A common protocol for decentralized entities to exchange Verifiable Credentials across various communication channels.

Comments regarding this document are welcome. Please file issues directly on GitHub, or send them to public-credentials@w3.org (subscribe, archives).

Portions of the work on this specification have been funded by the United States Department of Homeland Security's Science and Technology Directorate under contracts DHS (OT) 70RSAT20T00000005. The content of this specification does not necessarily reflect the position or the policy of the U.S. Government and no official endorsement should be inferred.

Work on this specification has also been supported by the Department of Homeland Security SVIP program, the Decentralized Identity Foundation (hopefully) and the Hyperledger Aries community (blockcert?).

Introduction

The objective of this specification is to define a common, minimalist message protocol for Issuers, Holders and Verifiers for the purpose of requesting and exchanging W3C Verifiable Credentials and Presentations across technology boundaries.

This protocol is meant to be transport agnostic; certainly it must operate in Web based scenarios, but it also must be compatible in offline (sometimes even connection-less) scenarios. Therefore this specification will first define the messages, and then later in the document various bindings will be defined.

There are currently multiple standard (and developing standard) protocols for facilitating the actual transfer of Verifiable Credential data, for example Aries DIDComm and the Credential Handler API (CHAPI), and more popular frameworks like OAuth and OpenID Connect may also be used. Most of these protocols provide a high degree of flexibility in their message structure, making them useful beyond Verifiable Credentials. This protocol will therefore treat these generic transfer technologies as Communication Channels - or 'pipes' for facilitating message transfer. This will allow developers to build Verifiable Credential based systems in a way that they are guaranteed some level of interoperability decoupled from more feature rich protocols and technology stacks.

The goal of this specification is to define a common message structure so that Issuers, Holders, and Verifiers can exchange Verifiable Credentials across these Comm Channels: entities using the same Comm Channel can operate over that channel, and entities integrated to different channels may rely on 'adapter' software to pass these messages across those channels; and still process the request/response to exchange credentials. Sessions may even initiate on one channel and transfer to another during the course of the communication.

This protocol takes into account and aims to be interoperable with the following:

Out of scope for this specification are the details of how various technologies make use of Encrypted Data Vaults, message routing or proxying, multi-party (3+) extensions, and Verifiable Presentation privacy considerations (unless they are part of the message structure).

Note it is also possible that during the course of this messaging entities may determine they cannot interoperate due to the nature of the schemas and formats of the Verifiable Credentials being exchanged; this is an unfortunate but acceptable outcome. For example, a Holder simply may not have the Credentials matching the requested Schema by the Verifier. The Issuer may not be able to support a particular signing algorithm required by the Holder. C'est la vie.

Layering

This protocol specification is meant to sit atop the Verifiable Credentials v1.0 data format, the various Communication technologies and the transport layers. The following diagram is a visual (but not exhaustive) representation of how the various components in a Decentralized Identity ecosystem fit. Your mileage may vary.

Protocol Stack.
The Protocol Stack or Layering.

When the protocol can be used in conjunction with a particular message transport technology, this is referred to as a binding. Sample bindings are included in the Annex, and may be expressed as separate specifications.

Terminology

This specification makes use of the terms defined in Verified Credentials Data Model v1.0 and defines the additional terms:
Binding
A concrete mechanism through which a Holder invokes a Comm Channel. For example, the HTTP(S) Binding.
claim
As in the Verifiable Credentials Data Model 1.0 spec.
Comm Channel
A 'transport protocol' for enabling the transfer of Verifiable Credentials and other data. These Comm Channels may enable other processing capabilities for DIDs and Verifiable Credentials beyond this specification. In this context these Comm Channels may already be sophisticated application protocols high on the OSI stack, and must not be confused with lower level packet transport protocols.
Controller
As in the Verifiable Credentials Data Model 1.0 spec.
Holder
As in the Verifiable Credentials Data Model 1.0 spec.
Issuer
As in the Verifiable Credentials Data Model 1.0 spec.
property
As in the Verifiable Credentials Data Model 1.0 spec.
Subject
As in the Verifiable Credentials Data Model 1.0 spec.
Verifiable Credential
See Verifiable Credentials Data Model 1.0 spec.
Verifier
As in the Verifiable Credentials Data Model 1.0 spec.

