
                  "type": "object",
                  "properties": {
                    "directive": {
                      "type": "string",
                      "enum": ["required", "allowed", "disallowed"]
                    }
                  }
                },
                "suspended": {
                  "type": "object",
                  "properties": {
                    "directive": {
                      "type": "string",
                      "enum": ["required", "allowed", "disallowed"]
                    }
                  }
                },
                "revoked": {
                  "type": "object",
                  "properties": {
                    "directive": {
                      "type": "string",
                      "enum": ["required", "allowed", "disallowed"]
                    }
                  }
                }
              }
            },
            "fields": {
              "type": "array",
              "items": { "$ref": "#/definitions/field" }
            },
            "subject_is_issuer": {
              "type": "string",
              "enum": ["required", "preferred"]
            },
            "is_holder": {
              "type": "array",
              "items": {
                "type": "object",
                "properties":  {
                  "field_id": {
                    "type": "array",
                    "items": { "type": "string" }
                  },
                  "directive": {
                    "type": "string",
                    "enum": ["required", "preferred"]
                  }
                },
                "required": ["field_id", "directive"],
                "additionalProperties": false
              }
            },
            "same_subject": {
              "type":  "array",
              "items": {
                "type": "object",
                "properties":  {
                  "field_id": {
                    "type": "array",
                    "items": { "type": "string" }
                  },
                  "directive": {
                    "type": "string",
                    "enum": ["required", "preferred"]
                  }
                },
                "required": ["field_id", "directive"],
                "additionalProperties": false
              }
            }
          },
          "additionalProperties": false
        }
      },
      "required": ["id", "schema"],
      "additionalProperties": false
    },
    "field": {
      "type": "object",
      "oneOf": [
        {
          "properties": {
            "id": { "type": "string" },
            "path": {
              "type": "array",
              "items": { "type": "string" }
            },
            "purpose": { "type": "string" },
            "filter": { "$ref": "#/definitions/filter" }
          },
          "required": ["path"],
          "additionalProperties": false
        },
        {
          "properties": {
            "id": { "type": "string" },
            "path": {
              "type": "array",
              "items": { "type": "string" }
            },
            "purpose": { "type": "string" },
            "filter": { "$ref": "#/definitions/filter" },
            "predicate": {
              "type": "string",
              "enum": ["required", "preferred"]
            }
          },
          "required": ["path", "filter", "predicate"],
          "additionalProperties": false
        }
      ]
    }
  },
  "type": "object",
  "properties": {
    "presentation_definition": {
      "type": "object",
      "properties": {
        "id": { "type": "string" },
        "name": { "type": "string" },
        "purpose": { "type": "string" },
        "format": { "$ref": "#/definitions/format"},
        "submission_requirements": {
          "type": "array",
          "items": {
            "$ref": "#/definitions/submission_requirements"
          }
        },
        "input_descriptors": {
          "type": "array",
          "items": { "$ref": "#/definitions/input_descriptors" }
        }
      },
      "required": ["id", "input_descriptors"],
      "additionalProperties": false
    }
  }
}

{
  // NOTE: VP, OIDC, DIDComm, or CHAPI outer wrapper properties would be here.

  "presentation_submission": {
    "id": "a30e3b91-fb77-4d22-95fa-871689c322e2",
    "definition_id": "32f54163-7166-48f1-93d8-ff217bdb0653",
    "descriptor_map": [
      {
        "id": "banking_input_2",
        "format": "jwt_vc",
        "path": "$.verifiableCredential[0]"
      },
      {
        "id": "employment_input",
        "format": "ldp_vc",
        "path": "$.verifiableCredential[1]"
      },
      {
        "id": "citizenship_input_1",
        "format": "ldp_vc",
        "path": "$.verifiableCredential[2]"
      }
    ]
  }

}

{
  "presentation_submission": {
    "id": "a30e3b91-fb77-4d22-95fa-871689c322e2",
    "definition_id": "32f54163-7166-48f1-93d8-ff217bdb0653",
    "descriptor_map": [
      {
        "id": "banking_input_2",
        "format": "jwt_vp",
        "path": "$.outerClaim[0]",
        "path_nested": {
          "id": "banking_input_2",
          "format": "ldp_vc",
          "path": "$.innerClaim[1]",
          "path_nested": {
            "id": "banking_input_2",
            "format": "jwt_vc",
            "path": "$.mostInnerClaim[2]"
          }
        }
      }
    ]
  }
}

