This reference documents the credential query validation policy for the validator service. The credential query policy validates that presentation submissions satisfy their corresponding credential queries, ensuring that credentials can fulfill the requested data requirements.
The credential query validation policy ensures that submitted verifiable presentations contain the credentials and data elements required by credential queries. It validates the compatibility between what is requested in a credential query and what is provided in the presentation submission, supporting multiple credential query standards and formats.
The credential query validation policy supports query validation across multiple credential query standards:
Standard | Organization | Specification | Query Format | Validation Aspect |
---|---|---|---|---|
DIF Presentation Exchange | DIF | Presentation Exchange | JSON | Validates presentations against presentation definitions |
DCQL | DIF | Decentralized Credential Query Language | DCQL Query Language | Validates credential presentations against DCQL queries |
ISO 18013-5 Device Request | ISO | ISO 18013-5 | CBOR Device Request | Validates mDL presentations against device request data requirements |
The validator supports the following credential query types and their validation mechanisms:
Query Type | Description | Supported Formats | Primary Use Case |
---|---|---|---|
DIF.PresentationExchange | DIF Presentation Exchange standard | W3C VC, JWT VC, SD-JWT VC | General purpose credential presentation requests |
DCQL | Decentralized Credential Query Language | W3C VC, SD-JWT VC, mDL (mso_mdoc) | Flexible credential data queries with selective disclosure |
ISO18013-5.DeviceRequest | ISO 18013-5 mobile driving license requests | mDL (mso_mdoc) | Mobile driving license data verification |
When validating credential queries, the policy follows these steps:
For DIF Presentation Exchange queries, the policy:
For DCQL queries, the policy:
For mDL device requests, the policy:
The credential query policy returns specific errors for various validation scenarios:
Error Type | Description | Typical Cause |
---|---|---|
Credential Query Format Error | Query format is invalid or malformed | Invalid DIF PE definition, malformed DCQL query |
Presentation Submission Format Error | Presentation submission structure is invalid | Missing required fields, invalid submission format |
Presentation Submission Evaluation Error | Presentation cannot satisfy query requirements | Missing credentials, insufficient data elements |
Unsupported Query Type Error | Query type is not supported | Unknown or unsupported credential query format |
The credential query validation policy can be configured through the validator configuration:
For detailed configuration options, parameters, and default values, see the Validator Configuration Reference.
Credential Format | DIF PE | DCQL | ISO18013-5 | Notes |
---|---|---|---|---|
W3C VC (JSON-LD) | ✅ | ✅ | ❌ | Full support for W3C credentials |
JWT VC | ✅ | ✅ | ❌ | JWT-format verifiable credentials |
SD-JWT VC | ✅ | ✅ | ❌ | Selective disclosure JWT credentials |
mDL (mso_mdoc) | ✅ | ✅ | ✅ | Mobile driving license format |
IETF Digital Cred | ✅ | ✅ | ❌ | IETF digital credentials |
When using credential query validation: