#Authorization Policies Reference

This reference documents the authorization policies supported by the authorizer service. These policies coordinate the OpenID4VP authorization workflow by parsing authorization requests, delegating validation and verification to external services, and orchestrating the overall authorization decision process.

#Available Authorization Policies

The authorizer service implements the following policies for authorization request processing:

Policy	Description	Key Function
Format	Parses and formats authorization request data	Transforms raw requests into structured data for processing
Validate	Delegates structural validation to validator service	Ensures presentations meet definition requirements
Verify	Delegates cryptographic verification to verifier service	Validates digital signatures and credential integrity

#Configuration

Each policy can be individually configured through the authorizer configuration. For detailed configuration options for all policies, see the Configuration Reference.

#Policy Execution Order

The authorizer executes policies in a specific sequence to ensure efficient authorization processing:

1. Format Policy - Parses authorization request data into structured format (always executed)
2. Parallel Delegation Policies - Executed concurrently after successful formatting:
   • Validate Policy - Delegates to validator service for structural validation
   • Verify Policy - Delegates to verifier service for cryptographic verification

If the format policy fails, subsequent policies are skipped as they require the structured data output. The validate and verify policies run in parallel to optimize authorization performance.

#Authorization Request Processing

#Policy Architecture

The authorizer policies follow a simple architecture that combines direct processing with service coordination:

#Direct Processing Policy

• Format Policy - Performs actual JWT parsing, presentation submission processing, and data normalization within the authorizer service

#Service Delegation Policies

• Validate Policy - Coordinates with validator service for structural and content validation
• Verify Policy - Coordinates with verifier service for cryptographic verification

This hybrid approach enables the authorizer to:

• Handle OpenID4VP-specific protocol processing internally
• Leverage specialized validation and verification services
• Maintain separation of concerns across the Vidos ecosystem
• Optimize performance through parallel service delegation

#Supported Authorization Types

The authorizer policies support different OpenID4VP authorization flows:

Authorization Type	Format Policy Support	Validate Policy Support	Verify Policy Support	Use Case
JWT-based Authorization	✅	✅	✅	Standard OpenID4VP flows
Device Response Authorization	✅	✅	✅	Mobile device optimization
ID Token Flows	✅	❌	✅	Enhanced authentication context

#Supported Standards

The authorizer policies coordinate verification across multiple credential and presentation standards:

Standard	Organization	Format Policy	Validate Policy	Verify Policy	Notes
OpenID4VP	OpenID	✅	✅	✅	Core authorization protocol
DIF Presentation Exchange	DIF	✅	✅	✅	Presentation definition validation
W3C Verifiable Credentials v1.1	W3C	❌	✅	✅	Delegated to validation/verification services
W3C Verifiable Credentials v2.0	W3C	❌	✅	✅	Delegated to validation/verification services
W3C Data Integrity	W3C	❌	✅	✅	Delegated to validation/verification services
IETF JWT Credentials	IETF	✅	✅	✅	JWT parsing and delegation
IETF SD-JWT Credentials	IETF	✅	✅	✅	Selective disclosure support
ISO 18013-5 (mDL)	ISO	❌	✅	✅	Delegated to validation/verification services

#Additional Resources

• Authorizer Configuration Reference
• Validator Service Documentation - For validation processes and policies
• Verifier Service Documentation - For verification processes and policies
• OpenID for Verifiable Presentations - Core authorization standard
• DIF Presentation Exchange - Presentation definition standard