<html><head><meta http-equiv="Content-Type" content="text/html; charset=utf-8"></head><body style="word-wrap: break-word; -webkit-nbsp-mode: space; line-break: after-white-space;" class="">Hi George, <div class=""><div><br class=""><blockquote type="cite" class=""><div class="">Am 16.05.2022 um 15:54 schrieb George Fletcher via Openid-specs-ab <<a href="mailto:openid-specs-ab@lists.openid.net" class="">openid-specs-ab@lists.openid.net</a>>:</div><br class="Apple-interchange-newline"><div class=""><div dir="ltr" class="">Hi,<div class=""><br class=""></div><div class="">What would I use in the current spec as a relying party to inform the wallet that I need an "age over 13“ claim </div></div></div></blockquote><div><br class=""></div>First of all you need to request that contains such a claim. We use Presentation Exchange as language for that, in this case the so-called presentation_definition.  </div><div><br class=""></div><div>It may restrict the desired result by defining a constraint, in this case over the credentialSchema. The following requests an „idcard" credential. </div><div><br class=""></div><div>"presentation_definition":{<br class="">           "constraints": {<br class="">               "fields": [<br class="">                   {<br class="">                       "path": [<br class="">                           "$.<a href="http://credentialSchema.id" class="">credentialSchema.id</a>"<br class="">                       ],<br class="">                       "filter": {<br class="">                           "type": "string",<br class="">                           "pattern": "<a href="https://example.org/idcard" class="">https://example.org/idcard</a>"<br class="">                       }<br class="">                   }<br class="">               ]<br class="">           }<br class="">        }<br class=""><br class="">Note: the concrete paths and patterns depend on the credential format (here JSON-LD/LD Proofs). <br class=""><div><br class=""></div><div>You may also explicitly request a certain claim by defining a further path, such as </div><div><br class=""></div>{"path":["$.values.is_over_13"]}, </div><div><br class=""></div><div>This would require a „is_over_13“ booelan claim to be present in the credential. </div><div><br class=""></div><div>Something more generic could perhaps be implemented using PE`s predicate feature. I assume the support of this feature depends on certain credential format & crypto suite capabilities. Here is a (made up) example:</div><div><br class=""></div><div>{<br class="">   "path":[<br class="">      "$.dob"<br class="">   ],<br class="">   "filter":{<br class="">      "type":"number",<br class="">      "min":1242489139<br class="">   }<br class="">}<div><br class=""></div><br class=""><blockquote type="cite" class=""><div class=""><div dir="ltr" class=""><div class="">and it can be form one of N issuers that the Verifier/RP trusts? </div></div></div></blockquote><div><br class=""></div><div>The recommended way is to use a claim in the credential conveying the trust framework/federation the issuer shall belong to. Here is an example: </div><div><br class=""></div><div><div class="">{</div><div class="">    "vp_token": {</div><div class="">        "presentation_definition": {</div><div class="">            "id": "32f54163-7166-48f1",</div><div class="">            "input_descriptors": [</div><div class="">                {</div><div class="">                    "id": "federationExample",</div><div class="">                    "purpose": "To pick a UK university that is a member of the UK academic federation",</div><div class="">                    "constraints": {</div><div class="">                        "fields": [,</div><div class="">                            <b class="">{</b></div><div class=""><b class="">                                "path": [</b></div><div class=""><b class="">                                    "$.termsOfUse.federations"</b></div><div class=""><b class="">                                ],</b></div><div class=""><b class="">                                "filter": {</b></div><div class=""><b class="">                                    "type": "string",</b></div><div class=""><b class="">                                    "const": "<a href="http://ukuniversities.ac.uk" class="">ukuniversities.ac.uk</a>"</b></div><div class=""><b class="">                                }</b></div><div class=""><b class="">                            }</b></div><div class="">                        ]</div><div class="">                    }</div><div class="">                }</div><div class="">            ]</div><div class="">        }</div><div class="">    }</div><div class="">}</div><div class=""><br class=""></div><div class="">The verifier will need to check that relationship using a registry. </div><div class=""><br