<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
</head>
<body>
<p>Hi George</p>
<p>I can supplement what Torsten said below by adding that multiple
different types of credentials might have the same schema. For
example, a credit card schema could be used by Amex, Visa and
Mastercard types. So instead of filtering on the credentialSchema
property, which could cover several different types of credential,
you might prefer to filter on the "type" property, which should be
more narrowly scoped to just one type of credential. Note that it
is unlikely that driving license and passport types, which both
contain the DoB property, will use the same credentialSchema, so
filtering on the latter would not work for DoB in this case.</p>
<p>Ultimately the RP has to decide what type of credential it is
willing to accept. (It might not accept a boys scout credential
for providing DoB)<br>
</p>
<p>Kind regards</p>
<p>David<br>
</p>
<div class="moz-cite-prefix">On 16/05/2022 16:56, Torsten
Lodderstedt via Openid-specs-ab wrote:<br>
</div>
<blockquote type="cite"
cite="mid:F467A9DF-5184-4B29-951F-B8AECB3EDC2C@lodderstedt.net">
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
Hi George,
<div class="">
<div><br class="">
<blockquote type="cite" class="">
<div class="">Am 16.05.2022 um 15:54 schrieb George Fletcher
via Openid-specs-ab <<a
href="mailto:openid-specs-ab@lists.openid.net"
class="moz-txt-link-freetext" moz-do-not-send="true">openid-specs-ab@lists.openid.net</a>>:</div>
<br class="Apple-interchange-newline">
<div class="">
<div dir="ltr" class="">Hi,
<div class=""><br class="">
</div>
<div class="">What would I use in the current spec as a
relying party to inform the wallet that I need an "age
over 13“ claim </div>
</div>
</div>
</blockquote>
<div><br class="">
</div>
First of all you need to request that contains such a claim.
We use Presentation Exchange as language for that, in this
case the so-called presentation_definition. </div>
<div><br class="">
</div>
<div>It may restrict the desired result by defining a
constraint, in this case over the credentialSchema. The
following requests an „idcard" credential. </div>
<div><br class="">
</div>
<div>"presentation_definition":{<br class="">
"constraints": {<br class="">
"fields": [<br class="">
{<br class="">
"path": [<br class="">
"$.<a
href="http://credentialSchema.id" class=""
moz-do-not-send="true">credentialSchema.id</a>"<br class="">
],<br class="">
"filter": {<br class="">
"type": "string",<br class="">
"pattern": "<a
href="https://example.org/idcard"
class="moz-txt-link-freetext" moz-do-not-send="true">https://example.org/idcard</a>"<br
class="">
}<br class="">
}<br class="">
]<br class="">
}<br class="">
}<br class="">
<br class="">
Note: the concrete paths and patterns depend on the credential
format (here JSON-LD/LD Proofs). <br class="">
<div><br class="">
</div>
<div>You may also explicitly request a certain claim by
defining a further path, such as </div>
<div><br class="">
</div>
{"path":["$.values.is_over_13"]}, </div>
<div><br class="">
</div>
<div>This would require a „is_over_13“ booelan claim to be
present in the credential. </div>
<div><br class="">
</div>
<div>Something more generic could perhaps be implemented using
PE`s predicate feature. I assume the support of this feature
depends on certain credential format & crypto suite
capabilities. Here is a (made up) example:</div>
<div><br class="">
</div>
<div>{<br class="">
"path":[<br class="">
"$.dob"<br class="">
],<br class="">
"filter":{<br class="">
"type":"number",<br class="">
"min":1242489139<br class="">
}<br class="">
}
<div><br class="">
</div>
<br class="">
<blockquote type="cite" class="">
