Comprehensive plan for a Java library analogous to oid4vp, implementing the Verifier-side (and optionally Credential Service holder-side) of the Eclipse Decentralized Claims Protocol (DCP) v1.0.1 Verifiable Presentation Protocol.
- Validate Self-Issued ID Tokens (SI tokens) from clients
- Discover holder Credential Service endpoints from DID documents
- Build and send
PresentationQueryMessagetoPOST /presentations/query - Parse
PresentationResponseMessage, validate VPs/VCs per DCP - Extract
PresentationClaimsfrom verified presentations - Pluggable DID resolution, HTTP client, session store, validation backend
- Optional Spring Boot auto-configuration (mirror
oid4vp-spring)
- Credential Issuance Protocol (CIP) — request/issue/store credentials (
POST /credentials, issuer metadata, etc.) - Full Secure Token Service (STS) implementation (only client DTOs + optional HTTP client for OAuth2 client-credentials)
- DSP contract negotiation, catalog federation, ODRL policy evaluation
- VC type/schema definitions (dataspace-specific)
- Identity Hub / EDC connector integration (consumers wire the library in)
When implementing code, consult the Construct-X EDC DCP SPI module for Java types, naming, and protocol wiring:
Mirror existing oid4vp conventions:
| oid4vp | Planned DCP equivalent |
|---|---|
Oid4Vp |
DcpPresentation |
PresentationRequest |
PresentationSession |
PresentationRequestDefinition |
PresentationQueryDefinition |
PresentationRequestRepository |
PresentationSessionRepository |
PresentationVerifier |
CredentialServiceClient + PresentationValidator |
DirectPostHandler |
PresentationReceivedHandler |
DcqlQuery |
DCP scopes + Presentation Exchange definitions |
VpTokenResponse |
PresentationResponseMessage (+ optional normalized internal model) |
Oid4VpError (sealed) |
DcpError (sealed) |
| Schema | URL |
|---|---|
| PresentationQueryMessage | https://eclipse-dataspace-dcp.github.io/decentralized-claims-protocol/v1.0.1/resources/presentation/presentation-query-message-schema.json |
| PresentationResponseMessage | https://eclipse-dataspace-dcp.github.io/decentralized-claims-protocol/v1.0.1/resources/presentation/presentation-response-message-schema.json |
| DCP JSON-LD context | https://w3id.org/dspace-dcp/v1.0/dcp.jsonld |
| Standard | URL | Use in library |
|---|---|---|
| DID Core | https://www.w3.org/TR/did-core/ | Service discovery, verification relationships |
| JSON-LD 1.1 | https://www.w3.org/TR/json-ld11/ | Message serialization; compact vs expanded type |
| JWT (RFC 7519) | https://datatracker.ietf.org/doc/html/rfc7519 | Self-Issued ID Token structure |
| OAuth 2.0 (RFC 6749) | https://datatracker.ietf.org/doc/html/rfc6749 | STS client-credentials (optional) |
| Presentation Exchange 2.1.1 | https://identity.foundation/presentation-exchange/spec/v2.1.1/ | presentationDefinition, presentationSubmission |
| PE Presentation Definition schema | https://identity.foundation/presentation-exchange/schemas/presentation-definition.json | Validate PE payloads |
| PE Presentation Submission schema | https://identity.foundation/presentation-exchange/schemas/presentation-submission.json | Response validation |
| VC Data Model 2.0 | https://www.w3.org/TR/vc-data-model-2.0/ | Profile vc20-bssl/jwt |
| VC Data Model 1.1 | https://www.w3.org/TR/vc-data-model/ | Profile vc11-sl2021/jwt |
| VC JOSE (enveloped proofs) | https://www.w3.org/TR/vc-jose-cose/#with-jose | JWT VP/VC parsing |
| BitStringStatusList | https://www.w3.org/TR/vc-bitstring-status-list/ | Revocation for vc20-bssl/jwt |
| StatusList2021 (WD) | https://www.w3.org/TR/2023/WD-vc-status-list-20230427/ | Revocation for vc11-sl2021/jwt |
| Dataspace Protocol | https://eclipse-dataspace-protocol-base.github.io/DataspaceProtocol/ | Ecosystem context (DSP overlay) |
| Resource | URL | Notes |
|---|---|---|
| Eclipse DCP project page | https://projects.eclipse.org/projects/technology.dataspace-dcp | Governance, release 1.0.0 (2025-07-18) |
| EDC Identity Trust / CredentialServiceClient | https://github.com/eclipse-edc/Connector/tree/main/extensions/common/iam/identity-trust | Java reference; PresentationQueryMessage naming, JSON-LD compaction |
| Construct-X EDC DCP SPI | https://github.com/project-construct-x/constructx-edc/tree/develop/spi/dcp-spi | Primary in-code implementation reference for DCP SPI types and conventions |
EDC issue: @type vs type on wire |
eclipse-edc/Connector#5209 | Implement compact JSON-LD on egress; accept both on ingress |
Verifier → wallet URL (openid4vp://) → Wallet → direct_post vp_token → Verifier
Query language: DCQL (dcql_query)
Binding: nonce + client_id (audience)
Key entry points: Oid4Vp.generatePresentationRequest(), processDirectPost(), extractPresentationClaims().
Client → Verifier API (Bearer SI token, optional token claim)
Verifier → validates SI token, resolves holder DID
Verifier → discovers Credential Service from DID document
Verifier → POST /presentations/query (Bearer verifier SI token, forwards token claim)
Credential Service → PresentationResponseMessage
Verifier → validates presentations locally
No openid4vp:// URL, no state/nonce/response_uri/vp_token map. Correlation uses SI token claims (sub, jti, aud) and optional opaque access token.
From Verifiable Presentation Protocol — Presentation Flow:
- Client requests SI token (+ optional scopes) from its STS
- STS returns SI token (may include
tokenclaim = VP access token) - Client calls Verifier protected resource with
Authorization: Bearer <SI token> - Verifier resolves client DID from
sub - Verifier validates SI token (signature, aud, exp, jti replay, etc.)
- Verifier discovers Credential Service endpoint (
type: CredentialService) - Verifier calls CS with own SI token; forwards client
tokenif present - CS validates and returns
PresentationResponseMessage - Verifier validates VPs per Presentation Validation
New sibling repo or sub-project (recommended naming):
dcp-java/
├── pom.xml # dcp-parent
├── dcp-core/ # artifact: dcp
├── dcp-spring/ # optional auto-config
└── dcp-spring-boot-starter/
Package root: de.eecc.dcp.*
de.eecc.dcp/
├── Constants.java
├── api/
│ ├── DcpPresentation.java # Main facade
│ ├── DcpBuilder.java
│ ├── DcpOptions.java
│ └── PresentationReceivedHandler.java
├── identity/
│ ├── SelfIssuedIdToken.java # Parsed JWT claims record
│ ├── SelfIssuedIdTokenParser.java
│ ├── SelfIssuedIdTokenValidator.java
│ ├── SelfIssuedIdTokenFactory.java # Verifier creates token for CS calls
│ ├── DidDocumentResolver.java # Pluggable
│ ├── CredentialServiceDiscovery.java
│ └── JtiReplayCache.java # Pluggable (Caffeine default)
├── message/
│ ├── DcpMessage.java # Base: @context, type
│ ├── PresentationQueryMessage.java
│ ├── PresentationResponseMessage.java
│ └── JsonLdMessageSupport.java # Compact/expand; type vs @type
├── query/
│ ├── PresentationQueryDefinition.java # Interface (like PresentationRequestDefinition)
│ ├── ScopeQueryDefinition.java
│ ├── PresentationExchangeQueryDefinition.java
│ └── DcpScope.java
├── client/
│ ├── CredentialServiceClient.java # Pluggable
