W3C Candidate Recommendation Snapshot
Copyright © 2023 World Wide Web Consortium. W3C® liability, trademark and permissive document license rules apply.
Among other things, the [VC-DATA-MODEL-2.0] specifies the models used for Verifiable Credentials, Verifiable Presentations, and explains the relationships between three parties: issuers, holders, and verifiers. Verifiability, extensibility, and semantic interoperability are critical pieces of functionality referenced throughout the [VC-DATA-MODEL-2.0]. This specification provides a mechanism to make use of a Credential Schema in Verifiable Credential, leveraging the existing Data Schemas concept.
This section describes the status of this document at the time of its publication. A list of current W3C publications and the latest revision of this technical report can be found in the W3C technical reports index at https://www.w3.org/TR/.
The Working Group is actively seeking implementation feedback for this specification. In order to exit the Candidate Recommendation phase, the Working Group has set the requirement of at least two independent implementations for each mandatory feature in the specification. For details on the conformance testing process, see the test suites listed in the implementation report.
This document was published by the Verifiable Credentials Working Group as a Candidate Recommendation Snapshot using the Recommendation track.
Publication as a Candidate Recommendation does not imply endorsement by W3C and its Members. A Candidate Recommendation Snapshot has received wide review, is intended to gather implementation experience, and has commitments from Working Group members to royalty-free licensing for implementations.
This Candidate Recommendation is not expected to advance to Proposed Recommendation any earlier than 24 January 2024.
This document was produced by a group operating under the W3C Patent Policy. W3C maintains a public list of any patent disclosures made in connection with the deliverables of the group; that page also includes instructions for disclosing a patent. An individual who has actual knowledge of a patent which the individual believes contains Essential Claim(s) must disclose the information in accordance with section 6 of the W3C Patent Policy.
This document is governed by the 03 November 2023 W3C Process Document.
This section is non-normative.
This specification provides a mechanism for the use of JSON Schemas with Verifiable Credentials. A significant part of the integrity of a Verifiable Credential comes from the ability to structure its contents so that all three parties — issuer, holder, verifier — may have a consistent mechanism of trust in interpreting the data that they are provided with. We introducing a new data model for an object to facilitate backing Credentials with JSON Schemas that we call a Credential Schema.
            This specification provides a standardized way of creating Credential Schemas
            to be used in credentialing systems. Credential Schemas may apply to any portion
            of a Verifiable Credential. Multiple JSON Schemas may back a single Verifiable Credential,
            e.g. a schema for the credentialSubject and another for other credential properties.
         
This section is non-normative.
The following terms are used to describe concepts in this specification.
did:example:123456abcdef.
  As well as sections marked as non-normative, all authoring guidelines, diagrams, examples, and notes in this specification are non-normative. Everything else in this specification is normative.
The key words MAY, MUST, MUST NOT, RECOMMENDED, SHOULD, and SHOULD NOT in this document are to be interpreted as described in BCP 14 [RFC2119] [RFC8174] when, and only when, they appear in all capitals, as shown here.
            The following sections outline the data models for this document, of which there are two:
            JsonSchema for usage of a [JSON-SCHEMA] directly in a credentialSchema
            property, and JsonSchemaCredential for usage of a [JSON-SCHEMA] represented as a
            verifiable credential.
         
Implementers MAY package a [JSON-SCHEMA] as a verifiable credential when they wish to leverage features of the [VC-DATA-MODEL-2.0], answering questions such as:
issuer property)validFrom, validUntil, and credentialStatus properties)This term is part of the Verifiable Credentials Vocabulary v2.0.
               JsonSchema is used for the validation of W3C Verifiable Credentials using
               JSON Schema. When dereferencing the id property associated with the
               JsonSchema type value the result is a valid JSON
               Schema document according to its specification version.
            
The specification version of [JSON-SCHEMA] can be any version noted in the section on JSON Schema Specifications.
| Property | Description | 
|---|---|
| id | The constraints on the idproperty are listed in the Verifiable Credentials
                      Data Model specification [VC-DATA-MODEL-2.0]. The value MUST be a URL that identifies
                      the schema associated with the verifiable credential. | 
| type | The typeproperty MUST beJsonSchema. | 
               The jsonSchema property is only to be used
               when the JsonSchema class instance is the object of the credentialSubject
               property within a JsonSchemaCredential instance.
            
