<div dir="auto">Thanks Torsten and David. I think you are getting to the crux of my question at the end of your response David. The Verifier/RP is willing to accept a DoB from a Driver’s license, Passport and a financial institution but not the Boy Scouts. </div><div dir="auto"><br></div><div dir="auto">How does the Verifier/RP specify those constraints in the Request? Or is this a multiple step process where the RP asks for a DoB and then gets one it won’t accept and asks again requiring the user to choose a different credential with the same claim?</div><div dir="auto"><br></div><div dir="auto">It’s fine if this level of standardization isn’t happening yet.</div><div dir="auto"><br></div><div dir="auto">Thanks,</div><div dir="auto">George</div><div><br><div class="gmail_quote"><div dir="ltr" class="gmail_attr">On Mon, May 16, 2022 at 12:31 PM David Chadwick via Openid-specs-ab <<a href="mailto:openid-specs-ab@lists.openid.net">openid-specs-ab@lists.openid.net</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-style:solid;padding-left:1ex;border-left-color:rgb(204,204,204)">
<div>
<p>Hi George</p>
<p>I can supplement what Torsten said below by adding that multiple
different types of credentials might have the same schema. For
example, a credit card schema could be used by Amex, Visa and
Mastercard types. So instead of filtering on the credentialSchema
property, which could cover several different types of credential,
you might prefer to filter on the "type" property, which should be
more narrowly scoped to just one type of credential. Note that it
is unlikely that driving license and passport types, which both
contain the DoB property, will use the same credentialSchema, so
filtering on the latter would not work for DoB in this case.</p>
<p>Ultimately the RP has to decide what type of credential it is
willing to accept. (It might not accept a boys scout credential
for providing DoB)<br>
</p>
<p>Kind regards</p>
<p>David<br>
</p></div><div>
<div>On 16/05/2022 16:56, Torsten
Lodderstedt via Openid-specs-ab wrote:<br>
</div>
<blockquote type="cite">
Hi George,
<div>
<div><br>
<blockquote type="cite">
<div>Am 16.05.2022 um 15:54 schrieb George Fletcher
via Openid-specs-ab <<a href="mailto:openid-specs-ab@lists.openid.net" target="_blank">openid-specs-ab@lists.openid.net</a>>:</div>
<br>
<div>
<div dir="ltr">Hi,
<div><br>
</div>
<div>What would I use in the current spec as a
relying party to inform the wallet that I need an "age
over 13“ claim </div>
</div>
</div>
</blockquote>
<div><br>
</div>
First of all you need to request that contains such a claim.
We use Presentation Exchange as language for that, in this
case the so-called presentation_definition. </div>
<div><br>
</div>
<div>It may restrict the desired result by defining a
constraint, in this case over the credentialSchema. The
following requests an „idcard" credential. </div>
<div><br>
</div>
<div>"presentation_definition":{<br>
"constraints": {<br>
"fields": [<br>
{<br>
"path": [<br>
"$.<a href="https://urldefense.com/v3/__http://credentialSchema.id__;!!FrPt2g6CO4Wadw!OhV8SJR5gsp9_wP7MDmyCYTI7L46MclpSTlQ6gCpa0VBY8WpQ6W33EKO9GLR8CXEsE8Rc--dks5QsRRDyj_n7N12JDSXr1UAQ4apws8$" target="_blank">credentialSchema.id</a>"<br>
],<br>
"filter": {<br>
"type": "string",<br>
"pattern": "<a href="https://urldefense.com/v3/__https://example.org/idcard__;!!FrPt2g6CO4Wadw!OhV8SJR5gsp9_wP7MDmyCYTI7L46MclpSTlQ6gCpa0VBY8WpQ6W33EKO9GLR8CXEsE8Rc--dks5QsRRDyj_n7N12JDSXr1UAp8DP56Y$" target="_blank">https://example.org/idcard</a>"<br>
}<br>
}<br>
]<br>
}<br>
}<br>
<br>
Note: the concrete paths and patterns depend on the credential
format (here JSON-LD/LD Proofs). <br>
<div><br>
</div>
<div>You may also explicitly request a certain claim by
defining a further path, such as </div>
<div><br>
</div>
{"path":["$.values.is_over_13"]}, </div>