<div class="">
<div dir="ltr" class="">
<div class="">and it can be form one of N issuers that
the Verifier/RP trusts? </div>
</div>
</div>
</blockquote>
<div><br class="">
</div>
<div>The recommended way is to use a claim in the credential
conveying the trust framework/federation the issuer shall
belong to. Here is an example: </div>
<div><br class="">
</div>
<div>
<div class="">{</div>
<div class=""> "vp_token": {</div>
<div class=""> "presentation_definition": {</div>
<div class=""> "id": "32f54163-7166-48f1",</div>
<div class=""> "input_descriptors": [</div>
<div class=""> {</div>
<div class=""> "id": "federationExample",</div>
<div class=""> "purpose": "To pick a UK
university that is a member of the UK academic
federation",</div>
<div class=""> "constraints": {</div>
<div class=""> "fields": [,</div>
<div class=""> <b class="">{</b></div>
<div class=""><b class="">
"path": [</b></div>
<div class=""><b class="">
"$.termsOfUse.federations"</b></div>
<div class=""><b class=""> ],</b></div>
<div class=""><b class="">
"filter": {</b></div>
<div class=""><b class="">
"type": "string",</b></div>
<div class=""><b class="">
"const": "<a href="http://ukuniversities.ac.uk"
class="" moz-do-not-send="true">ukuniversities.ac.uk</a>"</b></div>
<div class=""><b class=""> }</b></div>
<div class=""><b class=""> }</b></div>
<div class=""> ]</div>
<div class=""> }</div>
<div class=""> }</div>
<div class=""> ]</div>
<div class=""> }</div>
<div class=""> }</div>
<div class="">}</div>
<div class=""><br class="">
</div>
<div class="">The verifier will need to check that
relationship using a registry. </div>
<div class=""><br class="">
</div>
</div>
<div>There is text about this in the spec at <a
href="https://openid.bitbucket.io/connect/openid-connect-4-verifiable-presentations-1_0.html#name-support-for-federations-tru"
class="moz-txt-link-freetext" moz-do-not-send="true">https://openid.bitbucket.io/connect/openid-connect-4-verifiable-presentations-1_0.html#name-support-for-federations-tru</a></div>
<div><br class="">
</div>
<br class="">
<blockquote type="cite" class="">
<div class="">
<div dir="ltr" class="">
<div class="">I'm losing that context in all the JSON
examples :)</div>
</div>
</div>
</blockquote>
<div><br class="">
</div>
<div>I hope that helps. </div>
<div><br class="">
</div>
<div>best regards,</div>
<div>Torsten. </div>
<br class="">
<blockquote type="cite" class="">
<div class="">
<div dir="ltr" class="">
<div class=""><br class="">
</div>
<div class="">Thanks,</div>
<div class="">George<br class="" clear="all">
<div class=""><br class="">
</div>
-- <br class="">
<div dir="ltr" class="gmail_signature"
data-smartmail="gmail_signature">
<div dir="ltr" class="">
<div
style="font-family:optimist,Arial,Helvetica,sans-serif;color:rgb(28,43,57);font-size:16px;float:left;width:102px;padding-top:4px;padding-right:6px;display:inline-block;vertical-align:top;height:100px"
class=""><img
src="https://d2p9w4ui8rp50l.cloudfront.net/m/778c2ded498644ec/original/capital-one-logo-emailsig.png"
alt="Capital One"
style="vertical-align:middle;border-style:none;width:80px;height:28px;max-width:80px;display:block;color:rgb(1,61,91);font-size:14px;font-weight:600;font-family:Optimist"
class="" moz-do-not-send="true" width="80"></div>
<div style="font-family:Optimist,"Helvetica
Neue",Helvetica,Arial,sans-serif;color:rgb(28,43,57);font-size:16px;float:left;width:500px;min-width:500px;display:contents"
class="">
<div style="font-size: 14px; line-height: 1.5em;
font-weight: 600; color: rgb(1, 61, 91);
margin: 0px !important;" class="">George
Fletcher (he/him)</div>
<p style="margin:0px 0px
16px;font-size:12px;line-height:16px;color:rgb(1,61,91);white-space:nowrap"