class=""></div></div><div>There is text about this in the spec at <a href="https://openid.bitbucket.io/connect/openid-connect-4-verifiable-presentations-1_0.html#name-support-for-federations-tru" class="">https://openid.bitbucket.io/connect/openid-connect-4-verifiable-presentations-1_0.html#name-support-for-federations-tru</a></div><div><br class=""></div><br class=""><blockquote type="cite" class=""><div class=""><div dir="ltr" class=""><div class="">I'm losing that context in all the JSON examples :)</div></div></div></blockquote><div><br class=""></div><div>I hope that helps. </div><div><br class=""></div><div>best regards,</div><div>Torsten. </div><br class=""><blockquote type="cite" class=""><div class=""><div dir="ltr" class=""><div class=""><br class=""></div><div class="">Thanks,</div><div class="">George<br clear="all" class=""><div class=""><br class=""></div>-- <br class=""><div dir="ltr" class="gmail_signature" data-smartmail="gmail_signature"><div dir="ltr" class=""><div style="font-family:optimist,Arial,Helvetica,sans-serif;color:rgb(28,43,57);font-size:16px;float:left;width:102px;padding-top:4px;padding-right:6px;display:inline-block;vertical-align:top;height:100px" class=""><img src="https://d2p9w4ui8rp50l.cloudfront.net/m/778c2ded498644ec/original/capital-one-logo-emailsig.png" alt="Capital One" width="80" style="vertical-align:middle;border-style:none;width:80px;height:28px;max-width:80px;display:block;color:rgb(1,61,91);font-size:14px;font-weight:600;font-family:Optimist" class=""></div><div style="font-family:Optimist,"Helvetica Neue",Helvetica,Arial,sans-serif;color:rgb(28,43,57);font-size:16px;float:left;width:500px;min-width:500px;display:contents" class=""><div style="font-size: 14px; line-height: 1.5em; font-weight: 600; color: rgb(1, 61, 91); margin: 0px !important;" class="">George Fletcher (he/him)</div><p style="margin:0px 0px 16px;font-size:12px;line-height:16px;color:rgb(1,61,91);white-space:nowrap" class="">Executive Distinguished Engineer • Identity Architect<br class=""><img src="https://d2p9w4ui8rp50l.cloudfront.net/m/1465f66c3ad833b4/original/locationpin-emailsig.png" alt="address" style="vertical-align:middle;border-style:none;width:8px;margin-right:3px" class=""><span style="font-family:optimist,Arial,Helvetica,sans-serif;line-height:1.4" class=""><span class="">8020 Towers Crescent Drive, Vienna, VA 22128</span><br class=""><img src="https://d2p9w4ui8rp50l.cloudfront.net/m/0517871018033b5e/original/mobilephone-emailsig.png" alt="mobile" style="vertical-align:middle;border-style:none;width:5px;height:9px;margin-right:6px" class=""><span class="">616-498-8240</span><br class=""><br class=""><span style="line-height:1.4" class="">assistant: </span><img src="https://d2vppzocvtms05.cloudfront.net/media/24B3C89B-18F1-45C0-951FA826F175026F/6D4F56A7-CA22-4255-8A435780C72278FA/webimage-D978F7E8-C634-4B49-9843C19E38F5C471.png" alt="email" height="7" style="vertical-align:middle;border-style:none;width:10px;margin-left:5px;margin-right:2px" class=""><span style="line-height:1.4" class=""> <a href="mailto:sharon.anderson@capitalone.com" target="_blank" class="">sharon.anderson@capitalone.com</a></span></span></p></div></div></div><input name="virtru-metadata" type="hidden" value="{"email-policy":{"state":"closed","expirationUnit":"days","disableCopyPaste":false,"disablePrint":false,"disableForwarding":false,"enableNoauth":false,"persistentProtection":false,"expandedWatermarking":false,"expires":false,"isManaged":false},"attachments":{},"compose-id":"1","compose-window":{"secure":false}}" class=""></div></div>

<hr class=""><br class=""><br class=""><font color="#404040" class="">The information contained in this e-mail is confidential and/or proprietary to Capital One and/or its affiliates and may only be used solely in performance of work or services for Capital One. The information transmitted herewith is intended only for use by the individual or entity to which it is addressed. If the reader of this message is not the intended recipient, you are hereby notified that any review, retransmission, dissemination, distribution, copying or other use of, or taking of any action in reliance upon this information is strictly prohibited. If you have received this communication in error, please contact the sender and delete the material from your computer.</font><br class=""><br class=""><table border="0" cellspacing="0" cellpadding="0" width="100%" height="30" class="">
<tbody class=""><tr class="">

</tr>
</tbody></table><br class="">
_______________________________________________<br class="">Openid-specs-ab mailing list<br class=""><a href="mailto:Openid-specs-ab@lists.openid.net" class="">Openid-specs-ab@lists.openid.net</a><br class="">https://lists.openid.net/mailman/listinfo/openid-specs-ab<br class=""></div></blockquote></div><br class=""></div></body></html>