{
  "$schema": "http://json-schema.org/draft-07/schema#",
  "title": "Presentation Submission",
  "type": "object",
  "properties": {
    "presentation_submission": {
      "type": "object",
      "properties": {
        "id": { "type": "string" },
        "definition_id": { "type": "string" },
        "descriptor_map": {
          "type": "array",
          "items": { "$ref": "#/definitions/descriptor" }
        }
      },
      "required": ["id", "definition_id", "descriptor_map"],
      "additionalProperties": false
    }
  },
  "definitions": {
    "descriptor": {
      "type": "object",
      "properties": {
        "id": { "type": "string" },
        "path": { "type": "string" },
        "path_nested": {
          "type": "object",
            "$ref": "#/definitions/descriptor"
        },
        "format": {
          "type": "string",
          "enum": ["jwt", "jwt_vc", "jwt_vp", "ldp", "ldp_vc", "ldp_vp"]
        }
      },
      "required": ["id", "path", "format"],
      "additionalProperties": false
    }
  },
  "required": ["presentation_submission"],
  "additionalProperties": false
}

{
  "store": {
    "book": [
      {
        "category": "reference",
        "author": "Nigel Rees",
        "title": "Sayings of the Century",
        "price": 8.95
      }, {
        "category": "fiction",
        "author": "Evelyn Waugh",
        "title": "Sword of Honour",
        "price": 12.99
      }, {
        "category": "fiction",
        "author": "Herman Melville",
        "title": "Moby Dick",
        "isbn": "0-553-21311-3",
        "price": 8.99
      }, {
        "category": "fiction",
        "author": "J. R. R. Tolkien",
        "title": "The Lord of the Rings",
        "isbn": "0-395-19395-8",
        "price": 22.99
      }
    ],
    "bicycle": {
      "color": "red",
      "price": 19.95
    }
  }
}

{
  "@context": [
    "https://www.w3.org/2018/credentials/v1",
    "https://identity.foundation/presentation-exchange/submission/v1"
  ],
  "type": [
    "VerifiablePresentation",
    "PresentationSubmission"
  ],
  "presentation_submission": {
    "id": "a30e3b91-fb77-4d22-95fa-871689c322e2",
    "definition_id": "32f54163-7166-48f1-93d8-ff217bdb0653",
    "descriptor_map": [
      {
        "id": "banking_input_2",
        "format": "jwt_vc",
        "path": "$.verifiableCredential[0]"
      },
      {
        "id": "employment_input",
        "format": "ldp_vc",
        "path": "$.verifiableCredential[1]"
      },
      {
        "id": "citizenship_input_1",
        "format": "ldp_vc",
        "path": "$.verifiableCredential[2]"
      }
    ]
  },
  "verifiableCredential": [
    {
      "comment": "IN REALWORLD VPs, THIS WILL BE A BIG UGLY OBJECT INSTEAD OF THE DECODED JWT PAYLOAD THAT FOLLOWS",
      "vc": {
        "@context": "https://www.w3.org/2018/credentials/v1",
        "id": "https://eu.com/claims/DriversLicense",
        "type": ["EUDriversLicense"],
        "issuer": "did:example:123",
        "issuanceDate": "2010-01-01T19:73:24Z",
        "credentialSubject": {
          "id": "did:example:ebfeb1f712ebc6f1c276e12ec21",
          "accounts": [
            {
              "id": "1234567890",
              "route": "DE-9876543210"
            },
            {
              "id": "2457913570",
              "route": "DE-0753197542"
            }
          ]
        }
      }
    },
    {
      "@context": "https://www.w3.org/2018/credentials/v1",
      "id": "https://business-standards.org/schemas/employment-history.json",
      "type": ["VerifiableCredential", "GenericEmploymentCredential"],
      "issuer": "did:foo:123",
      "issuanceDate": "2010-01-01T19:73:24Z",
      "credentialSubject": {
        "id": "did:example:ebfeb1f712ebc6f1c276e12ec21",
        "active": true
      },
      "proof": {
        "type": "EcdsaSecp256k1VerificationKey2019",
        "created": "2017-06-18T21:19:10Z",
        "proofPurpose": "assertionMethod",
        "verificationMethod": "https://example.edu/issuers/keys/1",
        "jws": "..."
      }
    },
    {
      "@context": "https://www.w3.org/2018/credentials/v1",
      "id": "https://eu.com/claims/DriversLicense",
      "type": ["EUDriversLicense"],
      "issuer": "did:foo:123",
      "issuanceDate": "2010-01-01T19:73:24Z",
      "credentialSubject": {
        "id": "did:example:ebfeb1f712ebc6f1c276e12ec21",
        "license": {
          "number": "34DGE352",
          "dob": "07/13/80"
        }
      },
      "proof": {
        "type": "RsaSignature2018",
        "created": "2017-06-18T21:19:10Z",
        "proofPurpose": "assertionMethod",
        "verificationMethod": "https://example.edu/issuers/keys/1",
        "jws": "..."
      }
    }
  ],
  "proof": {
    "type": "RsaSignature2018",
    "created": "2018-09-14T21:19:10Z",
    "proofPurpose": "authentication",
    "verificationMethod": "did:example:ebfeb1f712ebc6f1c276e12ec21#keys-1",
    "challenge": "1f44d55f-f161-4938-a659-f8026467f126",
    "domain": "4jt78h47fh47",
    "jws": "..."
  }
}