│ └── HttpCredentialServiceClient.java
├── validation/
│ ├── PresentationValidator.java # Pluggable (default: in-spec steps)
│ ├── PresentationValidationResult.java
│ └── profile/
│ ├── DcpProfile.java # vc20-bssl/jwt | vc11-sl2021/jwt
│ └── ProfileValidator.java
├── session/
│ ├── PresentationSession.java
│ └── PresentationSessionRepository.java
├── claims/
│ ├── PresentationClaims.java # Reuse interface shape from oid4vp
│ └── PresentationParser.java
├── sts/ # Optional client-only
│ ├── StsTokenRequest.java
│ ├── StsTokenResponse.java
│ └── HttpSecureTokenServiceClient.java
├── exception/
│ ├── DcpException.java
│ └── DcpError.java # Sealed hierarchy
└── vp/ # VP/VC parsing helpers
└── VerifiablePresentationParser.java
de.eecc.dcp.service/
├── PresentationQueryHandler.java # Handle incoming POST /presentations/query
├── CredentialStorageHandler.java # POST /credentials (from CIP)
├── CredentialMessage.java
├── CredentialContainer.java
└── ScopeRegistry.java # Map scope aliases → stored credentials
All DCP protocol messages share:
@context: array or string; normative URIhttps://w3id.org/dspace-dcp/v1.0/dcp.jsonldtype: string message type (compact JSON-LD form on the wire)
Implement Jackson records with @JsonProperty and @JsonInclude(NON_NULL).
JWT signed by participant key with capabilityInvocation relationship (validating SI tokens).
| Claim | Required | Rule |
|---|---|---|
iss |
yes | MUST equal sub (participant DID) |
sub |
yes | Holder/client DID |
aud |
yes | Verifier DID (when sent to verifier) or target audience |
jti |
yes | Replay protection |
exp |
yes | Expiry (seconds since epoch) |
iat |
yes | Issued-at |
nbf |
optional | Not-before |
token |
optional | Opaque VP access token for Credential Service |
Library responsibilities:
- Parse JWT header/body (use
nimbus-jose-jwtor similar) - Resolve
subDID document - Verify signature against
verificationMethodwithcapabilityInvocation - Assert
sub== DID documentid - Check
aud,exp,nbf,jti(viaJtiReplayCache)
Schema: presentation-query-message-schema.json
record PresentationQueryMessage(
List<Object> context, // @context
String type, // "PresentationQueryMessage"
List<String> scope, // XOR presentationDefinition
JsonNode presentationDefinition // PE object; use JsonNode or PE library type
)Validation rules:
- MUST have
@contextandtype - MUST have exactly one of
scopeorpresentationDefinition - If both present → treat as error (spec: CS returns 400; client should pre-validate)
scopearray MUST be non-empty
Schema: presentation-response-message-schema.json
record PresentationResponseMessage(
List<Object> context,
String type, // "PresentationResponseMessage"
List<JsonNode> presentation, // string JWT or object per item
JsonNode presentationSubmission // required when query used PE definition
)presentation: array of VPs (heterogeneous string/object allowed)presentationSubmission: REQUIRED when request containedpresentationDefinition
Normative scope format: [alias]:[discriminator]
| Alias | Example | Meaning |
|---|---|---|
org.eclipse.dspace.dcp.vc.type |
org.eclipse.dspace.dcp.vc.type:Member |
VC by type |
org.eclipse.dspace.dcp.vc.id |
org.eclipse.dspace.dcp.vc.id:8247b87d-... |
VC by id |
record DcpScope(String alias, String discriminator) {
String toScopeString();
static DcpScope vcType(String type);
static DcpScope vcId(String id);
static DcpScope parse(String scope);
}Scope-to-PE mapping is implementation-specific on the Credential Service; the library should allow hosts to register scope aliases for validation expectations only.
Non-normative example in spec:
{
"id": "did:example:123#identity-hub",
"type": "CredentialService",
"serviceEndpoint": "https://cs.example.com"
}DTO: CredentialServiceEndpoint(String id, URI serviceEndpoint).
Discovery constant: Constants.CREDENTIAL_SERVICE_TYPE = "CredentialService".
Resolution API path: Constants.PATH_PRESENTATIONS_QUERY = "/presentations/query".
From identity-trust-sts-api.yaml:
StsTokenRequest:grant_type,client_id,client_secret,audience, optionalbearer_access_scope, optionaltokenStsTokenResponse:access_token,expires_in,token_typeStsTokenErrorResponse:error,error_description
Note: SI token is returned as access_token in the non-normative OpenAPI example.
Not on the wire; analogous to PresentationRequest:
| Field | Purpose |
|---|---|
sessionId |
Internal UUID |
verifierDid |
Local participant |
holderDid |
From client SI token sub |
credentialServiceUrl |
Resolved base URL |
queryDefinition |
PresentationQueryDefinition |
clientToken |
Optional forwarded opaque token |
response |
PresentationResponseMessage after query |
verificationStatus |
NOT_RECEIVED, RECEIVED, SUCCEEDED, FAILED |
verificationError |
Structured error |
createdAt, expiresAt |
Session TTL |
consumed |
One-time use flag |
Subclasses may add app fields (e.g. contract offer id) with @JsonIgnore, same pattern as PresentationRequest.
Proposed public methods:
// --- Client token gate (step 3–5 of presentation flow) ---
SelfIssuedIdTokenValidationResult validateClientToken(String bearerJwt);
// --- Session + query (steps 6–8) ---
<T extends PresentationSession> T beginSession(
SelfIssuedIdToken clientToken,
PresentationQueryDefinition query,
BeginSessionOptions<T> options
);
PresentationResponseMessage queryPresentations(PresentationSession session);
// --- Combined flow ---
PresentationFlowResult handlePresentationRequest(
String clientBearerJwt,
PresentationQueryDefinition query,
PresentationReceivedHandler<?> handler
);
// --- Validation + claims (step 9) ---
PresentationValidationResult validatePresentations(
PresentationQueryDefinition query,
PresentationResponseMessage response,
String holderDid
);
PresentationClaims extractPresentationClaims(
PresentationQueryDefinition query,
PresentationResponseMessage response
);
// --- Utilities ---
URI resolveCredentialService(String holderDid);
String createVerifierToken(PresentationSession session); // SI token for CS call| Interface | Responsibility | Default impl |
|---|---|---|
DidDocumentResolver |
Resolve DID → document JSON | HTTP universal resolver adapter (host-provided URL) |
CredentialServiceDiscovery |
Extract CS URL from DID doc | Default parsing service[] |
CredentialServiceClient |
POST query, parse response | HttpCredentialServiceClient (Java HttpClient) |
SelfIssuedIdTokenValidator |
Full SI token validation | Default per base.protocol |
JtiReplayCache |
Store seen jti until exp |
Caffeine TTL cache |
PresentationValidator |
8-step VP validation | DefaultPresentationValidator |
PresentationSessionRepository |
Session persistence | CaffeinePresentationSessionRepository |
PresentationReceivedHandler |
App callback after success | — |
Mirror PresentationRequestDefinition:
interface PresentationQueryDefinition {
PresentationQueryMessage toQueryMessage();
/** Validate response matches what was requested (scope or PE). */
void assertResponseMatches(PresentationResponseMessage response);
/** Extract claims from verified presentations. */
PresentationClaims extractPresentationClaims(PresentationResponseMessage response);
}Two built-in implementations:
ScopeQueryDefinition— wrapsList<DcpScope>PresentationExchangeQueryDefinition— wraps PEPresentationDefinition+ optional submission validation rules
Implement Presentation Validation:
- VP satisfies
scopeorpresentationDefinition - VP signature via holder DID verification method
- VP verification method has
authenticationrelationship - VC issuer DID matches VC verification method
- VC signature valid
- Revocation check (profile-specific)
- Expiry / validity claims on VP
- Optional: cryptographic holder binding (
credentialSubject.id== VP holder DID)
Split by DCP profile (vc20-bssl/jwt vs vc11-sl2021/jwt) per dcp.profiles.md.
Design choice: allow delegating steps 2–6 to an external vc-verifier HTTP service (like oid4vp) while keeping steps 1, 7, 8 local — configurable via DcpOptions.
Analogous to DirectPostHandler / DirectPostResult:
@FunctionalInterface
interface PresentationReceivedHandler<T extends PresentationSession> {
PresentationFlowOutcome onVerified(T session, PresentationResponseMessage response);
}
enum PresentationFlowOutcome {
COMPLETE, // session marked complete
ISSUE_SESSION_TOKEN // optional one-time code for downstream OAuth/DSP
// CUSTOM
}No OID4VP-style redirect_uri unless the host adds it in a custom handler response.
EDC interoperability note (issue #5209):
- Egress (library → CS): serialize compact JSON-LD (
type, not@type) when using Jackson with proper property names - Ingress (CS → library): accept both
typeand@type - Consider optional dependency on JSON-LD Java library (e.g. Titanium JSON-LD) for strict compaction; phase 1 can use Jackson + tolerant parsing
@context handling:
- Default to
[Constants.DCP_CONTEXT, "https://www.w3.org/ns/did/v1"]in generated messages - Allow override in
DcpOptions
Mirror Oid4VpError pattern:
| Error | When |
|---|---|
InvalidSelfIssuedIdToken |
Parse/validation failure (aud, exp, signature, iss≠sub) |
ReplayDetected |
Duplicate jti |
UnknownHolder |
DID resolution failed |
CredentialServiceNotFound |
No CredentialService in DID document |
CredentialServiceError |
HTTP 4xx/5xx from CS |
InvalidQueryMessage |
Both scope and presentationDefinition set |
UnsupportedPresentationDefinition |
CS returned 501 |
PresentationValidationFailed |
VP/VC validation step failed |
InvalidPresentationResponse |
Malformed JSON, missing required fields |
EmptyPresentationClaims |
Extraction yielded no values |
ExpiredSession |
Session TTL exceeded |
AlreadyConsumed |
Session reused |
InternalError |
Unexpected failures |
Wrap in DcpException with DcpError cause for Spring handler mapping.
public final class Constants {
public static final String DCP_CONTEXT = "https://w3id.org/dspace-dcp/v1.0/dcp.jsonld";
public static final String TYPE_PRESENTATION_QUERY = "PresentationQueryMessage";
public static final String TYPE_PRESENTATION_RESPONSE = "PresentationResponseMessage";
public static final String CREDENTIAL_SERVICE_TYPE = "CredentialService";
public static final String SCOPE_ALIAS_VC_TYPE = "org.eclipse.dspace.dcp.vc.type";
public static final String SCOPE_ALIAS_VC_ID = "org.eclipse.dspace.dcp.vc.id";
public static final String PATH_PRESENTATIONS_QUERY = "/presentations/query";
public static final String PROFILE_VC20_BSSL_JWT = "vc20-bssl/jwt";
public static final String PROFILE_VC11_SL2021_JWT = "vc11-sl2021/jwt";
public static final int DEFAULT_SESSION_TTL_SECONDS = 300;
public static final int DEFAULT_JTI_CACHE_TTL_SECONDS = 3600;
}- Create
dcp-javamulti-module Maven parent (mirroroid4vp-javastructure, Java 25, Jackson, Caffeine, SLF4J) - Add
nimbus-jose-jwtfor JWT parsing/signing - Define
Constants, sealedDcpError,DcpException - Copy/adapt release script pattern from oid4vp if same org
Deliverable: empty modules compile; CI runs mvn test
-
PresentationQueryMessage,PresentationResponseMessage,DcpScope - JSON schema validation (optional:
networknt/json-schema-validatoragainst published schemas) - Unit tests with fixtures from DCP spec examples (construct minimal valid payloads)
- JSON-LD
type/@typetolerant deserialization
Deliverable: round-trip serialize/deserialize tests pass
-
SelfIssuedIdTokenparser -
DidDocumentResolverinterface + test stub -