High Level Protocol

The following diagram illustrates the message flow for request/issuance and request/presentation of Credentials. The flow is an extraction for the commonalities among the various considered Comm Channels.

Dotted lines represent optional steps. All messages are transport agnostic.

Credential Issuance High Level Message Flow.
Credential Issuance High Level Message Flow.

Issuance Flow

Invite Message (optional)
An entity is willing to provide verifiable credentials to qualified Holders. The Invitation message allows Holders to 'discover' how to communicate with an Issuer. "I invite Holders to Introduce themselves in this way."
Introduce Message
Holders Introduce themselves to Issuers by providing details about "who they are" and "how to communicate with them" - Identity and Location.
Bootstrap Trust
Holders and Issuers go through a process of establishing a Trust relationship. Examples include trusted TLS certificates in HTTPS protocols, Verifiable Credential exchange, or physical (in person) trust.
Create Credential
The Holder is requesting a Credential of a certain type, schema, and format. The Issuer processes the request and returns the Credential if possible. This message may be implied by the Issuer as Credential parameters may be determined out-of-band of this protocol (through user experience, for example).
Credential Params
This message may be sent if in order to create a credential an Issuer and Holder need exchange additional information. This message MAY be sent in response to either Create Credential or Store Credential messages, and MAY be exchanged as many times as necessary.
Store Credential
The Issuer is ready to provide a Verifiable Credential for use/storage at the Holder. The Holder can accept the Credential, or provide back a Credential Params response if necessary (for example, extra data to create the necessary cryptographic proofs).

Presentation Flow

Credential Presentaion High Level Message Flow.
Credential Presentation High Level Message Flow.
Presentation Request
The Verifier makes a Presentation Request with the desired parameters to the Holder. A Presentation Request message may be referenced in other Presentation messages, but itself does not require a direct response. Presentation messages may be cached, physically printed, implied, and so on.
Presentation Response
The Holder's Response for a Presentation Request. This may contain the Credential Presentation, or provide information on how to get the Credential Presentation.
Presentation Params (optional)
The Holder and Verifier MAY provide additional parameters relative to the Presentation Response. Holders and Verifiers MAY exchange this message as many times as required.

I am not sure this message belongs as part of this protocol - during the Response these custom details may simply be negotiated for a particular Comm Channel.

Get Presentation (optional)
An optional step where the Verifier is required to call out to an external entity to collect the data. For example, an Encrypted Data Vault or an Identity Hub or a Web Service, etc... The Comm Channel requirements for this step are negotiated during the Response.

Use Cases

The following are use cases this Protocol looks to enable. It should be reiterated that although there are already Comm Channels which may enable some of these use cases, the goal of this Protocol is interoperability across Comm Channels.

Scenario 1: Web Browser only. In browser JavaScript/plugin enables Credential exchange.

Scenario 2: Cloud Holder. User has a web service as a Holder.

Scenario 3: OAuth Holder. A Website integrated with OAuth can obtain data from a Verifiable Credentials Holder acting as an Authorization Server and Resource Server.

Scenario 4: Mobile Holder A user with a Mobile App Holder can share credentials with a cloud service.

Scenario 5: Peer to Peer. Two individuals with different Mobile Apps can exchange credentials, even when they have no Internet connectivity. One of the Apps may be an automated Kiosk.

Scenario 6: Physical Presentation. A user can scan a poster on the Subway to immediately donate money to a Charity. A user without a smartphone can print out a Presentation and present it to a Kiosk for access.

Conventions and Assumptions

The following conventions are used in the design of this protocol:

Issuer Messages

Invite

The purpose of the invite message is to publish basic trust credentials and service capabilities of the Issuer for the purposes of discovery and connection bootstrapping by a Holder.

This message may be static and generally available, or it may be generated in the context of a session, a transaction, or periodically.