               An example of utilizing the VC Data Model's credentialSchema
               is provided below:
               
{
  "@context": [
    "https://www.w3.org/ns/credentials/v2",
    "https://www.w3.org/ns/credentials/examples/v2"
  ],
  "id": "https://example.com/credentials/3732",
  "type": ["VerifiableCredential", "EmailCredential"],
  "issuer": "https://example.com/issuers/14",
  "issuanceDate": "2010-01-01T19:23:24Z",
  "credentialSubject": {
    "id": "did:example:ebfeb1f712ebc6f1c276e12ec21",
    "emailAddress": "subject@example.com"
  },
  "credentialSchema": {
    "id": "https://example.com/schemas/email.json",
    "type": "JsonSchema"
  }
}graph LR
0("VerifiableCredential")
1{{"id"}}
2("https://example.com/credentials/3732")
3(("type"))
4("EmailCredential")
5("issuer")
6("https://example.com/issuers/14")
7("issuanceDate")
8("2010-01-01T19:23:24Z")
9("credentialSubject")
10{{"id"}}
11("did:example:ebfeb1f712ebc6f1c276e12ec21")
12("emailAddress")
13("subject@example.com")
14("credentialSchema")
15{{"id"}}
16("https://example.com/schemas/email.json")
17(("type"))
18("JsonSchema")
0 --- 1
1 --- 2
0 --- 3
3 --- 4
0 --- 5
5 --- 6
0 --- 7
7 --- 8
0 --- 9
9 --- 10
10 --- 11
9 --- 12
12 --- 13
0 --- 14
14 --- 15
15 --- 16
14 --- 17
17 --- 18---------------- Decoded Protected Header ----------------
{
  "alg": "ES384"
}
---------------- Decoded Protected Claimset ----------------
{
  "@context": [
    "https://www.w3.org/ns/credentials/v2",
    "https://www.w3.org/ns/credentials/examples/v2"
  ],
  "id": "https://example.com/credentials/3732",
  "type": [
    "VerifiableCredential",
    "EmailCredential"
  ],
  "issuer": "https://example.com/issuers/14",
  "issuanceDate": "2010-01-01T19:23:24Z",
  "credentialSubject": {
    "id": "did:example:ebfeb1f712ebc6f1c276e12ec21",
    "emailAddress": "subject@example.com"
  },
  "credentialSchema": {
    "id": "https://example.com/schemas/email.json",
    "type": "JsonSchema"
  }
}
---------------- Compact Encoded JSON Web Token ----------------
eyJhbGciOiJFUzM4NCJ9.eyJAY29udGV4dCI6WyJodHRwczovL3d3dy53My5vcmcvbnMvY3JlZGVudGlhbHMvdjIiLCJodHRwczovL3d3dy53My5vcmcvbnMvY3JlZGVudGlhbHMvZXhhbXBsZXMvdjIiXSwiaWQiOiJodHRwczovL2V4YW1wbGUuY29tL2NyZWRlbnRpYWxzLzM3MzIiLCJ0eXBlIjpbIlZlcmlmaWFibGVDcmVkZW50aWFsIiwiRW1haWxDcmVkZW50aWFsIl0sImlzc3VlciI6Imh0dHBzOi8vZXhhbXBsZS5jb20vaXNzdWVycy8xNCIsImlzc3VhbmNlRGF0ZSI6IjIwMTAtMDEtMDFUMTk6MjM6MjRaIiwiY3JlZGVudGlhbFN1YmplY3QiOnsiaWQiOiJkaWQ6ZXhhbXBsZTplYmZlYjFmNzEyZWJjNmYxYzI3NmUxMmVjMjEiLCJlbWFpbEFkZHJlc3MiOiJzdWJqZWN0QGV4YW1wbGUuY29tIn0sImNyZWRlbnRpYWxTY2hlbWEiOnsiaWQiOiJodHRwczovL2V4YW1wbGUuY29tL3NjaGVtYXMvZW1haWwuanNvbiIsInR5cGUiOiJKc29uU2NoZW1hIn19.NNtSvstcO0cNmPxFxNOh_MbCeaqC6N32h4fmnBWZ5NUU00M3Xg6Nf2_SZOv5DNNDJVkeS0wQKTBKJZbgq5AdP1Otxd8bUIfkE14J00DJvs4JHyyBEYi2Qh8KH1ObDXy1
               Upon dereferencing the value of the id https://example.com/schemas/email.json,
               a process also be referred to as schema resolution, the following JSON Schema 
               document is returned:
              
