OpenID for Verifiable Presentations - OID4VP specification

OpenID for Verifiable Presentations is a protocol specification that enables secure presentation of verifiable credentials between wallets and verifiers. Built on top of OAuth 2.0, it defines mechanisms for requesting and presenting credentials in various formats while maintaining privacy and security.

Core Features:

• Supports both same-device and cross-device credential presentation flows
• Enables selective disclosure of credential claims
• Works with multiple credential formats including W3C Verifiable Credentials, ISO mDocs, and SD-JWT VCs
• Provides mechanisms for preventing credential replay attacks
• Allows signed and encrypted responses

Key Technical Components:

1. Purpose and Scope:

• Defines protocol for requesting and presenting verifiable credentials
• Enables presentation of credentials as verifiable presentations
• Supports any credential format used in issuer-holder-verifier model
• Can be combined with OpenID Connect and SIOPv2 for additional features

2. Key Technical Specifications:

• Uses vp_token as container for verifiable presentations
• Supports Digital Credentials Query Language (DCQL) for credential requests
• Defines new OAuth response types: vp_token and vp_token id_token
• Introduces presentation_definition parameter using DIF Presentation Exchange syntax
• Supports multiple response modes including direct_post for cross-device flows

3. Implementation Requirements:

• Wallets must validate request parameters and authenticate end-users
• Verifiers must validate VP tokens and verify credential signatures
• Both parties must implement replay prevention mechanisms
• Must follow TLS requirements per BCP195

4. Security Considerations:

• Requires binding of presentations to specific transactions using nonce
• Implements session fixation prevention
• Mandates validation of response URIs
• Requires secure key management for signing/encryption

5. Interoperability Features:

• Supports multiple credential formats through format identifiers
• Enables credential format-specific parameters
• Allows extension through profiles
• Provides metadata discovery mechanisms

6. Current Adoption Status:

• Specification is in draft status at OpenID Foundation
• Multiple implementations in development
• Conformance testing available through OpenID Foundation

The standard represents a significant advancement in digital credential ecosystems by providing a standardized protocol for secure credential presentation while maintaining flexibility for different credential formats and deployment scenarios.