class="">Executive Distinguished Engineer •
Identity Architect<br class="">
<img
src="https://d2p9w4ui8rp50l.cloudfront.net/m/1465f66c3ad833b4/original/locationpin-emailsig.png"
alt="address"
style="vertical-align:middle;border-style:none;width:8px;margin-right:3px"
class="" moz-do-not-send="true"><span
style="font-family:optimist,Arial,Helvetica,sans-serif;line-height:1.4"
class=""><span class="">8020 Towers Crescent
Drive, Vienna, VA 22128</span><br class="">
<img
src="https://d2p9w4ui8rp50l.cloudfront.net/m/0517871018033b5e/original/mobilephone-emailsig.png"
alt="mobile"
style="vertical-align:middle;border-style:none;width:5px;height:9px;margin-right:6px"
class="" moz-do-not-send="true"><span
class="">616-498-8240</span><br class="">
<br class="">
<span style="line-height:1.4" class="">assistant: </span><img
src="https://d2vppzocvtms05.cloudfront.net/media/24B3C89B-18F1-45C0-951FA826F175026F/6D4F56A7-CA22-4255-8A435780C72278FA/webimage-D978F7E8-C634-4B49-9843C19E38F5C471.png"
alt="email"
style="vertical-align:middle;border-style:none;width:10px;margin-left:5px;margin-right:2px"
class="" moz-do-not-send="true" height="7"><span
style="line-height:1.4" class=""> <a
href="mailto:sharon.anderson@capitalone.com"
target="_blank"
class="moz-txt-link-freetext"
moz-do-not-send="true">sharon.anderson@capitalone.com</a></span></span></p>
</div>
</div>
</div>
<input name="virtru-metadata" type="hidden"
value="{"email-policy":{"state":"closed","expirationUnit":"days","disableCopyPaste":false,"disablePrint":false,"disableForwarding":false,"enableNoauth":false,"persistentProtection":false,"expandedWatermarking":false,"expires":false,"isManaged":false},"attachments":{},"compose-id":"1","compose-window":{"secure":false}}"
class=""></div>
</div>
<hr class=""><br class="">
<br class="">
<font class="" color="#404040">The information contained
in this e-mail is confidential and/or proprietary to
Capital One and/or its affiliates and may only be used
solely in performance of work or services for Capital
One. The information transmitted herewith is intended
only for use by the individual or entity to which it is
addressed. If the reader of this message is not the
intended recipient, you are hereby notified that any
review, retransmission, dissemination, distribution,
copying or other use of, or taking of any action in
reliance upon this information is strictly prohibited.
If you have received this communication in error, please
contact the sender and delete the material from your
computer.</font><br class="">
<br class="">
<table class="" width="100%" height="30" cellspacing="0"
cellpadding="0" border="0">
<tbody class="">
<tr class="">
</tr>
</tbody>
</table>
<br class="">
_______________________________________________<br
class="">
Openid-specs-ab mailing list<br class="">
<a href="mailto:Openid-specs-ab@lists.openid.net"
class="moz-txt-link-freetext" moz-do-not-send="true">Openid-specs-ab@lists.openid.net</a><br
class="">
<a class="moz-txt-link-freetext" href="https://lists.openid.net/mailman/listinfo/openid-specs-ab">https://lists.openid.net/mailman/listinfo/openid-specs-ab</a><br
class="">
</div>
</blockquote>
</div>
<br class="">
</div>
<br>
<fieldset class="moz-mime-attachment-header"></fieldset>
<pre class="moz-quote-pre" wrap="">_______________________________________________
Openid-specs-ab mailing list
<a class="moz-txt-link-abbreviated" href="mailto:Openid-specs-ab@lists.openid.net">Openid-specs-ab@lists.openid.net</a>
<a class="moz-txt-link-freetext" href="https://lists.openid.net/mailman/listinfo/openid-specs-ab">https://lists.openid.net/mailman/listinfo/openid-specs-ab</a>
</pre>
</blockquote>
</body>
</html>