{
  "$id": "https://example.com/schemas/email.json",
  "$schema": "https://json-schema.org/draft/2020-12/schema",
  "title": "EmailCredential",
  "description": "EmailCredential using JsonSchema",
  "type": "object",
  "properties": {
    "credentialSubject": {
      "type": "object",
      "properties": {
        "emailAddress": {
          "type": "string",
          "format": "email"
        }
      },
      "required": [
        "emailAddress"
      ]
    }
  }
}This term is part of the Verifiable Credentials Vocabulary v2.0.
               JsonSchemaCredential is used for the validation of W3C Verifiable Credentials using
               JSON Schema, where the JSON Schema is contained with a verifiable credential.
               When dereferencing the id property associated with the
               credentialSchema type value, the result is a valid
               verifiable credential. For the resulting verifiable credential:
            
credentialSubject property MUST contain two properties:
                type – the value of which MUST be JsonSchemajsonSchema – an object which contains a valid JSON SchemacredentialSchema property MUST always be set to:
                {
  "id": "https://www.w3.org/2022/credentials/v2/json-schema-credential-schema.json",
  "type": "JsonSchema",
  "digestSRI": "sha384-S57yQDg1MTzF56Oi9DbSQ14u7jBy0RDdx0YbeV7shwhCS88G8SCXeFq82PafhCrW"
}
                  The hash value of the digestSRI property might change during the Candidate Recommendation
                  phase based on implementer feedback that requires the referenced files to be modified.
                
Any version of [JSON-SCHEMA] in the section on JSON Schema Specifications can be used.
| Property | Description | 
|---|---|
| id | The constraints on the idproperty are listed in the Verifiable Credentials
                      Data Model specification [VC-DATA-MODEL-2.0]. The value MUST be a URL that identifies
                      the verifiable credential which contains a credential schema. | 
| type | The typeproperty MUST beJsonSchemaCredential. | 
| credentialSubject.id | The credentialSubject'sidproperty MUST follow the guidance
                        provided for identifiers in the [VC-DATA-MODEL-2.0] 
                        specification. | 
| credentialSubject.type | The credentialSubject'stypeproperty MUST be 
                        JsonSchema. | 
| credentialSubject.jsonSchema | The credentialSubjectMUST use thejsonSchemaproperty to 
                        represent a valid [JSON-SCHEMA]. | 
credentialSchema
               is provided below:
               {
  "@context": [
    "https://www.w3.org/ns/credentials/v2",
    "https://www.w3.org/ns/credentials/examples/v2"
  ],
  "id": "https://example.com/credentials/3733",
  "type": ["VerifiableCredential", "ExampleEmailCredential"],