Need to determine what belongs here and what remains the DID Document.

type
REQUIRED. MUST be set to "issuer-invite".
issuer

REQUIRED. MUST be set to a URI for the issuer. This MAY be a URL or MAY be a DID. If the iss is a URL, it MUST be "https://". DIDs MAY be did:peer DIDs or Resolvable DIDs.

How do did:key and did:web fit in here?

Using "issuer" not JOSE "iss" because issuer has specific semantics for VCs.

enk
OPTIONAL. MUST be a public key the Holder can use to encrypt messages to the Issuer. This MAY be a JWK or a did:key:...
formats

REQUIRED. An array of the supported formats of Verifiable Credential proof algorithms the issuer is able to support. This MUST contain one of:

  • zkp: for zero knowledge proofs.
  • ldsig: for LD-Signature proofs.
  • jws: for inline JWS proofs.
  • jwsd: for detached JWS signature proofs. (is this a defined thing in v1.0? Or just LD?)
bindings

REQUIRED. An array of VC-QL binding schemes this issuer supports, and their associated connection details.

Bindings may not make sense; this may be something that comes across in the DID Document.

credentials

REQUIRED. An array of credential types / schema definition DIDs. Schemas defined by URLs MUST used the did:web: method.

if we enforce did:web here, why not in the iss field? 

"vc-ql": {
    "type": "issuer-invite",
    "issuer" : "did:example:IiI",
    "enk": "did:key:z6eu48rjfdi39djdiod9de9wjwid9d",
    "formats" : [ "zkp", "ldsig", "jws", "jwsd" ],
    "bindings": [
        { "scheme": "https", "params" : { "endpoint: "https://issuer.org/request"} },
        { "scheme": "didcomm", "params" : { "@type" : "https://didcomm.org/didexchange/1.0/invitation", ...} },
        { "scheme": "oauth3", "params" : { "txnreq" : "https://issuer.org/oauth3/req"}},
        { "scheme": "js-inline"}
    ],
    "credentials": [ "did:web:https://schema.org/Person" ]
}

Issuers MAY publish this invite for general public access, or it MAY generate specific invite messages for given scenarios, sessions, or use cases.

How an issuer provides this message to a Holder is out of scope for this specification, but examples include hosting this information on a .well-known/ URL, printing a barcode Holders can scan, or providing it out of band to Holder developers in a published API specification.

Holders that receive this message MUST process it in the following manner:

  1. MUST check the type is "issuer-invite".
  2. MUST verify the signature belongs to the iss by either resolving the signing key from the DID document, or verifying the host TLS certificate if the iss is a URL.
  3. MUST process the enk as an algorithm the Holder can support and the key is valid.
  4. MUST process the proofs list to ensure the Holder can support at least one format. If the Holder is unable to support at least one format, the Holder MUST inform the user of the error and stop processing.
  5. MUST process the binding array and find at least one supported binding the Holder can support. If there is no compatible binding, the Holder MUST inform the user of the error and stop processing.
  6. MUST process the credentials array and determine if those Credential types are applicable for the Holder.

Introduce

Introduction is a request/response protocol message. Holders introduce their subjects (and possibly themselves) to the Issuer, and the Issuer MUST indicate if the introduction was accepted, rejected, or needs more information.

Introduction Request

Holders send a issuer-introduce message to provide a subject identifier and associated key material for the issuer to establish trust in the Holder.

This message MUST be a JWS. The associated "kid" MUST be a subject owned signing key related to the subject identifier provided in the message.

type
REQUIRED. MUST be set to "issuer-introduce".
sub

REQUIRED. The subject's Identifier for the Issuer and to be contained in the Verifiable Credentials as the credentialSubject.

Why am I using different terms then the Verifiable Credentials spec? The answer is 'brevity for low bandwidth Comm Channels' but is that valid?

aud
REQUIRED. The issuer identifier URI.
enk
OPTIONAL. The encryption key to use when sending encrypted payloads, if the Comm Channel is not fully trusted. This MUST be associated to the sub URI - for example, a key defined in the DID Document.
params

OPTIONAL. The Holder MAY provide additional parameters in this introduction if the Holder knows a-priori that they will be required. If this message is in response to a previous issue-introduce-continue result, this object holds the required parameters to complete the introduction (or continue negotiation).

For example, attestations as to the type of software acting as a Holder, the contents of a did:peer document, etc... TBD 

"vc-ql" : {
    "type" : "issuer-introduce",
    "sub" : "did:example:Udid99",
    "aud" : "did:example:IiI",
    "enk" : "did:example:Udid99#key-2",
    "params" : { }
}

Should this be "id" instead of "sub" ?

Should this be a JWE, or a JWS with the option of JWE if required?

How does this work with the concept of handles in OAuth "3" ?

When processing this introduce message the Issuer:

  1. MUST check the message type is issuer-introduce.
  2. MUST ensure it is the owner of the aud URI.
  3. MUST ensure the JWS/E header is using a kid associated to the sub URI. For example, by dereferencing a DID and locating the key in the DID Document.
  4. MUST ignore the params field if no additional parameters are expected.
  5. If processing the params field, only process expected fields and MUST ignore others it does not recognize.

Introduction Response

Issuers make a decision to proceed with the Holder based in the contents and quality of the issuer-introduce request.

Issuers who are ready to proceed send back an accepted response. Issuers that need more information send back a continue response. Issuers that cannot proceed send back a rejected response.

Currently I am leaving the synchronous/asynchronous message mapping to the Comm Channel, for example the DIDComm "~thread" field.

accetped

"vc-ql": {
    "type" : "issuer-introduce-accepted"
}

When a Holder receives an accepted response, they MUST use the same sub identifier for the rest of this Issuance session.

continue

"vc-ql": {
    "type" : "issuer-introduce-continue",
    "params" : { }
}

When a Holder receives a continue response, the Issuer is asking for more information to bootstrap the trust in the Holder (not necessarily the Subject! Although in some use cases verifying the Subject may be efficient). The params will contain the Issuer requirements. TBD.

Holders that are able to continue MUST re-issue a issuer-introduce message with the continue parameters in the params section of the message. The Holder MUST use the same sub URI in the subsequent message.

Does this protocol need the concept of DIDComm threading? Ideally Comm channels can handle that...

Bootstrapping Trust

Bootstrapping trust refers to the exchange of messages required for the Issuer and Subject/Holder to establish the required trust assurance to Issue (and accept) the Credential. A trivial example would be in the case of a driver's license:

Trust Frameworks and their governance are outside the scope of this specification. For the purposes of this specification it is sufficient to note that profiles of this protocol MUST define the requirements of how trust is established between Issuer, Holder and Subject before Issuance can occur.

Examples include the use of TLS certificates, providing Verifiable Credentials issued from a shared Trust authority, providing attestation certificates such as in [[Web AuthN]], the exchange of shared secrets or other credentials, or even in-person, physical trust establishment (like a certification sticker on a barcode reader).

Create Credenital

This is a message for a Holder to request a credential of a certain type from an Issuer. This message is OPTIONAL in a workflow.

In workflows where a Holder is actively trying to collect credentials from Issuers and the Comm Channel allows for the Holder to reach out to the Issuer, this message MAY be used. This message MAY be used in scenarios where additional Holder to Issuer messages are required to generate the Credential, for example in Zero Knowledge Proof scenarios.

In workflows where the Issuer is interacting with the user and then offers to provide a Credential to the user's Holder, for example at a physical kiosk or a website, the Issuer may interact with the user to determine the parameters of the Credential it is willing to issue, then skip right to the Store Credential message.

Create Credential Request

Holders send a issue-credential-request to collect a Credential from an Issuer. Holders MAY request multiple Credenitals in a single message.

Messages SHOULD be trusted and secured over the Comm Channel. If the Comm Channel cannot provide the acceptable level of trust and security, this message MUST be sent as a JOSE signed and/or encrypted payloads, or COSE (RFC 8152) signed and/or encrypted payload.

Holders MUST prove they are a controller of the Subject Identifiers contained in each request. This can be established through the Comm Channel, through the above JOSE/COSE payload wrappers, or through a commonly understood application level control (such as proof of a "link secret" that the Issuer understands).

How can a processing agent can easily detect if the payload is plain, jose, or cose? Do we need an object name ( "cose" : ...) or just detect string v. object... ?

Is the Link Secret in Indy a Comm Channel property? That would be nice because then it can be removed from here as it may be confusing to implementors.

type
REQUIRED. MUST be set to issue-credential-request.

Does type make sense with out @context?

sub
REQUIRED. MUST be the Subject of the Credential, represented by the Holder. This MUST be an identifier already known to the Issuer through a issuer-introduce message, or derivable from an introduction.
aud
REQUIRED. MUST be the URI of the Issuer "trusted" of during the stage. Issuers may have multiple identifiers, so this ensures the correct Issuer ID is used in the Verifiable Credential.

Hmm, like Subject, do we need to have multiplicity here?

format
The Verifiable Credential format the Holder wishes to receive. MUST only be one format type.
credentials

REQUIRED. A non-empty array of credential types the Holder is requesting.

type
REQUIRED. A non-empty array of Credential type definitions that will match the Verifiable Credential type field.
id
REQUIRED. The Holder ID requesting this Credential be issued to. MUST be linked to the sub.
claims
OPTIONAL. An array of property strings in the schema for the desired (subset) of claims to be included. If null then all claims in the schema are assumed to be requested.
params
OPTIONAL. Any additional parameters or custom extentions required to issue the credential. This SHOULD contains the result to any previous issue-credential-params response message.
"vc-ql": {
    "type" : "issue-credential-request",
    "sub" : "did:example:Udid99",
    "aud" : "did:example:IiI",
    "format" : "ld-proof",
    "credentials" : [ 
        { 
            "type" : [ "VerifiableCredential", "UniversityDegreeCredential" ],
            "id" : "did:example:Udid99",
            "params" : { } 
        },
        {
            "type" : [ "VerifiableCredential", "UniversityTranscriptCredential" ],
            "id" : "did:example:Udid99",
            "claims" : [ "final_gpa" ]
            "params" : { }
        }
     ]
}

should "sub" be "id" ?

should "VerifiableCredentrial" type be implied ? its in the protocol name, after all ...

credentials may have different DIDs for privacy and unlink-ability... how does an Issuer link the DIDs "together" ? Do we need multiplicity in the isser-introduce message?

Issuers process the issue-credential-request message as follows:

  1. type MUST be issue-credential-request.
  2. sub MUST be known to the Issuer through an issuer-introduce message.
  3. aud Issuer MUST be a controller of the identifier URI.
  4. Issuer MUST support the requested proof format.
  5. credentials MUST not be empty.
  6. credentials.type MUST contain VerifiableCredential
  7. credential.type MUST contain only Credential schemas supported by the Issuer.
  8. credential.id MUST be a URI controlled by the Holder and linked to the sub.
  9. The Issuer MUST only include credential.claims associated to the schema, and no more. Schema specific properly matching (i.e. beyond the property name) is outside the scope of this specification.
  10. The Issuer MUST ignore any credential.params it does not recognize.

Issuers MUST determine if there is enough "trust" in the Holder (either through this session or a previous session) to issue the requested credentials.

Issuer MUST determine if they have enough information from the Subject or Holder to issue the credential, or if additional data is required. If the Issuer is ready to issue the credential, it MAY respond with a issue-credential-store response. If the Issuer requires more information, it MAY return a issue-credential-params response or an issue-credential-error response and collect more information out-of-band from this protocol.

Issuers MUST determine if their own internal policies, and those of their trust framework, are met for Credential issuance.

Issue Credential Parameters

This message is used by both Holders and Issuers to specify additional parameters either required or available to issue the credential.

Parameters may include cryptographic materials, additional Credentials or trust bootstrapping, user interaction or user agent parameters.

