Create a credential definition

Edit online

A credential definition defines the format, signing algorithm, key binding, and other features of the credential to be issued at run time.

Following is an example of a mDL based definition.
POST https://<host>/diagency//v2.0/diagency/credential_definitions
{
    "schema_id": "2a8ca47f-233c-449b-ab13-dc10473b419e",
    "credential_document_type": [
        "org.iso.18013.5.1.mDL"
    ],
    "credential_format": "mso_mdoc",
    "credential_signing_algorithm": "EdDSA",
    "cryptographic_binding_methods": [
        "did:key"
    ],
    "key_proof_types": {
        "ldp_vp": [
            "Ed25519Signature2020"
        ]
    }
}

To enable requiring key binding, the issuer must include the cryptographic_binding_methods and key_proof_types properties in the POST body of the credential definition.

  • The supported value for cryptographic_binding_methods is [“did:key”].
  • The supported values for key_proof_types are ldp_vp or jwt.
    • For ldp_vp, the value must be an array that contains Ed25519Signature2020 or BbsBlsSignature2020.
    • For jwt, the value must be an array that contains EdDSA.

If a credential definition is created with the key proof types (ldp_VP or jwt), the user wallet must generate a key binding proof of possession of the same type. This proof must be included in the body of the offer acceptance request at the /credential endpoint. The user wallet must generate this proof of possession externally.

Example 1: JWT proof type

If the credential definition contains:
“cryptographic_binding_methods”: [“did:key”],
"key_proof_types": {
"jwt": [ "EdDSA" ]
},

After the user wallet obtains an access token to request a credential, the request body must contain:

"credential_identifier": “<cred_def_id>”
"proof": {
                "proof_type": "jwt",
                "jwt": "<encoded_jwt_proof>”
           }
The <encoded_jwt_proof> must contain properties as defined in the JWT Proof Type specification.

Example 2: LDP_VP troof type

If the credential definition contains:
"cryptographic_binding_methods”: [“did:key”],
“key_proof_types": {
"ldp_vp": [ "Ed25519Signature2020" ]
},

After the user wallet obtains an access token to request a credential, the request body must contain:

"credential_identifier": “<cred_def_id>”
"proof": {
        	"proof_type": "ldp_vp",
        	"ldp_vp": "<ldp_vp_proof>”
   	}
The <ldp_vp_proof> must contain properties as defined in the LDP_VP Proof Type specification.