Standards

The Vidos validator service provides comprehensive support for validating credentials and presentations across multiple standards organizations and specifications. This reference document catalogs the supported standards, their key features, and associated validation policies.

Each standard entry includes:

  • Policies: Links to applicable validation policies
  • Reference: Official specification link
  • Summary: Brief description of the standard's purpose and benefits
  • Details: Technical specifications and implementation notes where applicable

The validator implements the following industry standards:

DIF Standards

Decentralized Credential Query Language (DCQL)

Policies: credentialQuery

Reference: DIF Decentralized Credential Query Language

Summary: A flexible query language for requesting specific credential data with support for selective disclosure, allowing verifiers to request only the information they need while preserving holder privacy.

DCQL supports multiple credential formats:

  • W3C Verifiable Credentials (JSON-LD and JWT)
  • SD-JWT Verifiable Credentials
  • ISO 18013-5 mDL (mso_mdoc)

The validator evaluates DCQL queries by:

  1. Parsing and validating the DCQL query syntax
  2. Creating credential presentations from submitted credentials
  3. Evaluating whether the presentation can satisfy the query requirements
  4. Supporting selective disclosure for privacy-preserving verification

Presentation Exchange v2.0

Policies: credentialQuery

Reference: DIF Presentation Exchange v2.0

Summary: A protocol for defining and requesting credential presentations through presentation definitions and submission formats, enabling standardized credential exchange flows.

The validator implements full Presentation Exchange validation:

  • Presentation Definition validation - Ensures definitions are well-formed
  • Presentation Submission validation - Validates submission structure and format
  • Presentation evaluation - Uses the PEX library to verify presentations satisfy definitions
  • Warning handling - Processes evaluation warnings based on configuration

Supports multiple credential formats within presentation definitions:

  • W3C Verifiable Credentials
  • JWT-based credentials
  • SD-JWT credentials
  • ISO 18013-5 mDL

IETF Standards

SD-JWT Verifiable Credentials

Policies: credentialFormat, credentialQuery, trustedIssuer

Reference: IETF SD-JWT-based Verifiable Credentials

Summary: Selective Disclosure JWT-based verifiable credentials that enable privacy-preserving credential presentations by allowing holders to disclose only specific claims while maintaining cryptographic integrity.

The validator provides comprehensive SD-JWT VC support:

  • Format validation - Validates SD-JWT structure and disclosure format
  • Query satisfaction - Supports SD-JWT VCs in DCQL and DIF PE queries
  • Trusted issuer validation - Validates issuer certificates through x5c header parameter
  • Selective disclosure - Processes disclosed and undisclosed claims appropriately

ISO Standards

ISO 18013-5:2021 Mobile Driving License (mDL)

Policies: credentialFormat, credentialQuery, trustedIssuer

Reference: ISO 18013-5:2021

Summary: International standard for mobile driving licenses stored on mobile devices, providing secure and privacy-preserving verification of driving privileges with support for selective data disclosure.

The validator implements comprehensive mDL support:

  • Format validation - Validates mDL document structure and CBOR encoding
  • Device request validation - Validates device requests against mDL content
  • Certificate chain validation - Verifies issuer authentication using Auth0 mDL verifier
  • Data element validation - Ensures requested data elements are present in mDL
  • Version compatibility - Validates mDL version matches device request requirements

ISO 18013-5 Device Request

Policies: credentialQuery

Reference: ISO 18013-5:2021 Device Request

Summary: Standardized format for requesting specific data elements from mobile driving licenses, enabling privacy-preserving verification by requesting only necessary information.

The validator processes device requests by:

  1. CBOR decoding - Decodes base64url-encoded device request
  2. Version validation - Ensures mDL version compatibility
  3. Data element validation - Verifies all requested data elements are present
  4. Multiple document support - Handles requests for multiple document types
  5. Namespace validation - Validates data elements within appropriate namespaces

W3C Standards

Verifiable Credentials Data Model v1.1

Policies: credentialFormat, credentialQuery

Reference: W3C Verifiable Credentials Data Model v1.1

Summary: Core data model defining how credentials can be made cryptographically verifiable, machine-readable, and privacy-respecting, providing the foundation for interoperable credential systems.

The validator supports W3C VC v1.1 through:

  • Format validation - Validates credential structure and required fields
  • JSON-LD processing - Handles JSON-LD contexts and linked data
  • Query compatibility - Supports W3C VCs in DCQL and DIF PE queries
  • Presentation validation - Validates verifiable presentations containing W3C VCs

Verifiable Credentials Data Model v2.0

Policies: credentialFormat, credentialQuery

Reference: W3C Verifiable Credentials Data Model v2.0

Summary: Updated core data model with enhanced proof mechanisms, improved privacy features, and broader compatibility with different cryptographic suites and verification methods.

Enhanced features in v2.0 support:

  • Updated JSON-LD contexts - Improved context structure and processing
  • Enhanced proof mechanisms - Better support for data integrity proofs
  • Improved status methods - Enhanced credential status verification
  • Query compatibility - Full support in DCQL and DIF PE validation

JSON-LD 1.1

Policies: credentialFormat

Reference: W3C JSON-LD 1.1

Summary: JSON-based linked data format enabling semantic interoperability and machine-readable credential data with standardized context processing.

The validator processes JSON-LD through:

  • Context resolution - Resolves and validates @context values
  • Semantic validation - Ensures proper linked data structure
  • Compatibility - Supports JSON-LD in W3C VCs and presentations
  • Processing - Handles JSON-LD expansion and compaction as needed

AAMVA Standards

VICAL (Verifiable Issuer CA List)

Policies: trustedIssuer

Reference: AAMVA VICAL Specification

Summary: A COSE-signed certificate list format for distributing trusted certificate authorities in a verifiable manner, enabling dynamic trust anchor distribution for mobile driving licenses.

The validator implements VICAL support through:

  • COSE signature verification - Validates VICAL integrity using COSE signatures
  • Certificate extraction - Extracts CA certificates from VICAL payload
  • Trust validation - Validates VICAL against configured trusted certificates
  • URL-based resolution - Fetches VICAL from URLs with intelligent caching
  • Caching optimization - Caches VICAL data based on nextUpdate field

VICAL features:

  • Dynamic trust anchors - Allows dynamic updating of trusted certificate authorities
  • Signature verification - Ensures VICAL authenticity and integrity
  • Metadata support - Includes version, provider, and update information
  • Performance optimization - Efficient caching reduces network requests

JWT Standards

JSON Web Token (JWT)

Policies: credentialFormat, credentialQuery

Reference: IETF RFC 7519 - JSON Web Token

Summary: Compact, URL-safe token format for representing claims between parties, commonly used as a container format for verifiable credentials.

The validator supports JWT-based credentials:

  • Structure validation - Validates JWT header, payload, and signature format
  • Nested credential extraction - Extracts verifiable credentials from JWT VPs
  • Query compatibility - Supports JWT credentials in DCQL and DIF PE
  • Format detection - Automatically detects JWT-based credential formats

Standards Support Matrix

The validator's policy support across standards:

StandardCredential FormatCredential QueryTrusted IssuerNotes
W3C VC Data Model v1.1Full support for JSON-LD and JWT formats
W3C VC Data Model v2.0Enhanced features and proof mechanisms
IETF SD-JWT VCSelective disclosure with x5c validation
ISO 18013-5 mDLMobile driving license with full validation
DIF Presentation ExchangePresentation definition validation
DCQLFlexible credential query language
JWTToken-based credential container
AAMVA VICALCertificate authority list management