{
  "iss": "https://self-issued.me",
  "sub": "248289761001",
  "preferred_username": "superman445",
  "presentation_submission": {
    "id": "a30e3b91-fb77-4d22-95fa-871689c322e2",
    "definition_id": "32f54163-7166-48f1-93d8-ff217bdb0653",
    "descriptor_map": [
      {
        "id": "banking_input_2",
        "format": "jwt",
        "path": "$._claim_sources.banking_input_2.JWT"
      },
      {
        "id": "employment_input",
        "format": "jwt_vc",
        "path": "$._claim_sources.employment_input.VC_JWT"
      },
      {
        "id": "citizenship_input_1",
        "format": "ldp_vc",
        "path": "$._claim_sources.citizenship_input_1.VC"
      }
    ]
  },
  "_claim_names": {
    "verified_claims": [
      "banking_input_2",
      "employment_input",
      "citizenship_input_1"
    ]
  },
  "_claim_sources": {
    "banking_input_2": {
      "JWT": "eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJodHRwczovL3NlcnZlci5vdGhlcm9wLmNvbSIsInN1YiI6ImU4MTQ4NjAzLTg5MzQtNDI0NS04MjViLWMxMDhiOGI2Yjk0NSIsInZlcmlmaWVkX2NsYWltcyI6eyJ2ZXJpZmljYXRpb24iOnsidHJ1c3RfZnJhbWV3b3JrIjoiaWFsX2V4YW1wbGVfZ29sZCJ9LCJjbGFpbXMiOnsiZ2l2ZW5fbmFtZSI6Ik1heCIsImZhbWlseV9uYW1lIjoiTWVpZXIiLCJiaXJ0aGRhdGUiOiIxOTU2LTAxLTI4In19fQ.FArlPUtUVn95HCExePlWJQ6ctVfVpQyeSbe3xkH9MH1QJjnk5GVbBW0qe1b7R3lE-8iVv__0mhRTUI5lcFhLjoGjDS8zgWSarVsEEjwBK7WD3r9cEw6ZAhfEkhHL9eqAaED2rhhDbHD5dZWXkJCuXIcn65g6rryiBanxlXK0ZmcK4fD9HV9MFduk0LRG_p4yocMaFvVkqawat5NV9QQ3ij7UBr3G7A4FojcKEkoJKScdGoozir8m5XD83Sn45_79nCcgWSnCX2QTukL8NywIItu_K48cjHiAGXXSzydDm_ccGCe0sY-Ai2-iFFuQo2PtfuK2SqPPmAZJxEFrFoLY4g"
    },
    "employment_input": {
      "VC": {
        "@context": "https://www.w3.org/2018/credentials/v1",
        "id": "https://business-standards.org/schemas/employment-history.json",
        "type": ["VerifiableCredential", "GenericEmploymentCredential"],
        "issuer": "did:foo:123",
        "issuanceDate": "2010-01-01T19:73:24Z",
        "credentialSubject": {
          "id": "did:example:ebfeb1f712ebc6f1c276e12ec21",
          "active": true
        },
        "proof": {
          "type": "EcdsaSecp256k1VerificationKey2019",
          "created": "2017-06-18T21:19:10Z",
          "proofPurpose": "assertionMethod",
          "verificationMethod": "https://example.edu/issuers/keys/1",
          "jws": "..."
        }
      }
    },
    "citizenship_input_1": {
      "VC": {
        "@context": "https://www.w3.org/2018/credentials/v1",
        "id": "https://eu.com/claims/DriversLicense",
        "type": ["EUDriversLicense"],
        "issuer": "did:foo:123",
        "issuanceDate": "2010-01-01T19:73:24Z",
        "credentialSubject": {
          "id": "did:example:ebfeb1f712ebc6f1c276e12ec21",
          "license": {
            "number": "34DGE352",
            "dob": "07/13/80"
          }
        },
        "proof": {
          "type": "EcdsaSecp256k1VerificationKey2019",
          "created": "2017-06-18T21:19:10Z",
          "proofPurpose": "assertionMethod",
          "verificationMethod": "https://example.edu/issuers/keys/1",
          "jws": "..."
        }
      }
    }
  }
}

{
    "type": "web",
    "dataType": "VerifiablePresentation",
    "data": {
      "comment": "Presentation Submission goes here"
    }
  }
  

{
    "@type": "https://didcomm.org/present-proof/%VER/presentation",
    "@id": "f1ca8245-ab2d-4d9c-8d7d-94bf310314ef",
    "comment": "some comment",
    "formats" : [{
        "attach_id" : "2a3f1c4c-623c-44e6-b159-179048c51260",
        "format" : "dif/presentation-exchange/[email protected]"
    }],
    "presentations~attach": [{
        "@id": "2a3f1c4c-623c-44e6-b159-179048c51260",
        "mime-type": "application/ld+json",
        "data": {
            "json": {
              "comment": "Presentation Submission goes here"
            }
        }
    }]
}