  "issuer": "https://example.com/issuers/14",
  "issuanceDate": "2010-01-01T19:23:24Z",
  "credentialSubject": {
    "id": "did:example:ebfeb1f712ebc6f1c276e12ec21",
    "emailAddress": "subject@example.com"
  },
  "credentialSchema": {
    "id": "https://example.com/credentials/3734",
    "type": "JsonSchemaCredential"
  }
}graph LR
19("VerifiableCredential")
20{{"id"}}
21("https://example.com/credentials/3733")
22(("type"))
23("ExampleEmailCredential")
24("issuer")
25("https://example.com/issuers/14")
26("issuanceDate")
27("2010-01-01T19:23:24Z")
28("credentialSubject")
29{{"id"}}
30("did:example:ebfeb1f712ebc6f1c276e12ec21")
31("emailAddress")
32("subject@example.com")
33("credentialSchema")
34{{"id"}}
35("https://example.com/credentials/3734")
36(("type"))
37("JsonSchemaCredential")
19 --- 20
20 --- 21
19 --- 22
22 --- 23
19 --- 24
24 --- 25
19 --- 26
26 --- 27
19 --- 28
28 --- 29
29 --- 30
28 --- 31
31 --- 32
19 --- 33
33 --- 34
34 --- 35
33 --- 36
36 --- 37---------------- Decoded Protected Header ----------------
{
  "alg": "ES384"
}
---------------- Decoded Protected Claimset ----------------
{
  "@context": [
    "https://www.w3.org/ns/credentials/v2",
    "https://www.w3.org/ns/credentials/examples/v2"
  ],
  "id": "https://example.com/credentials/3733",
  "type": [
    "VerifiableCredential",
    "ExampleEmailCredential"
  ],
  "issuer": "https://example.com/issuers/14",
  "issuanceDate": "2010-01-01T19:23:24Z",
  "credentialSubject": {
    "id": "did:example:ebfeb1f712ebc6f1c276e12ec21",
    "emailAddress": "subject@example.com"
  },
  "credentialSchema": {
    "id": "https://example.com/credentials/3734",
    "type": "JsonSchemaCredential"
  }
}
---------------- Compact Encoded JSON Web Token ----------------
eyJhbGciOiJFUzM4NCJ9.eyJAY29udGV4dCI6WyJodHRwczovL3d3dy53My5vcmcvbnMvY3JlZGVudGlhbHMvdjIiLCJodHRwczovL3d3dy53My5vcmcvbnMvY3JlZGVudGlhbHMvZXhhbXBsZXMvdjIiXSwiaWQiOiJodHRwczovL2V4YW1wbGUuY29tL2NyZWRlbnRpYWxzLzM3MzMiLCJ0eXBlIjpbIlZlcmlmaWFibGVDcmVkZW50aWFsIiwiRXhhbXBsZUVtYWlsQ3JlZGVudGlhbCJdLCJpc3N1ZXIiOiJodHRwczovL2V4YW1wbGUuY29tL2lzc3VlcnMvMTQiLCJpc3N1YW5jZURhdGUiOiIyMDEwLTAxLTAxVDE5OjIzOjI0WiIsImNyZWRlbnRpYWxTdWJqZWN0Ijp7ImlkIjoiZGlkOmV4YW1wbGU6ZWJmZWIxZjcxMmViYzZmMWMyNzZlMTJlYzIxIiwiZW1haWxBZGRyZXNzIjoic3ViamVjdEBleGFtcGxlLmNvbSJ9LCJjcmVkZW50aWFsU2NoZW1hIjp7ImlkIjoiaHR0cHM6Ly9leGFtcGxlLmNvbS9jcmVkZW50aWFscy8zNzM0IiwidHlwZSI6Ikpzb25TY2hlbWFDcmVkZW50aWFsIn19.ozYGhMAyFwis9QCnn_GYPdiWfqrXBdu6sk42EOYFgDDZHcNrvDKJE2xyboAekLrYYB-ctCJxVGEm9dEzSj5PcEDXqliJeuhMUrwyphHwuM3oAiSBVyr2NF0YZk_tgj2e
               Upon dereferencing the value of the id https://example.com/credentials/3734,
               a process also be referred to as schema resolution, the following verifiable credential,
               representing a JSON Schema, is returned:
              