<div><br>
</div>
<div>This would require a „is_over_13“ booelan claim to be
present in the credential. </div>
<div><br>
</div>
<div>Something more generic could perhaps be implemented using
PE`s predicate feature. I assume the support of this feature
depends on certain credential format & crypto suite
capabilities. Here is a (made up) example:</div>
<div><br>
</div>
<div>{<br>
"path":[<br>
"$.dob"<br>
],<br>
"filter":{<br>
"type":"number",<br>
"min":1242489139<br>
}<br>
}
<div><br>
</div>
<br>
<blockquote type="cite">
<div>
<div dir="ltr">
<div>and it can be form one of N issuers that
the Verifier/RP trusts? </div>
</div>
</div>
</blockquote>
<div><br>
</div>
<div>The recommended way is to use a claim in the credential
conveying the trust framework/federation the issuer shall
belong to. Here is an example: </div>
<div><br>
</div>
<div>
<div>{</div>
<div> "vp_token": {</div>
<div> "presentation_definition": {</div>
<div> "id": "32f54163-7166-48f1",</div>
<div> "input_descriptors": [</div>
<div> {</div>
<div> "id": "federationExample",</div>
<div> "purpose": "To pick a UK
university that is a member of the UK academic
federation",</div>
<div> "constraints": {</div>
<div> "fields": [,</div>
<div> <b>{</b></div>
<div><b>
"path": [</b></div>
<div><b>
"$.termsOfUse.federations"</b></div>
<div><b> ],</b></div>
<div><b>
"filter": {</b></div>
<div><b>
"type": "string",</b></div>
<div><b>
"const": "<a href="https://urldefense.com/v3/__http://ukuniversities.ac.uk__;!!FrPt2g6CO4Wadw!OhV8SJR5gsp9_wP7MDmyCYTI7L46MclpSTlQ6gCpa0VBY8WpQ6W33EKO9GLR8CXEsE8Rc--dks5QsRRDyj_n7N12JDSXr1UAAcUYuKc$" target="_blank">ukuniversities.ac.uk</a>"</b></div>
<div><b> }</b></div>
<div><b> }</b></div>
<div> ]</div>
<div> }</div>
<div> }</div>
<div> ]</div>
<div> }</div>
<div> }</div>
<div>}</div>
<div><br>
</div>
<div>The verifier will need to check that
relationship using a registry. </div>
<div><br>
</div>
</div>
<div>There is text about this in the spec at <a href="https://urldefense.com/v3/__https://openid.bitbucket.io/connect/openid-connect-4-verifiable-presentations-1_0.html*name-support-for-federations-tru__;Iw!!FrPt2g6CO4Wadw!OhV8SJR5gsp9_wP7MDmyCYTI7L46MclpSTlQ6gCpa0VBY8WpQ6W33EKO9GLR8CXEsE8Rc--dks5QsRRDyj_n7N12JDSXr1UA1GqAZ4U$" target="_blank">https://openid.bitbucket.io/connect/openid-connect-4-verifiable-presentations-1_0.html#name-support-for-federations-tru</a></div>
<div><br>
</div>
<br>
<blockquote type="cite">
<div>
<div dir="ltr">
<div>I'm losing that context in all the JSON
examples :)</div>
</div>
</div>
</blockquote>
<div><br>
</div>
<div>I hope that helps. </div>
<div><br>
</div>
<div>best regards,</div>
<div>Torsten. </div>
<br>
<blockquote type="cite">
<div>
<div dir="ltr">
<div><br>
</div>
<div>Thanks,</div>
<div>George<br clear="all">
<div><br>
</div>
-- <br>
<div dir="ltr" data-smartmail="gmail_signature">
<div dir="ltr">
<div style="font-family:optimist,Arial,Helvetica,sans-serif;font-size:16px;float:left;width:102px;padding-top:4px;padding-right:6px;display:inline-block;vertical-align:top;height:100px;color:rgb(28,43,57)"><img src="https://d2p9w4ui8rp50l.cloudfront.net/m/778c2ded498644ec/original/capital-one-logo-emailsig.png" alt="Capital One" style="vertical-align: middle; border-style: none; width: 80px; height: 28px; max-width: 80px; display: block; font-size: 14px; font-weight: 600; font-family: Optimist; color: rgb(1, 61, 91);" width="80"></div>
<div>
<div style="font-size:14px;line-height:1.5em;font-weight:600;margin:0px!important;color:rgb(1,61,91)">George
Fletcher (he/him)</div>
<p style="margin:0px 0px 16px;font-size:12px;line-height:16px;white-space:nowrap;color:rgb(1,61,91)">Executive Distinguished Engineer •
Identity Architect<br>