SelfIssuedIdTokenValidator(full normative steps) -
JtiReplayCache+ Caffeine implementation -
CredentialServiceDiscovery -
SelfIssuedIdTokenFactoryfor verifier-issued tokens to CS
Deliverable: SI token validation tested with mock DID documents and signed JWT fixtures
-
CredentialServiceClientinterface -
HttpCredentialServiceClient— POST/presentations/query, Bearer auth - Forward
tokenclaim from client SI token into verifier SI token - Error mapping (400, 401, 501, etc.)
Deliverable: integration test against mock HTTP CS server
-
PresentationSession,PresentationSessionRepository, Caffeine impl -
PresentationQueryDefinition+ scope and PE implementations -
DcpPresentationfacade wiring validate → discover → query → store -
PresentationReceivedHandlerhook
Deliverable: end-to-end test with mock DID + mock CS
-
PresentationValidatordefault implementation (8 steps) - Profile support:
vc20-bssl/jwt,vc11-sl2021/jwt - JWT VP/VC parsing (enveloped proofs)
- Revocation: BitStringStatusList + StatusList2021 clients
- Optional:
DelegatingPresentationValidator→ external HTTP verifier
Deliverable: validation unit tests per profile; document which steps are delegated
- Port/adapt
PresentationParserfrom oid4vp for JWT/LDP payloads inpresentation[] -
PresentationClaimsinterface like in oid4vc -
extractPresentationClaimson facade
Deliverable: claims extraction tests with sample VPs
-
DcpProperties:verifier-did,did-resolver-url, default profile, session TTL -
DcpAutoConfiguration,@Bean DcpPresentation -
DcpExceptionHandler(optional, mirror oid4vp-spring)
Deliverable: @SpringBootTest context loads
-
PresentationQueryHandlerfor incoming queries -
ScopeRegistrymapping scopes → stored credentials - PE
presentationDefinitionmatching (if supported) - CIP
CredentialMessagestorage endpoint (POST /credentials)
Deliverable: CS can respond to TCK-style queries
- Run against DCP TCK
- Interop testing with EDC Identity Hub / mock CS
- Document
@type/typecompatibility
| Dependency | Purpose | Notes |
|---|---|---|
| Jackson | JSON DTOs | Same as oid4vp |
| Caffeine | Session + jti cache | Same as oid4vp |
| SLF4J | Logging | Same as oid4vp |
| Nimbus JOSE + JWT | SI token parse/verify/sign | Industry standard |
| Java HttpClient | CS HTTP calls | JDK built-in |
| networknt/json-schema-validator | Optional schema validation | Against published schemas |
| Titanium JSON-LD | Optional strict JSON-LD | Phase 2+ if interop issues |
| Presentation Exchange library | Optional typed PE models | Or JsonNode + manual validation initially |
- DTO serialization against published JSON schemas
- SI token validation matrix (expired, wrong aud, replay jti, bad signature)
- Scope string parsing
- Query message XOR validation
- MockWebServer for Credential Service
- WireMock DID resolver responses with
CredentialServiceentry - End-to-end: client token appears in logs → query → validate → extract claims
- DCP TCK for protocol conformance
- Cross-test with EDC
DefaultCredentialServiceClientmessage formats
- Generate JWT VPs for both profiles using test keys
- Minimal DID documents with
verificationMethod+capabilityInvocation+authentication
dcp:
verifier-did: did:web:example.com
did-resolver-url: https://resolver.example.com
default-profile: vc20-bssl/jwt
session-ttl: 300s
jti-cache-ttl: 3600s
delegation:
verifier-url: "" # optional external vc-verifier; empty = local validationDependency: de.eecc.dcp:dcp-spring-boot-starter
No REST controllers in the library — host application exposes verifier endpoints.
