Message Formats

Credentials

Verifiable Credential

The following represents the intermediate form of a JWT-encoded verifiable credential post-verification and post-decoding to restore the "credential" (i.e., combining fields from both the payload and the protected headers of the JWT token):

{
  "credentialSubject": {
    "KYCAMLAttestation": {
      "type": "KYCAMLAttestation",
      "process": "https://dwn.vc/definitions/processes/kycaml/0.0.1/usa",
      "approvalDate": "2022-04-01T00:00:00.000Z"
    },
    "id": "did:key:z6Mkj19pGYpv88SCYZW8ZT1dxrKYJrPf6u6hBeGexChJF4qp"
  },
  "issuer": {
    "id": "did:web:dwn.id"
  },
  "type": ["VerifiableCredential", "KYCAMLAttestation"],
  "@context": [
    "https://www.w3.org/2018/credentials/v1",
    { "@vocab": "https://dwn.id/identity/" }
  ],
  "issuanceDate": "2022-04-01T00:00:00.000Z",
}

Verifiable Credential with status

The following represents the intermediate form of a DID JWT-encoded verifiable credential post-verification and post-decoding to restore the "credential" (i.e., combining fields from both the payload and the protected headers of the JWT token). Note that the credential status has not been dereferenced (i.e., "fetched" as a bit string and validated), which some systems might want to do before processing and/or storing the credential.

{
  "credentialSubject": {
    "KYCAMLAttestation": {
      "type": "KYCAMLAttestation",
      "process": "https://abaxx.id/definitions/processes/kycaml/0.0.1/usa",
      "approvalDate": "2022-04-01T00:00:00.000Z"
    },
    "id": "did:key:z6Mkj19pGYpv88SCYZW8ZT1dxrKYJrPf6u6hBeGexChJF4qp"
  },
  "issuer": {
    "id": "did:web:dwn.id"
  },
  "type": ["VerifiableCredential", "KYCAMLAttestation"],
  "credentialStatus": {
    "id": "http://dwn.id/api/revocation/00c74210-4910-4ec4-8402-ce14c28dda91#321",
    "type": "RevocationList2021Status",
    "statusListIndex": "321",
    "statusListCredential": "http://dwn.vc/api/revocation/00c74210-4910-4ec4-8402-ce14c28dda91#321"
  },
  "@context": [
    "https://www.w3.org/2018/credentials/v1",
    { "@vocab": "https://dwn.id/identity/" }
  ],
  "issuanceDate": "2022-04-01T00:00:00.000Z",
}

Issuance

Credential Offer

Our Credential Offer structure is a simple JWM wrapper around a DIF Credential Manifest.

{
  "id": "4487e7d1-7d10-4075-a923-bae9332266c1",
  "type": "CredentialOffer",
  "from": "did:key:z6Mkgw8mPijYRa3TkHSYtQ4P7S2HGrcJBwzdgjeurqr9Luqb",
  "created_time": "2022-04-01T00:00:00.000Z",
  "expires_time": "2022-04-02T00:00:00.000Z",
  "reply_url": "http://example.com/api/issuance/eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpYXQiOjE2MzE1ODI0MjUsImV4cCI6MTYzMTU4NjAyNSwic3ViIjoiMTUxOGNkNjEtNGFlNC00YmYwLTgzZDAtMjllMTE1NTA2MTFhIn0.94twxi4g3eR4sKxo7euKHtUcfIVLCkukukiGCi5CS70",
  "body": {
    "challenge": "d273da29-74dd-46de-a53c-1677c51cc700",
    "manifest": {}
  }
}

Parameters:

• from: who the message is from; in this case, the issuer

• reply_url: the URL the wallet should send the credential application to

• body.challenge: a challenge the wallet should sign when proving control, to prevent replays

• body.manifest: this follows the DIF Credential Manifest spec

Credential Manifest

Example DIF Credential Manifest for a KYCAMLAttestation issued by a fictional issuer, Example Inc. Notice the descriptive text found in the output descriptors, which can be used by wallets to render details about the credential being issued. The presentation definition describes the inputs necessary to receive a credential. In this case, it is a Verifiable Presentation with no credentials, which is sufficient to prove control over the presentation holder's did.

{
  "id": "KYCAMLAttestation",
  "version": "0.1.0",
  "issuer": {
    "id": "did:web:example.com",
    "name": "Example Inc.",
    "styles": {}
  },
  "format": {
    "jwt_vc": {
      "alg": ["EdDSA"]
    },
    "jwt_vp": {
      "alg": ["EdDSA"]
    }
  },
  "output_descriptors": [
    {
      "id": "kycAttestationOutput",
      "schema": [
        {
          "uri": "https://abaxx.id/definitions/schemas/0.0.1/KYCAMLAttestation"
        }
      ],
      "name": "Proof of KYC",
      "description": "Attestation completed KYC/AML verification for this subject",
      "display": {
        "subtitle": {
          "path": ["$.approvalDate", "$.vc.approvalDate"],
          "fallback": "Includes date of approval"
        },
        "description": {
          "text": "The KYC authority processes Know Your Customer and Anti-Money Laundering analysis, potentially employing a number of internal and external vendor providers."
        },
        "properties": [
          {
            "label": "Process",
            "path": ["$.KYCAMLAttestation.process"],
            "schema": {
              "type": "string"
            }
          },
          {
            "label": "Approved At",
            "path": ["$.KYCAMLAttestation.approvalDate"],
            "schema": {
              "type": "string",
              "format": "date-time"
            }
          }
        ]
      },
      "styles": {
        "thumbnail": {
          "uri": "http://example.com/img/kyc-aml-thumbnail.png",
          "alt": "Logo"
        },
        "hero": {
          "uri": "http://example.com/img/kyc-aml-hero.png",
          "alt": "KYC+AML Visual"
        },
        "background": {
          "color": "#EC4899"
        },
        "text": {
          "color": "#FFFFFF"
        }
      }
    }
  ],
  "presentation_definition": {
    "id": "ProofOfControlPresentationDefinition",
    "format": {
      "jwt_vp": {
        "alg": ["EdDSA"]
      }
    },
    "input_descriptors": [
      {
        "id": "proofOfIdentifierControlVP",
        "name": "Proof of Control Verifiable Presentation",
        "purpose": "A Verifiable Presentation establishing proof of identifier control over the DID.",
        "schema": [
          {
            "uri": "https://abaxx.id/definitions/schemas/0.0.1/ProofOfControl"
          }
        ]
      }
    ]
  }
}

