Drop expect_ and valid_ prefixes, remove algorithm matching

Author: danielfett

Diff for: examples/query_lang/claims_alternatives.json

@@ -1,17 +1,15 @@
 {
-  "expect_credentials": [
+  "credentials": [
     {
       "group": "pid",
       "format": "vc+sd-jwt",
-      "expect_meta": {
-        "vct_values": [ "https://credentials.example.com/identity_credential" ],
-        "credential_signing_alg_values": ["ES256", "ES384"],
-        "sd_alg_values": ["SHA-256"]
+      "meta": {
+        "vct_values": [ "https://credentials.example.com/identity_credential" ]
       },
       // Comments in JSON to be removed before merging PR, they are just here to make Brian less sad
-      "expect_claims": [ // define claims, may add other properties like a purpose to each claims
+      "claims": [ // define claims, may add other properties like a purpose to each claims
         {
-          "id": "a",  // required for use in valid_claim_sets below; if that is omitted, the id is optional
+          "id": "a",  // required for use in claim_sets below; if that is omitted, the id is optional
           "path": ["last_name"]
         },
         {"id": "b", "path": ["postal_code"]},
@@ -20,7 +18,7 @@
         {"id": "e", "path": ["date_of_birth"]},
         {"id": "f", "path": ["email"]}
       ],
-      "valid_claim_sets": [ // defines the rules
+      "claim_sets": [ // defines the rules
         // postal code or (locality and region), last_name, and date_of_birth are mandatory; email is optional 
         ["a", "b", "e", "f?"],
         ["a", "c", "d", "e", "f?"]

Diff for: examples/query_lang/credentials_alternatives.json

@@ -1,12 +1,12 @@
 {
-  "expect_credentials": [
+  "credentials": [
     {
       "id": "pid",
       "format": "vc+sd-jwt",
-      "expect_meta": {
+      "meta": {
         "vct_values": ["https://credentials.example.com/identity_credential"]
       },
-      "expect_claims": [
+      "claims": [
         {"path": ["given_name"]},
         {"path": ["family_name"]},
         {"path": ["address", "street_address"]}
@@ -15,10 +15,10 @@
     {
       "id": "other_pid",
       "format": "vc+sd-jwt",
-      "expect_meta": {
+      "meta": {
         "vct_values": ["https://othercredentials.example/pid"]
       },
-      "expect_claims": [
+      "claims": [
         {"path": ["given_name"]},
         {"path": ["family_name"]},
         {"path": ["address", "street_address"]}
@@ -27,21 +27,21 @@
     {
       "id": "pid_reduced_cred_1",
       "format": "vc+sd-jwt",
-      "expect_meta": {
+      "meta": {
         "vct_values": ["https://credentials.example.com/reduced_identity_credential"]
       },
-      "expect_claims": [
+      "claims": [
         {"path": ["family_name"]},
         {"path": ["given_name"]}
       ]
     },
     {
       "id": "pid_reduced_cred_2",
       "format": "vc+sd-jwt",
-      "expect_meta": {
+      "meta": {
         "vct_values": ["https://cred.example/residence_credential"]
       },
-      "expect_claims": [
+      "claims": [
         {"path": ["postal_code"]},
         {"path": ["locality"]},
         {"path": ["region"]}
@@ -50,19 +50,19 @@
     {
       "id": "nice_to_have",
       "format": "vc+sd-jwt",
-      "expect_meta": {
+      "meta": {
         "vct_values": ["https://company.example/company_rewards"]
       },
-      "expect_claims": [
+      "claims": [
         {"id": "current", "path": ["rewards_number"]},
         {"id": "legacy", "path": ["legacy_system_rewards_number"]}
       ],
-      "valid_claim_sets": [
+      "claim_sets": [
         ["current", "legacy?"]
       ]
     }
   ],
-  "valid_credential_sets": [
+  "credential_sets": [
     // deliver the pid, or the other_pid, or both pid_reduced_cred1 + 2; nice_to_have is optional in all cases
     ["pid", "nice_to_have?"],
     ["other_pid", "nice_to_have?"],

Diff for: examples/query_lang/multi_credentials.json

@@ -1,12 +1,12 @@
 {
-  "expect_credentials": [
+  "credentials": [
     {
       "id": "pid",
       "format": "vc+sd-jwt",
-      "expect_meta": {
+      "meta": {
         "vct_values": ["https://credentials.example.com/identity_credential"]
       },
-      "expect_claims": [
+      "claims": [
         {"path": ["given_name"]},
         {"path": ["family_name"]},
         {"path": ["address", "street_address"]}
@@ -15,12 +15,10 @@
     {
       "id": "mdl",
       "format": "mso_mdoc",
-      "expect_meta": {
-        "doctype_values": ["org.iso.7367.1.mVR"],
-        "alg_values": [ "EdDSA" ],
-        "hash_algorithm_values": [ "SHA-384"]
+      "meta": {
+        "doctype_values": ["org.iso.7367.1.mVR"]
       },
-      "expect_claims": [
+      "claims": [
         {
           "namespace": "org.iso.7367.1",
           "claim_name": "vehicle_holder"

