Skip to content

Add additional text clarifying how to match vct and doctype #744

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
GarethCOliver wants to merge 5 commits into
base: main
Choose a base branch
from
+8 −7
Open

Add additional text clarifying how to match vct and doctype #744

Changes from all commits
Commits
Show all changes
5 commits
Select commit Hold shift + click to select a range
f27e6d2
Add additional text clarifying how to match vct_values and doctype_va…
GarethCOliver Jun 18, 2026
717390c
Update 1.1/openid-4-verifiable-presentations-1_1.md
GarethCOliver Jun 18, 2026
7a092db
Update 1.1/openid-4-verifiable-presentations-1_1.md
GarethCOliver Jun 18, 2026
12ea8ba
Apply suggestion from @fkj
GarethCOliver Jun 22, 2026
368d4ca
Apply suggestion from @GarethCOliver
GarethCOliver Jun 22, 2026
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
15 changes: 8 additions & 7 deletions 1.1/openid-4-verifiable-presentations-1_1.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -2889,8 +2889,7 @@ The following is an ISO mdoc specific parameter in the `meta` parameter in a Cre

`doctype_value`:
: REQUIRED. String that specifies an allowed value for the
doctype of the requested Verifiable Credential. It MUST
be a valid doctype identifier as defined in [@ISO.18013-5].
doctype of the requested Verifiable Credential. It MUST be a valid doctype identifier as defined in [@ISO.18013-5]. For a mdoc to satisfy the Credential Query, the value of the `docType` element in the `MobileSecurityObject` structure MUST be equal to the `doctype_value`.

### Parameter in the Claims Query {#mdocs_claims_query}

Expand Down Expand Up @@ -3249,11 +3248,13 @@ The following is a non-normative example of `client_metadata` request parameter
The following is an SD-JWT VC specific parameter in the `meta` parameter in a Credential Query as defined in (#credential_query).

`vct_values`:
: REQUIRED. A non-empty array of strings that specifies allowed values for
the type of the requested Verifiable Credential. All elements in the array MUST
be valid type identifiers as defined in [@!I-D.ietf-oauth-sd-jwt-vc]. The Wallet
MAY return Credentials that inherit from any of the specified types, following
the inheritance logic defined in [@!I-D.ietf-oauth-sd-jwt-vc].
: REQUIRED. A non-empty array of strings that specifies allowed values for the type of the requested Verifiable Credential. All elements in the array MUST be valid type identifiers as defined in [@!I-D.ietf-oauth-sd-jwt-vc]. To satisfy the Credential Query, a Credential MUST either have or inherit from a type that is included in the `vct_values` array as defined in [@!I-D.ietf-oauth-sd-jwt-vc].

A Credential's type can be determined as satifying the Credential Query as follows:

@fkj fkj Jun 23, 2026

Copy link
Copy Markdown
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Sorry to be annoying and do yet another round of suggestions, but I think this should be phrased as a normative requirement. Something like:

Suggested change
A Credential's type can be determined as satifying the Credential Query as follows:
The Wallet MUST determine whether a Credential's type satisfies a Credential Query by following these steps:


1. Check if the `vct` in the Credential is contained in the `vct_values` array. If it is, the Credential satisfies the Credential Query.
1. If `vct` in the Credential is not contained in the `vct_values` array, check if the Credential has an `extends` claim. If it does, repeat this process for the Type metadata specified by the `extends` value, until either a match is found or the `extends` claim is not present. If a circular dependency is detected while following the `extends` claims, the Credential does not satisfy the Credential Query.

@fkj fkj Jun 23, 2026

Copy link
Copy Markdown
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

nit:

Suggested change
1. If `vct` in the Credential is not contained in the `vct_values` array, check if the Credential has an `extends` claim. If it does, repeat this process for the Type metadata specified by the `extends` value, until either a match is found or the `extends` claim is not present. If a circular dependency is detected while following the `extends` claims, the Credential does not satisfy the Credential Query.
1. If the `vct` in the Credential is not contained in the `vct_values` array, check if the Credential has an `extends` claim. If it does, repeat this process for the Type metadata specified by the `extends` value, until either a match is found or the `extends` claim is not present. If a circular dependency is detected while following the `extends` claims, the Credential does not satisfy the Credential Query.

1. If none of the above conditions are met, the Credential does not satisfy the Credential Query.

### Presentation Response

Expand Down
Loading