Credential Application

What follows is a JSON object containing the same contents as a Verifiable Presentation in DID JWT form; there is no proof object, because it would be signed and transmitted as a JWT.

{
  "@context": ["https://www.w3.org/2018/credentials/v1"],
  "credential_application": {
    "id": "2ce196be-fcda-4054-9eeb-8e4c5ef771e5",
    "manifest_id": "KYCAMLAttestation",
    "format": {
      "jwt_vp": {
        "alg": ["EdDSA"]
      }
    }
  },
  "presentation_submission": {
    "id": "b4f43310-1d6b-425d-84c6-f8afac3fe244",
    "definition_id": "ProofOfControlPresentationDefinition",
    "descriptor_map": [
      {
        "id": "proofOfIdentifierControlVP",
        "format": "jwt_vp",
        "path": "$.presentation"
      }
    ]
  },
  "verifiableCredential": [], // Credential would be found here, as a JWT, i.e. ["eyJhbG..."]
  "holder": "did:key:z6MkjFFeDnzyKL7Q39aNs1piGo27b12upMf1MmSDQcABJmmn",
  "type": ["VerifiablePresentation", "CredentialApplication"],
}

Credential Fulfillment

What follows is a JSON object containing the same contents as a Verifiable Presentation in JWT form; there is no proof object, because it would be signed and transmitted as a JWT.

{
  "@context": ["https://www.w3.org/2018/credentials/v1"],
  "type": ["VerifiablePresentation", "CredentialFulfillment"],
  "holder": "did:key:z6Mkgw8mPijYRa3TkHSYtQ4P7S2HGrcJBwzdgjeurqr9Luqb",
  "credential_fulfillment": {
    "id": "5f22f1ea-0441-4041-916b-2504a2a4075c",
    "manifest_id": "KYCAMLAttestation",
    "descriptor_map": [
      {
        "id": "proofOfIdentifierControlVP",
        "format": "jwt_vc",
        "path": "$.presentation.credential[0]"
      }
    ]
  },
  "verifiableCredential": [], // Credential would be found here, as a JWT, i.e. ["eyJhbG..."]
}

Presentation Exchange

Presentation Request

{
    "id": "1308e77f-9ab0-4de7-97a8-ad2111b585bf",
    "type": "VerificationRequest",
    "from": "did:key:z6MkizuwMHiYpZrBAn64ZnbS2cz5og7iGqAa3nV3EuTj4aaZ",
    "created_time": "2022-04-01T00:00:00.000Z",
    "expires_time": "2022-04-01T00:00:00.000Z",
    "reply_url": "http://example.com/api/verification/1308e77f-9ab0-4de7-97a8-ad2111b585bf/submission",
    "body": {
        "status_url": "http://example.com/api/verification/1308e77f-9ab0-4de7-97a8-ad2111b585bf/callback",
        "challenge": "e0e52794-7889-451c-bb05-28d8cff9ed13",
        "presentation_definition": {
            "id": "KYCAMLPresentationDefinition",
            ...
        }
    }
}

Parameters:

• from: who the message is from; in this case, the issuer

• reply_url: the URL the wallet should send the credential submission to

• body.challenge: a challenge the wallet should sign when proving control, to prevent replays

• body.presentation_definition: this follows the DIF Presentation Definition spec

• body.status_url: url returning verification results when complete

Presentation Submission​

{
  "@context": ["https://www.w3.org/2018/credentials/v1"],
  "presentation_submission": {
    "id": "d885c76f-a908-401a-9e41-abbbeddfe886",
    "definition_id": "KYCAMLPresentationDefinition",
    "descriptor_map": [
      {
        "id": "kycaml_input",
        "format": "jwt_vc",
        "path": "$.presentation.verifiableCredential[0]"
      }
    ]
  },
  "verifiableCredential": [
    {
      "type": ["VerifiableCredential", "KYCAMLAttestation"],
      "credentialSubject": {
        "id": "did:key:z6Mkjo9pGYpv88SCYZW3ZT1dxrKYJrPf6u6hBeGexChJF4EN",
        "KYCAMLAttestation": {
          "type": "KYCAMLAttestation",
          "process": "https://abaxx.id/definitions/processes/kycaml/0.0.1/usa",
          "approvalDate": "2022-04-01T00:00:00.000Z"
        }
      },
      "issuer": {
        "id": "did:web:abaxx.id"
      }
    }
  ]
}

Response

{
  "status": 200,
  "message" "approved"
}