Diff for: examples/query_lang/simple.json

@@ -1,14 +1,12 @@
 {
-  "expect_credentials": [
+  "credentials": [
     {
       "id": "my_credential",
       "format": "vc+sd-jwt",
-      "expect_meta": {
-        "vct_values": [ "https://credentials.example.com/identity_credential" ],
-        "credential_signing_alg_values": ["ES256", "ES384"],
-        "sd_alg_values": ["SHA-256"]
+      "meta": {
+        "vct_values": [ "https://credentials.example.com/identity_credential" ]
       },
-      "expect_claims": [
+      "claims": [
           {"path": ["last_name"]},
           {"path": ["first_name"]},
           {"path": ["address", "street_address"]}       

Diff for: examples/query_lang/simple_mdoc.json

@@ -1,14 +1,12 @@
 {
-  "expect_credentials": [
+  "credentials": [
     {
       "id": "my_credential",
       "format": "mso_mdoc",
-      "expect_meta": {
-        "doctype_values": ["org.iso.7367.1.mVR"],
-        "credential_signing_alg_values": [ "EdDSA" ],
-        "hash_algorithm_values": [ "SHA-384"]
+      "meta": {
+        "doctype_values": ["org.iso.7367.1.mVR"]
       },
-      "expect_claims": [
+      "claims": [
         {
           "namespace": "org.iso.7367.1",
           "claim_name": "vehicle_holder"

Diff for: examples/query_lang/value_matching_simple.json

@@ -1,14 +1,12 @@
 {
-  "expect_credentials": [
+  "credentials": [
     {
       "id": "my_credential",
       "format": "vc+sd-jwt",
-      "expect_meta": {
-        "vct_values": [ "https://credentials.example.com/identity_credential" ],
-        "credential_signing_alg_values": ["ES256", "ES384"],
-        "sd_alg_values": ["SHA-256"]
+      "meta": {
+        "vct_values": [ "https://credentials.example.com/identity_credential" ]
       },
-      "expect_claims": [
+      "claims": [
           {
             "path": ["last_name"],
             "value": "Doe"

Diff for: openid-4-verifiable-presentations-1_0.md

@@ -613,15 +613,15 @@ Presentations that match the query.
 A valid VP Query is defined as a JSON-encoded object with the following
 top-level properties:
 
-`expect_credentials`:
+`credentials`:
 : REQUIRED. A non-empty array of Credential Queries as defined in (#credential_query)
 that specify the requested Verifiable Credentials.
 
-`valid_credential_sets`:
+`credential_sets`:
 : OPTIONAL. A non-empty array containing arrays of identifiers for Credential Queries defined in
-`expect_credentials` that defines which sets of Credentials may be returned.
+`credentials` that defines which sets of Credentials may be returned.
 The identifier MAY be postfixed by `?`, indicating that
-delivery of the the respective Credential is optional. For details, see
+delivery of the respective Credential is optional. For details, see
 (#vp_query_lang_processing_rules).
 
 Note: While this specification does not define additional top-level properties,
@@ -637,39 +637,38 @@ It contains the following properties:
 
 `id`:
 : REQUIRED. A string identifying the Credential in the response and, if provided,
-the constraints in `valid_credential_sets`. The value MUST be a non-empty string
+the constraints in `credential_sets`. The value MUST be a non-empty string
 consisting of alphanumeric, underscore (`_`) or hyphen (`-`) characters.
 Within the Authorization Request, the same `id` MUST NOT
 be present more than once.
 
 `format`:
 : REQUIRED. A string that specifies the format of the requested
 Verifiable Credential. Valid Credential Format Identifier values are defined in
-Appendix A of [@!OpenID.VCI]. The value of this property MUST be one of the
-supported Credential Formats as defined in the Wallet's metadata.
+Appendix A of [@!OpenID.VCI].
 
-`expect_meta`: 
+`meta`: 
 : OPTIONAL. An object defining additional properties requested by the Verifier that
 apply to the metadata and validity data of the Credential. The properties of
 this object are defined per Credential Format in (#format_specific_properties). If omitted,
 no specific constraints are placed on the metadata or validity of the requested
 Credential.
 
-`expect_claims`:
+`claims`:
 : OPTIONAL. A non-empty array of objects as defined in (#claims_query) that specifies
 claims in the requested Credentials.
 
-`valid_claim_sets`:
+`claim_sets`:
 : OPTIONAL. A non-empty array containing arrays of identifiers for elements in
-`expect_claims`. The identifier MAY be postfixed by `?`, indicating that
+`claims`. The identifier MAY be postfixed by `?`, indicating that
 delivery of the the respective claim is OPTIONAL.  
 