<img src="https://d2p9w4ui8rp50l.cloudfront.net/m/1465f66c3ad833b4/original/locationpin-emailsig.png" alt="address" style="vertical-align: middle; border-style: none; width: 8px; margin-right: 3px;"><span style="font-family:optimist,Arial,Helvetica,sans-serif;line-height:1.4"><span style="font-family:optimist,Arial,Helvetica,sans-serif"><a href="https://www.google.com/maps/search/8020+Towers+Crescent%0D%0A++++++++++++++++++++++++++++++Drive,+Vienna,+VA?entry=gmail&source=g" style="font-family:optimist,Arial,Helvetica,sans-serif">8020 Towers Crescent
Drive, Vienna, VA</a> 22128</span><br>
<img src="https://d2p9w4ui8rp50l.cloudfront.net/m/0517871018033b5e/original/mobilephone-emailsig.png" alt="mobile" style="vertical-align: middle; border-style: none; width: 5px; height: 9px; margin-right: 6px; font-family: optimist, Arial, Helvetica, sans-serif;"><span style="font-family:optimist,Arial,Helvetica,sans-serif">616-498-8240</span><br>
<br>
<span style="line-height:1.4;font-family:optimist,Arial,Helvetica,sans-serif">assistant: </span><img src="https://d2vppzocvtms05.cloudfront.net/media/24B3C89B-18F1-45C0-951FA826F175026F/6D4F56A7-CA22-4255-8A435780C72278FA/webimage-D978F7E8-C634-4B49-9843C19E38F5C471.png" alt="email" style="vertical-align: middle; border-style: none; width: 10px; margin-left: 5px; margin-right: 2px; font-family: optimist, Arial, Helvetica, sans-serif;" height="7"><span style="line-height:1.4;font-family:optimist,Arial,Helvetica,sans-serif"> <a href="mailto:sharon.anderson@capitalone.com" target="_blank" style="font-family:optimist,Arial,Helvetica,sans-serif">sharon.anderson@capitalone.com</a></span></span></p>
</div>
</div>
</div>
<input name="virtru-metadata" type="hidden" value="{"email-policy":{"state":"closed","expirationUnit":"days","disableCopyPaste":false,"disablePrint":false,"disableForwarding":false,"enableNoauth":false,"persistentProtection":false,"expandedWatermarking":false,"expires":false,"isManaged":false},"attachments":{},"compose-id":"1","compose-window":{"secure":false}}"></div>
</div>
<hr><br>
<br>
<font style="color:rgb(64,64,64)">The information contained
in this e-mail is confidential and/or proprietary to
Capital One and/or its affiliates and may only be used
solely in performance of work or services for Capital
One. The information transmitted herewith is intended
only for use by the individual or entity to which it is
addressed. If the reader of this message is not the
intended recipient, you are hereby notified that any
review, retransmission, dissemination, distribution,
copying or other use of, or taking of any action in
reliance upon this information is strictly prohibited.
If you have received this communication in error, please
contact the sender and delete the material from your
computer.</font><br>
<br>
<table width="100%" height="30" cellspacing="0" cellpadding="0" border="0">
<tbody>
<tr>
</tr>
</tbody>
</table>
<br>
_______________________________________________<br>
Openid-specs-ab mailing list<br>
<a href="mailto:Openid-specs-ab@lists.openid.net" target="_blank">Openid-specs-ab@lists.openid.net</a><br>
<a href="https://urldefense.com/v3/__https://lists.openid.net/mailman/listinfo/openid-specs-ab__;!!FrPt2g6CO4Wadw!OhV8SJR5gsp9_wP7MDmyCYTI7L46MclpSTlQ6gCpa0VBY8WpQ6W33EKO9GLR8CXEsE8Rc--dks5QsRRDyj_n7N12JDSXr1UAVHlBKAI$" target="_blank">https://lists.openid.net/mailman/listinfo/openid-specs-ab</a><br>
</div>
</blockquote>
</div>
<br>
</div>
<br>
<fieldset></fieldset>
<pre style="font-family:monospace">_______________________________________________
Openid-specs-ab mailing list
<a href="mailto:Openid-specs-ab@lists.openid.net" target="_blank" style="font-family:monospace">Openid-specs-ab@lists.openid.net</a>
<a href="https://urldefense.com/v3/__https://lists.openid.net/mailman/listinfo/openid-specs-ab__;!!FrPt2g6CO4Wadw!OhV8SJR5gsp9_wP7MDmyCYTI7L46MclpSTlQ6gCpa0VBY8WpQ6W33EKO9GLR8CXEsE8Rc--dks5QsRRDyj_n7N12JDSXr1UAVHlBKAI$" target="_blank" style="font-family:monospace">https://lists.openid.net/mailman/listinfo/openid-specs-ab</a>
