OpenID for Verifiable Presentations - OID4VP

OpenID for Verifiable Presentations is a protocol specification that enables secure presentation of verifiable credentials between digital wallets and verifiers. Built on top of OAuth 2.0, it provides a standardized way to request and present credentials while supporting multiple credential formats and deployment architectures.

Key features:

• Supports both same-device and cross-device credential presentation flows
• Enables selective disclosure of credential claims
• Works with any credential format used in the Issuer-Holder-Verifier model
• Can be combined with OpenID Connect and Self-Issued OP v2 specifications
• Provides flexible verifier authentication mechanisms

Core Technical Components:

1. VP Token

• Container format for presenting one or more verifiable presentations
• Can contain credentials in different formats within same transaction
• Bound to specific verifier and transaction through nonce values

2. Authorization Request Parameters

• presentation_definition: Specifies credential requirements using DIF Presentation Exchange format
• dcql_query: Alternative query format for requesting credentials
• client_metadata: Contains verifier metadata and capabilities
• response_type: Indicates how VP Token should be returned

3. Response Modes

• fragment: Default mode returning data in URI fragment
• direct_post: Enables cross-device flows via HTTP POST
• direct_post.jwt: Adds JWT security wrapper to POST response

4. Security Features

• Cryptographic binding between credentials and presentations
• Replay attack prevention through nonces
• Optional response encryption
• Multiple verifier authentication schemes

Implementation Requirements:

1. Wallets must:

• Support at least one credential format
• Validate all request parameters
• Enforce proper nonce handling
• Implement required response modes

2. Verifiers must:

• Generate cryptographically secure nonces
• Validate VP Token signatures
• Verify credential claims match request parameters
• Implement proper error handling

Current Adoption Status:
The specification is actively being implemented by digital identity providers and wallet developers. It has strong support from the OpenID Foundation and is being integrated into various digital credential ecosystems.

Interoperability:
The standard is designed to work with:

• Multiple credential formats (W3C VC, ISO mDL, SD-JWT VC)
• Different transport protocols
• Various key management systems
• Existing OAuth 2.0 and OpenID Connect deployments

This specification represents a crucial building block for decentralized digital identity systems, providing a secure and standardized way to present verifiable credentials while maintaining privacy and security requirements.