 ## Claims Query {#claims_query}
 
-Each entry in `expect_claims` MUST be an object with the following properties:
+Each entry in `claims` MUST be an object with the following properties:
 
 `id`:
-: REQUIRED if `valid_claim_sets` is present; OPTIONAL otherwise. A string
+: REQUIRED if `claim_sets` is present; OPTIONAL otherwise. A string
 identifying the particular claim. The value MUST be a non-empty string
 consisting of alphanumeric, underscore (`_`) or hyphen (`-`) characters.
 Within the particular `expected_claims` array, the same `id` MUST NOT
@@ -693,42 +692,42 @@ in the Verifiable Credential, e.g., `first_name`.
 `value`:
 : OPTIONAL. A string, integer or boolean value that specifies the expected value of the claim. If the
 `value` property is present, the Wallet MUST return the claim only if the type and value
-of the claim match the type and value specified in the query.
+of the claim match the type and value specified in the query. This property MUST NOT be present if the `values` property is present.
 
 `values`:
 : OPTIONAL. An array of strings, integers or boolean values that specifies the expected values of the claim.
 If the `values` property is present, the Wallet MUST return the claim only if the
-type and value of the claim both match for at least one of the elements in the array.
+type and value of the claim both match for at least one of the elements in the array. This property MUST NOT be present if the `value` property is present.
 
 ### Selecting Claims and Credentials {#vp_query_lang_processing_rules}
 
 The same basic logic applies for selecting claims and for selecting credentials, as detailed in the following.
 
 #### Selecting Claims
 
-The following rules apply for selecting claims via `expect_claims` and `valid_claim_sets`:
+The following rules apply for selecting claims via `claims` and `claim_sets`:
 
-- If `expect_claims` is not provided, the Verifier requests all claims existing
+- If `claims` is not provided, the Verifier requests all claims existing
   in the Credential.
-- If `expect_claims` is provided, but `valid_claim_sets` is not provided,
-  the Verifier requests all claims listed in `expect_claims`.
+- If `claims` is provided, but `claim_sets` is not provided,
+  the Verifier requests all claims listed in `claims`.
 - Otherwise, the Verifier requests one combination of the claims listed in
-  `valid_claim_sets`, with optional claims marked by the postfix `?`.
+  `claim_sets`, with optional claims marked by the postfix `?`.
 
 If the Wallet cannot deliver all non-optional claims requested by the Verifier according to these rules, it MUST NOT
 return the respective Credential.
 
 #### Selecting Credentials
 
-The following rules apply for selecting Credentials via `expect_credentials` and `valid_credential_sets`:
+The following rules apply for selecting Credentials via `credentials` and `credential_sets`:
 
-- If `valid_credential_sets` is not provided, the Verifier requests all
-  Credentials in `expect_credentials` to be returned.
+- If `credential_sets` is not provided, the Verifier requests all
+  Credentials in `credentials` to be returned.
 - Otherwise, the Verifier requests one combination of the Credentials
-  listed in `valid_credential_sets`, with optional credentials marked by the postfix `?`.
+  listed in `credential_sets`, with optional credentials marked by the postfix `?`.
 
 Credentials not matching the respective constraints expressed within
-`expect_credentials` MUST NOT be returned, i.e., they are treated as if
+`credentials` MUST NOT be returned, i.e., they are treated as if
 they would not exist in the Wallet.
 
 If the Wallet cannot deliver all non-optional Credentials requested by the Verifier according to these rules, it MUST NOT
@@ -748,22 +747,12 @@ be valid type identifiers as defined in [@!I-D.ietf-oauth-sd-jwt-vc]. The Wallet
 MAY return credentials that inherit from any of the specified types, following
 the inheritance logic defined in [@!I-D.ietf-oauth-sd-jwt-vc].
 
-`credential_signing_alg_values`:
-: OPTIONAL. An array of strings that specifies
-the allowed algorithms for signing the SD-JWT (i.e., only the issuer-signed part).
-
-`kbjwt_signing_alg_values`:
-: OPTIONAL. An array of strings that specifies the
-allowed algorithms for signing the Key-Binding JWT (KB-JWT) (i.e., the part signed
-by the holder).
-
-`sd_alg_values`:
-: OPTIONAL. An array of strings that specifies the allowed hash algorithms for
-digests in the SD-JWT and KB-JWT.
-
 ### Format `mso_mdoc` {#format_mso_mdoc}
 
-TBD
+`doctype_values`:
+: OPTIONAL. An array of strings that specifies allowed values for the
+doctype of the requested Verifiable Credential. All elements in the array MUST
+be valid doctype identifiers as defined in ISO 18013-5.
 
 ### Format `jwt_vp*`