Credential Query Validation Policy Reference

This reference documents the credential query validation policy for the validator service. The credential query policy validates that presentation submissions satisfy their corresponding credential queries, ensuring that credentials can fulfill the requested data requirements.

Policy Overview

The credential query validation policy ensures that submitted verifiable presentations contain the credentials and data elements required by credential queries. It validates the compatibility between what is requested in a credential query and what is provided in the presentation submission, supporting multiple credential query standards and formats.

Supported Standards

The credential query validation policy supports query validation across multiple credential query standards:

StandardOrganizationSpecificationQuery FormatValidation Aspect
DIF Presentation ExchangeDIFPresentation ExchangeJSONValidates presentations against presentation definitions
DCQLDIFDecentralized Credential Query LanguageDCQL Query LanguageValidates credential presentations against DCQL queries
ISO 18013-5 Device RequestISOISO 18013-5CBOR Device RequestValidates mDL presentations against device request data requirements

Supported Query Types

The validator supports the following credential query types and their validation mechanisms:

Query TypeDescriptionSupported FormatsPrimary Use Case
DIF.PresentationExchangeDIF Presentation Exchange standardW3C VC, JWT VC, SD-JWT VCGeneral purpose credential presentation requests
DCQLDecentralized Credential Query LanguageW3C VC, SD-JWT VC, mDL (mso_mdoc)Flexible credential data queries with selective disclosure
ISO18013-5.DeviceRequestISO 18013-5 mobile driving license requestsmDL (mso_mdoc)Mobile driving license data verification

Credential Query Validation Process

When validating credential queries, the policy follows these steps:

  1. Query type detection - Identifies the type of credential query being validated
  2. Format-specific validation - Applies validation logic specific to the detected query type
  3. Presentation evaluation - Evaluates whether the presentation satisfies the query requirements
  4. Result determination - Returns validation results with detailed error information if validation fails

DIF Presentation Exchange Validation

For DIF Presentation Exchange queries, the policy:

  1. Validates presentation definition - Ensures the presentation definition is well-formed
  2. Validates presentation submission - Checks the presentation submission structure
  3. Evaluates presentation - Uses the PEX library to evaluate whether the presentation satisfies the definition
  4. Handles warnings - Processes evaluation warnings based on configuration

DCQL Validation

For DCQL queries, the policy:

  1. Parses DCQL query - Validates and parses the DCQL query syntax
  2. Creates credential presentation - Transforms submitted credentials into DCQL presentation format
  3. Evaluates query - Determines if the presentation can satisfy the DCQL query requirements
  4. Supports multiple formats - Handles W3C VC, SD-JWT VC, and mDL credentials

ISO 18013-5 Device Request Validation

For mDL device requests, the policy:

  1. Decodes device request - Parses the CBOR-encoded device request
  2. Validates version compatibility - Ensures mDL version matches device request version
  3. Validates data elements - Checks that all requested data elements are present in the mDL
  4. Handles multiple documents - Validates against multiple document types if required

Error Handling

The credential query policy returns specific errors for various validation scenarios:

Error TypeDescriptionTypical Cause
Credential Query Format ErrorQuery format is invalid or malformedInvalid DIF PE definition, malformed DCQL query
Presentation Submission Format ErrorPresentation submission structure is invalidMissing required fields, invalid submission format
Presentation Submission Evaluation ErrorPresentation cannot satisfy query requirementsMissing credentials, insufficient data elements
Unsupported Query Type ErrorQuery type is not supportedUnknown or unsupported credential query format

Configuration

The credential query validation policy can be configured through the validator configuration:

  • Skip presentation submission policies - Allows bypassing credential query validation entirely
  • Presentation evaluation warning handling - Configures how to handle evaluation warnings (valid/warning/error)

For detailed configuration options, parameters, and default values, see the Validator Configuration Reference.

Query Type Support Matrix

Credential FormatDIF PEDCQLISO18013-5Notes
W3C VC (JSON-LD)Full support for W3C credentials
JWT VCJWT-format verifiable credentials
SD-JWT VCSelective disclosure JWT credentials
mDL (mso_mdoc)Mobile driving license format
IETF Digital CredIETF digital credentials

Best Practices

When using credential query validation:

  1. Use appropriate query types - Choose the query type that best fits your use case and credential formats
  2. Handle warnings appropriately - Configure warning handling based on your security requirements
  3. Validate query structure - Ensure queries are well-formed before submission
  4. Consider selective disclosure - Use DCQL for scenarios requiring selective attribute disclosure
  5. Test with multiple formats - Validate your queries work with all supported credential formats