Normative params are outside the scope of this specification, but should they be? Do we need to define at least a couple "useful" ones?

type
MUST be issue-credentials-params.
aud
The audience for this message.
issuer
The issuer sending this message
credentials
The requested credentials and the associated params. (TBD). 
"vc-ql": {
    "type" : "issue-credentials-params",
    "aud" : "did:example:Udid99",
    "issuer" : "did:example:IiI",
    "credentials" : [ 
        { 
            "type" : [ "VerifiableCredential", "UniversityDegree" ],
            "id" : "did:example:Udid99",
            "params" : { 
                "myparam1" : { "type: : "present-credential-request", ... }
            } 
        },
        {
            "type" : [ "VerifiableCredential", "UniversityTranscript" ],
            "id" : "did:example:Udid99",
            "params" : { 
                "redirect" : { "type" : "url_interaction", ... } 
            }
        }
     ]
}

The params response is another issue-credential-request with the param results provided in the same field/key. For example, "myparam1" would contain the Verifiable Presentation - "redirect" would contain the result from the URL redirect, and so on.

Store Credential

This message is from the Issuer to the Holder containing the issued Verifiable Credential.

This message SHOULD be trusted and secured over the Comm Channel. If the Comm Channel cannot provide enough trust or security, this message MUST be wrapped in JOSE or COSE signing and/or encryption payloads. This message MUST be encrypted directly to the Holder or the Holder's EDV.

Same issue as above on how a processing agent can easily detect if the payload is plain, jose, or cose?

vc-ql : {
    "type" : "issuer-store-credential"
    "vcs" : [ 
        { 
            "@context": [
              "https://www.w3.org/2018/credentials/v1",
              "https://www.w3.org/2018/credentials/examples/v1"
            ],
            "id": "UniqueIdentifierGoesHere",
            "type": [ "VerifiableCredential", "UniversityDegreeCredential"],
            "issuer": "did:example:IiI",
            "issuanceDate": "2010-01-01T19:73:24Z",
            "credentialSubject": {
              "id": "did:example:Udid99",
              "degree": {
                "type": "BachelorDegree",
                "name": "Bachelor of Science and Arts"
            },
            "proof": {
              "type": "RsaSignature2018",
              "created": "2017-06-18T21:19:10Z",
              "proofPurpose": "assertionMethod",
              "verificationMethod": "did:example:IiI#key-1",
              "jws": "eyJhbGciOiJSUzI1NiIsImI2NCI6ZmFsc2UsImNyaXQiOlsiYjY0Il19..TCYt5X
                sITJX1CxPCT8yAV-TVkIEq_PbChOMqsLfRoPsnsgw5WEuts01mq-pQy7UJiN5mgRxD-WUc
                X16dUEMGlv50aqzpqh4Qktb3rk-BuQy72IFLOqV0G_zS245-kronKb78cPN25DGlcTwLtj
                PAYuNzVBAh4vGHSrQyHUdBBPM"
            }
        }
    ]
}

Processing agents should probably also check that the DIDs and Keys the thing was issued to match what the Holder asked for...

Holders (or EDVs) SHOULD iterate through the vcs array and store the associated credentials.

Do we want to include a 'revocation' field, where a previous VC ID can be indicated as 'revoked'? This would be an OPTIONAL field, and complicate the processing of these messages...

Presentation Messages

These messages are exchanged when a Verifier wishes to request a Verifiable Presentation from a Holder. These are the major steps in this process:

  1. Verifier makes a request with its Identifier and contact endpoints,
  2. The Holder checks the request and determines if the Presenter is trusted to receive the Verifiable Presentation,
  3. Create the Verifiable Presentation with the appropriate disclosure level of data, proof format and directed to the Verifier Identifier,
  4. The Holder delivers the Verifiable Presentation to the Verifier over the specified Comm Channel.
  5. The Verifier determines the trust level of the Holder and Verifies the credential.

There is not a risk of information leakage problem here if the Verifier rejects the Holder/DID Method (i.e. receives information it will not be able to use). Any data delivered to the Verifier is subject to the Verifier's data handling processes.

Presentation Request

A Verifier first needs to generate Verifiable Presentation request to provide to the Holder to process. The format of the request is as follows:

Unorganized notes. Verifier instead of classic JSON "iss" because "issuer" is an overloaded term. returnURI - this can be a DID or a URL -- is this part of the Comm Layer? purposeURI - did or URL with standard language. "reason" - do we really need a reason for each schema? delegated flag? using credential.name instead of ID because processing the response will be code looking for different credential types, not unique IDs. 


"vq-rl" : {
    "type" : "verifier-request",
    "id" : "uuid:8D9FA614-71DC-4B4B-A243-5696FD98C408",
    "verifier" : "did:example:VeR66"
    "returnURI" : "did:example:VeR66/callback",
    "purposeURI" : "did:example:3483898298381/purpose1",
    "purposeText" : {
        "en_ca" : "Membership Sign Up",
        "en_fr" : "S'inscrire à l'adhésion"
        "es_mx" : "Inscripción de membresía"
    }
    "formats" : [ "zkp","ldsig" ],
    "genericParams" : { ... }
    "strict" : true
    "credentials" : [
        {
            "name" : "uniqueStringAssignedByVerifier",
            "reason" : { 
                "en_ca" : "Because I want it.",
                "en_fr" : "parce que je le veux.",
                "es_mx" : "Porque lo quiero"
            },
            "issuers" : [ "did:example:3483898298381/institution_list", "did:example:IiI" ],
            "@context" : [ " "https://w3.org/2018/credentials/v1" ],
            "type" : [ "VerifiableCredential", "UniversityDegree" ],
            "claims" : [ "degree" ],
            "required" : true,
            "issuer_source" : true
            "params" : { .. },
        },
        {
            "name" : "AnotheruniqueStringAssignedByVerifier",
            "issuers" : [ "did:example:3483898298381/passport_issuers" ],
            "@context" : [ ],
            "type" : [ "VerifiableCredential", "Personal" ],
            "required" : true,
        }
    ],
}

This spec does not allow for a rich query language, because it forces Holders to implement complex UIs. Verifiers either need the information they are asking for, or they have determined through a UI session what this query must contain. Verifiers own their business logic, not Holders.

Presentation Parameters

In cases where the Holder requires more information from the Verifier to proceed with the Presentation. This could be parameters for the proof objects or to establish trust. 

"vq-rl" : {
    "type" : "verifier-params",
    "id" : "uuid:50AD9BCF-4D88-4605-9F9B-378A939F7999",
    "requestId" : "uuid:8D9FA614-71DC-4B4B-A243-5696FD98C408",
    "genericParams" : {
        "myparam1" : { .. }
    },
    "presentationParams" : [
        {
            "name" : "uniqueStringAssignedByVerifier",
            "params" : { ... }
        },
        {
            "name" : "AnotheruniqueStringAssignedByVerifier",
            "params" : { .. }
        }
    ]
}

Verifiers receiving a verifier-params response MUST re-issue a verifier-request with the required parameters to the Holder if they can support the request.

Presentation Response

This message contains the response to a Presentation Request (a verifier-request). In some cases "unsuccessful" responses can be ignored, as the Verifier cannot proceed without the required data. In other cases an unsuccessful response MAY be provided to the Verifier for cases where the Verifier is capable of alternate business logic and success paths. 

"vr-ql" : {
    "type" : "verifier-response",
    "id" : "uuid:50768C74-0D43-431C-B735-C26F37F58AF6",
    "requestId" : "uuid:8D9FA614-71DC-4B4B-A243-5696FD98C408",
    "result" : enum ["fail", "partial", "complete"],
    "credentials" : [
        {
            "name" : "uniqueStringAssignedByVerifier",
            "vp" : { ... },
            "vpURI" : " my_edv_uri"
        },
        {
            "name" : "AnotheruniqueStringAssignedByVerifier",
            "error" : "unavailable"
        }
    ]
}

Security Considerations

I'm sure it's fine.

Resources

Need to include the authors in these credits!

  1. Verifiable Credentials Data Model v1.0
  2. Decentrialized Identifiers
  3. Aries RFC 0023: DID Exchange Protocol 1.0
  4. Aries RFC 0036: Issue Credential Protocol 1.0
  5. Aries RFC 0037: Present Proof Protocol 1.0
  6. Addition of Presentation Request/Response to the W3C Verifiable Credentials specification
  7. did:key Method 07