| Decision | Options | Recommendation |
|---|---|---|
| PE modeling | Typed library vs JsonNode |
Start JsonNode; add typed PE when needed |
| Validation location | All local vs delegate crypto to vc-verifier | Hybrid: structural checks local, crypto delegatable |
| DID resolution | Universal resolver vs did:web HTTP | Pluggable; document did:web as primary for dataspaces |
| JSON-LD strictness | Jackson-only vs Titanium compaction | Jackson + tolerant ingress; add Titanium if TCK fails |
| Repo placement | Same monorepo as oid4vp vs separate | Separate artifact coordinates; |
| Holder-side scope | Verifier-only v1 vs include CS handlers | Verifier-only for v0.1; CS in v0.2 |
| oid4vp feature | DCP equivalent | Status in plan |
|---|---|---|
generatePresentationRequest() |
beginSession() + build PresentationQueryMessage |
Phase 4 |
toOpenId4VpUrl() |
N/A — use DID discovery | — |
processDirectPost() |
queryPresentations() + handlePresentationRequest() |
Phase 4 |
pollPresentationStatus() |
Optional session status API (host-defined) | Low priority |
verifyVpTokenPresentations() |
validatePresentations() |
Phase 5 |
extractPresentationClaims() |
Same name, different input type | Phase 6 |
DcqlQuery |
Scopes + Presentation Exchange | Phase 1/4 |
ClientMetadata |
DSP /.well-known/dspace-trust (optional) |
Out of scope v1 |
response_code OAuth flow |
Host-defined session token / DSP auth | Handler hook only |
| Risk | Mitigation |
|---|---|
JSON-LD @type interop |
Tolerant parser; follow EDC compaction on egress |
| PE complexity | Scope-first implementation; PE as phase 1b |
| DID method diversity | Pluggable resolver; test did:web + universal resolver |
| Profile heterogeneity | Enforce homogeneity rule; reject mixed VP arrays |
| Revocation network calls | Cache status lists; configurable timeout |
| Spec drift | Pin to DCP v1.0.1 schemas; track GitHub repo releases |
- Verifier can validate client SI token, query CS, validate VPs, extract claims
- Passes DCP TCK presentation-related tests
- API surface feels familiar to oid4vp users (facade, definition interface, repository, sealed errors)
- Spring Boot starter enables drop-in configuration
- Documented integration guide for DSP connector / dataspace login flows
- DCP v1.0.1: https://eclipse-dataspace-dcp.github.io/decentralized-claims-protocol/v1.0.1/
- DCP GitHub: https://github.com/eclipse-dataspace-dcp/decentralized-claims-protocol
- DCP TCK: https://github.com/eclipse-dataspacetck/dcp-tck
- Presentation Exchange: https://identity.foundation/presentation-exchange/spec/v2.1.1/
- DID Core: https://www.w3.org/TR/did-core/
- VC Data Model 2.0: https://www.w3.org/TR/vc-data-model-2.0/
- DSP: https://eclipse-dataspace-protocol-base.github.io/DataspaceProtocol/
- EDC Identity Trust: https://github.com/eclipse-edc/Connector/tree/main/extensions/common/iam/identity-trust
- Construct-X EDC DCP SPI (in-code reference): https://github.com/project-construct-x/constructx-edc/tree/develop/spi/dcp-spi
- oid4vp module layout: module-layout.md