Presentation Submission is a standardized data format that enables holders to clearly communicate how their presented credentials satisfy a verifier's requirements. Developed by the Decentralized Identity Foundation (DIF), it addresses the challenge of providing a consistent response format in credential exchange systems.
When a holder needs to present credentials in response to a verifier's request, they need a clear way to indicate which credentials satisfy which requirements. Presentation Submission solves this by providing:
Without Presentation Submission, verifiers would struggle to process and verify presented credentials, leading to integration challenges, verification errors, and an inconsistent user experience.
A Presentation Submission is a JSON object that maps presented credentials to the requirements specified in a Presentation Definition. It contains:
At its core, a Presentation Submission contains:
Here's a simplified example responding to an email verification request:
The Presentation Submission is a crucial part of the credential exchange process. After receiving a Presentation Definition, a holder:
The descriptor_map is the central component of a Presentation Submission. It contains an array of descriptor objects, each mapping a specific input descriptor from the Presentation Definition to a credential in the submission. Each descriptor includes:
id
: Matches an input descriptor ID from the Presentation Definitionformat
: Indicates the format of the credential (e.g., "jwt_vc", "ldp_vc")path
: A JSONPath expression pointing to where the credential can be foundFor example:
The definition_id
property links the Presentation Submission to the specific Presentation Definition it's responding to. This ensures the verifier can connect the response to their original request:
The format
property within each descriptor indicates how the credential is encoded or structured. Common formats include:
jwt_vc
: JSON Web Token Verifiable Credentialjwt_vp
: JSON Web Token Verifiable Presentationldp_vc
: Linked Data Proof Verifiable Credentialldp_vp
: Linked Data Proof Verifiable Presentationmso_mdoc
: Mobile Security Object (ISO mdoc)This information helps the verifier correctly process and verify each credential according to its specific format requirements.
Presentation Submission can only be understood in relation to a Presentation Definition:
Each Input Descriptor in a Presentation Definition has a corresponding entry in the Presentation Submission's descriptor_map. This mapping is what allows verifiers to efficiently locate and process the credentials they requested.
The submission doesn't repeat the requirements—it simply provides a navigational aid that helps the verifier connect their requirements with the actual credentials being presented. For details on Presentation Definition, see the Presentation Definition documentation.
In environments that integrate with OpenID Connect, Presentation Submission can work with ID Token Mapping to transform verified credentials into standard OIDC claims:
This process creates a bridge between verifiable credentials and traditional identity protocols. For example:
Presentation Submission enables several important scenarios in credential exchange:
When a verification requires multiple credentials, Presentation Submission clearly indicates which credential satisfies which requirement, making complex verification scenarios manageable.
Verifiers can accept credentials in different formats (JWT, Linked Data Proofs, etc.) and still efficiently process them through the format specifications in the descriptor_map.
When responding to requests that require only specific fields from credentials, the Presentation Submission clearly maps the precise parts of credentials that satisfy the requirements, supporting privacy-preserving verification.
The consistent structure allows credentials to be presented across different protocols while maintaining a clear mapping to requirements, enabling interoperability across diverse systems.
In the Vidos ecosystem, Presentation Submission is a critical component of the OpenID for Verifiable Presentations (OpenID4VP) flow:
Authorizer Service: The Authorizer receives the Presentation Submission from the wallet during the OpenID4VP authorize flow. This submission contains the credentials presented by the wallet and explains how they map to the requirements specified in the Presentation Definition.
Validator Service: When the Authorizer receives a Presentation Submission, it calls the Validator to check both the submission and the original definition as part of the validator policies. The Validator ensures that:
This architecture provides a clear separation of concerns, where the Authorizer handles the protocol flow while the Validator performs the specialized task of credential verification against the specified requirements.
Presentation Submission provides a standardized, interoperable way for holders to communicate how their presented credentials satisfy verification requirements. By clearly mapping credentials to requirements, it enables consistent credential verification across different systems and formats.
Key benefits include:
Through Presentation Submission, the Vidos platform enables standardized, interoperable verification workflows that allow credentials to be clearly and efficiently presented in response to verification requirements.