Skip to content

Add additional text clarifying how to match vct and doctype#744

Open
GarethCOliver wants to merge 7 commits into
openid:mainfrom
GarethCOliver:type-matching
Open

Add additional text clarifying how to match vct and doctype#744
GarethCOliver wants to merge 7 commits into
openid:mainfrom
GarethCOliver:type-matching

Conversation

@GarethCOliver

@GarethCOliver GarethCOliver commented Jun 18, 2026

Copy link
Copy Markdown
Contributor

Resolves #741 by adding more explicit instructions on what allows a Credential to satisfy vct_values, and applies similar explicit text to doctype_value

Comment thread 1.1/openid-4-verifiable-presentations-1_1.md Outdated
Comment thread 1.1/openid-4-verifiable-presentations-1_1.md Outdated
GarethCOliver and others added 2 commits June 18, 2026 08:30
Co-authored-by: Frederik Krogsdal Jacobsen <fkj@users.noreply.github.com>
Co-authored-by: Frederik Krogsdal Jacobsen <fkj@users.noreply.github.com>
Comment thread 1.1/openid-4-verifiable-presentations-1_1.md Outdated
Co-authored-by: Frederik Krogsdal Jacobsen <fkj@users.noreply.github.com>
Comment thread 1.1/openid-4-verifiable-presentations-1_1.md Outdated
Comment thread 1.1/openid-4-verifiable-presentations-1_1.md Outdated
Comment thread 1.1/openid-4-verifiable-presentations-1_1.md Outdated
GarethCOliver and others added 2 commits July 1, 2026 10:32
Co-authored-by: Frederik Krogsdal Jacobsen <fkj@users.noreply.github.com>
Co-authored-by: Frederik Krogsdal Jacobsen <fkj@users.noreply.github.com>

@c2bo c2bo left a comment

Copy link
Copy Markdown
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I guess this should also go into 1.0 errata?

#741 also asks about the RP/Verifier side -> Should we add a sentence that these checks must be verified by the Verifier?

Text looks good otherwise imho

: REQUIRED. String that specifies an allowed value for the
doctype of the requested Verifiable Credential. It MUST
be a valid doctype identifier as defined in [@ISO.18013-5].
doctype of the requested Verifiable Credential. It MUST be a valid doctype identifier as defined in [@ISO.18013-5]. For a mdoc to satisfy the Credential Query, the value of the `docType` element in the `MobileSecurityObject` structure MUST be equal to the `doctype_value`.

Copy link
Copy Markdown
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

nit

Suggested change
doctype of the requested Verifiable Credential. It MUST be a valid doctype identifier as defined in [@ISO.18013-5]. For a mdoc to satisfy the Credential Query, the value of the `docType` element in the `MobileSecurityObject` structure MUST be equal to the `doctype_value`.
doctype of the requested Verifiable Credential. It MUST be a valid doctype identifier as defined in [@ISO.18013-5]. For an mdoc to satisfy the Credential Query, the value of the `docType` element in the `MobileSecurityObject` structure MUST be equal to the `doctype_value`.

the inheritance logic defined in [@!I-D.ietf-oauth-sd-jwt-vc].
: REQUIRED. A non-empty array of strings that specifies allowed values for the type of the requested Verifiable Credential. All elements in the array MUST be valid type identifiers as defined in [@!I-D.ietf-oauth-sd-jwt-vc]. To satisfy the Credential Query, a Credential MUST either have or inherit from a type that is included in the `vct_values` array as defined in [@!I-D.ietf-oauth-sd-jwt-vc].

The Wallet MUST determine whether a Credential's type satisfies a Credential Query by following these steps:

@Sakurann Sakurann Jul 2, 2026

Copy link
Copy Markdown
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
The Wallet MUST determine whether a Credential's type satisfies a Credential Query by following these steps:
Following steps are defined to determine whether a Credential's type satisfies a Credential Query:

incorporating Christian's suggestion and WG discussion to ensure these rules apply not just to the wallet but also the verifier

Copy link
Copy Markdown
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I don't disagree with the suggestion, but I think the normative language should be preserved even when generalizing. Something like:

Suggested change
The Wallet MUST determine whether a Credential's type satisfies a Credential Query by following these steps:
When a Wallet or Verifier needs to determine whether a Credential's type satisfies a Credential Query, it MUST do so by following these steps:

@Sakurann

Sakurann commented Jul 2, 2026

Copy link
Copy Markdown
Collaborator

WG discussion: makes sense to have this in errata, too and also not to limit validation rules to the wallet but also verifier.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

Clarification on checking inheritance of received vct (VP token validation)

4 participants