</pre>
</blockquote>
</div><div></div>
_______________________________________________<br>
Openid-specs-ab mailing list<br>
<a href="mailto:Openid-specs-ab@lists.openid.net" target="_blank">Openid-specs-ab@lists.openid.net</a><br>
<a href="https://urldefense.com/v3/__https://lists.openid.net/mailman/listinfo/openid-specs-ab__;!!FrPt2g6CO4Wadw!OhV8SJR5gsp9_wP7MDmyCYTI7L46MclpSTlQ6gCpa0VBY8WpQ6W33EKO9GLR8CXEsE8Rc--dks5QsRRDyj_n7N12JDSXr1UAVHlBKAI$" rel="noreferrer" target="_blank">https://urldefense.com/v3/__https://lists.openid.net/mailman/listinfo/openid-specs-ab__;!!FrPt2g6CO4Wadw!OhV8SJR5gsp9_wP7MDmyCYTI7L46MclpSTlQ6gCpa0VBY8WpQ6W33EKO9GLR8CXEsE8Rc--dks5QsRRDyj_n7N12JDSXr1UAVHlBKAI$</a> <br>
</blockquote></div></div>-- <br><div dir="ltr" class="gmail_signature" data-smartmail="gmail_signature"><div dir="ltr"><div style="font-family:optimist,Arial,Helvetica,sans-serif;color:rgb(28,43,57);font-size:16px;float:left;width:102px;padding-top:4px;padding-right:6px;display:inline-block;vertical-align:top;height:100px"><img src="https://d2p9w4ui8rp50l.cloudfront.net/m/778c2ded498644ec/original/capital-one-logo-emailsig.png" alt="Capital One" width="80" style="vertical-align:middle;border-style:none;width:80px;height:28px;max-width:80px;display:block;color:rgb(1,61,91);font-size:14px;font-weight:600;font-family:Optimist"></div><div style="font-family:Optimist,"Helvetica Neue",Helvetica,Arial,sans-serif;color:rgb(28,43,57);font-size:16px;float:left;width:500px;min-width:500px;display:contents"><p style="font-size:14px;line-height:1.5em;font-weight:600;color:rgb(1,61,91);margin:0px!important">George Fletcher (he/him)</p><p style="margin:0px 0px 16px;font-size:12px;line-height:16px;color:rgb(1,61,91);white-space:nowrap">Executive Distinguished Engineer • Identity Architect<br><img src="https://d2p9w4ui8rp50l.cloudfront.net/m/1465f66c3ad833b4/original/locationpin-emailsig.png" alt="address" style="vertical-align:middle;border-style:none;width:8px;margin-right:3px"><span style="font-family:optimist,Arial,Helvetica,sans-serif;line-height:1.4"><span>8020 Towers Crescent Drive, Vienna, VA 22128</span><br><img src="https://d2p9w4ui8rp50l.cloudfront.net/m/0517871018033b5e/original/mobilephone-emailsig.png" alt="mobile" style="vertical-align:middle;border-style:none;width:5px;height:9px;margin-right:6px"><span>616-498-8240</span><br><br><span style="line-height:1.4">assistant: </span><img src="https://d2vppzocvtms05.cloudfront.net/media/24B3C89B-18F1-45C0-951FA826F175026F/6D4F56A7-CA22-4255-8A435780C72278FA/webimage-D978F7E8-C634-4B49-9843C19E38F5C471.png" alt="email" height="7" style="vertical-align:middle;border-style:none;width:10px;margin-left:5px;margin-right:2px"><span style="line-height:1.4"> <a href="mailto:sharon.anderson@capitalone.com" target="_blank">sharon.anderson@capitalone.com</a></span></span></p></div></div></div>
<HR><table border="0" cellspacing="0" cellpadding="0" width="100%" height="30"><BR>
<tr><BR>
<font color="#404040">The information contained in this e-mail is confidential and/or proprietary to Capital One and/or its affiliates and may only be used solely in performance of work or services for Capital One. The information transmitted herewith is intended only for use by the individual or entity to which it is addressed. If the reader of this message is not the intended recipient, you are hereby notified that any review, retransmission, dissemination, distribution, copying or other use of, or taking of any action in reliance upon this information is strictly prohibited. If you have received this communication in error, please contact the sender and delete the material from your computer.</font></td><BR>
</tr><BR>
</table><BR>