openid-data-classes/at.asitplus.openid.dcql/DCQLCredentialQuery/match

match

open fun match(credential: DCQLCredential): KmmResult<DCQLCredentialQueryMatchingResult>(source)

6.4.1. Selecting Claims

The following rules apply for selecting claims via claims and claim_sets:

If claims is absent, the Verifier is requesting no claims that are selectively disclosable; the Wallet MUST
return only the claims that are mandatory to present (e.g., SD-JWT and Key Binding JWT for a Credential of
format IETF SD-JWT VC).
If claims is present, but claim_sets is absent, the Verifier requests all claims listed in claims.
If both claims and claim_sets are present, the Verifier requests one combination of the claims listed in
claim_sets. The order of the options conveyed in the claim_sets array expresses the Verifier's preference
for what is returned; the Wallet SHOULD return the first option that it can satisfy. If the Wallet cannot
satisfy any of the options, it MUST NOT return any claims.
claim_sets MUST NOT be present if claims is absent.
Content copied to clipboard

When a Claims Query contains a restriction on the values of a claim, the Wallet SHOULD NOT return the claim if its value does not match according to the rules for values defined in Section 6.3, i.e., the claim should be treated the same as if it did not exist in the Credential. Implementing this restriction may not be possible in all cases, for example, if the Wallet does not have access to the claim value before presentation or user consent or if another component routing the request to the Wallet does not have access to the claim value. It is ultimately up to the Wallet and/or the End-User if the value matching request is followed. Therefore, Verifiers MUST treat restrictions expressed using values as a best-effort way to improve user privacy, but MUST NOT rely on it for security checks.

The purpose of the claim_sets syntax is to provide a way for a Verifier to describe alternative ways a given Credential can satisfy the request. The array ordering expresses the Verifier's preference for how to fulfill the request. The first element in the array is the most preferred and the last element in the array is the least preferred. Verifiers SHOULD use the principle of least information disclosure to influence how they order these options. For example, a proof of age request should prioritize requesting an attribute like age_over_18 over an attribute like birth_date. The claim_sets syntax is not intended to define options the End-User can choose from, see Section 6.4.3 for more information. The Wallet is recommended to return the first option it can satisfy since that is the preferred option from the Verifier. However, there can be reasons to deviate. Non-exhaustive examples of such reasons are:

scenarios where the Verifier did not order the options to minimize information disclosure
operational reasons why returning a different option than the first option has UX benefits for the Wallet.
Content copied to clipboard

If the Wallet cannot deliver all claims requested by the Verifier according to these rules, it MUST NOT return the respective Credential.

For Credential Formats that do not support selective disclosure, the case of both claims and claim_sets being absent is interpreted as requesting a presentation of the "full credential" since all claims are mandatory to present.

Generated by Dokka
© 2026 Copyright