{
  "@context": [
      "https://www.w3.org/ns/credentials/v2",
      "https://www.w3.org/ns/credentials/examples/v2"
  ],
  "id": "https://example.com/credentials/3734",
  "type": ["VerifiableCredential", "JsonSchemaCredential"],
  "issuer": "https://example.com/issuers/14",
  "issuanceDate": "2010-01-01T19:23:24Z",
  "credentialSchema": {
    "id": "https://www.w3.org/2022/credentials/v2/json-schema-credential-schema.json",
    "type": "JsonSchema",
    "digestSRI": "sha384-S57yQDg1MTzF56Oi9DbSQ14u7jBy0RDdx0YbeV7shwhCS88G8SCXeFq82PafhCrW"
  },
  "credentialSubject": {
    "id": "https://example.com/schemas/email-credential-schema.json",
    "type": "JsonSchema",
    "jsonSchema": {
       "$id": "https://example.com/schemas/email-credential-schema.json",
       "$schema": "https://json-schema.org/draft/2020-12/schema",
       "title": "EmailCredential",
       "description": "EmailCredential using JsonSchemaCredential",
       "type": "object",
       "properties": {
         "credentialSubject": {
           "type": "object",
           "properties": {
             "emailAddress": {
               "type": "string",
               "format": "email"
             }
           },
           "required": ["emailAddress"]
         }
       }
    }
  }
}graph LR
38("VerifiableCredential")
39{{"id"}}
40("https://example.com/credentials/3734")
41(("type"))
42("JsonSchemaCredential")
43("issuer")
44("https://example.com/issuers/14")
45("issuanceDate")
46("2010-01-01T19:23:24Z")
47("credentialSchema")
48{{"id"}}
49("https://www.w3.org/2022/credentials/v2/json-schema-credential-schema.json")
50(("type"))
51("JsonSchema")
52("digestSRI")
53("sha384-S57yQDg1MTzF56Oi9DbSQ14u7jBy0RDdx0YbeV7shwhCS88G8SCXeFq82PafhCrW")
54("credentialSubject")
55{{"id"}}
56("https://example.com/schemas/email-credential-schema.json")
57(("type"))
58("JsonSchema")
59("jsonSchema")
60("$id")
61("https://example.com/schemas/email-credential-schema.json")
62("$schema")
63("https://json-schema.org/draft/2020-12/schema")
64("title")
65("EmailCredential")
66("description")
67("EmailCredential using JsonSchemaCredential")
68(("type"))
69("object")
70("properties")
71("credentialSubject")
72(("type"))
73("object")
74("properties")
75("emailAddress")
76(("type"))
77("string")
78("format")
79("email")
80("required")
81("emailAddress")
38 --- 39
39 --- 40
38 --- 41
41 --- 42
38 --- 43
43 --- 44
38 --- 45
45 --- 46
38 --- 47
47 --- 48
48 --- 49
47 --- 50
50 --- 51
47 --- 52
52 --- 53
38 --- 54
54 --- 55
55 --- 56
54 --- 57
57 --- 58
54 --- 59
59 --- 60
60 --- 61
59 --- 62
62 --- 63
59 --- 64
64 --- 65
59 --- 66
66 --- 67
59 --- 68
68 --- 69
59 --- 70
70 --- 71
71 --- 72
72 --- 73
71 --- 74
74 --- 75
75 --- 76
76 --- 77
75 --- 78
78 --- 79
71 --- 80
80 --- 81---------------- Decoded Protected Header ----------------
{
  "alg": "ES384"
}
---------------- Decoded Protected Claimset ----------------
{
  "@context": [
    "https://www.w3.org/ns/credentials/v2",
    "https://www.w3.org/ns/credentials/examples/v2"
  ],
  "id": "https://example.com/credentials/3734",
  "type": [
    "VerifiableCredential",
    "JsonSchemaCredential"
  ],
  "issuer": "https://example.com/issuers/14",
  "issuanceDate": "2010-01-01T19:23:24Z",
  "credentialSchema": {
    "id": "https://www.w3.org/2022/credentials/v2/json-schema-credential-schema.json",
    "type": "JsonSchema",
    "digestSRI": "sha384-S57yQDg1MTzF56Oi9DbSQ14u7jBy0RDdx0YbeV7shwhCS88G8SCXeFq82PafhCrW"
  },
  "credentialSubject": {
    "id": "https://example.com/schemas/email-credential-schema.json",
    "type": "JsonSchema",
    "jsonSchema": {
      "$id": "https://example.com/schemas/email-credential-schema.json",
      "$schema": "https://json-schema.org/draft/2020-12/schema",
      "title": "EmailCredential",
      "description": "EmailCredential using JsonSchemaCredential",
      "type": "object",
      "properties": {
        "credentialSubject": {
          "type": "object",
          "properties": {
            "emailAddress": {
              "type": "string",
              "format": "email"
            }
          },
          "required": [
            "emailAddress"
          ]
        }
      }
    }
  }
}
---------------- Compact Encoded JSON Web Token ----------------
eyJhbGciOiJFUzM4NCJ9.eyJAY29udGV4dCI6WyJodHRwczovL3d3dy53My5vcmcvbnMvY3JlZGVudGlhbHMvdjIiLCJodHRwczovL3d3dy53My5vcmcvbnMvY3JlZGVudGlhbHMvZXhhbXBsZXMvdjIiXSwiaWQiOiJodHRwczovL2V4YW1wbGUuY29tL2NyZWRlbnRpYWxzLzM3MzQiLCJ0eXBlIjpbIlZlcmlmaWFibGVDcmVkZW50aWFsIiwiSnNvblNjaGVtYUNyZWRlbnRpYWwiXSwiaXNzdWVyIjoiaHR0cHM6Ly9leGFtcGxlLmNvbS9pc3N1ZXJzLzE0IiwiaXNzdWFuY2VEYXRlIjoiMjAxMC0wMS0wMVQxOToyMzoyNFoiLCJjcmVkZW50aWFsU2NoZW1hIjp7ImlkIjoiaHR0cHM6Ly93d3cudzMub3JnLzIwMjIvY3JlZGVudGlhbHMvdjIvanNvbi1zY2hlbWEtY3JlZGVudGlhbC1zY2hlbWEuanNvbiIsInR5cGUiOiJKc29uU2NoZW1hIiwiZGlnZXN0U1JJIjoic2hhMzg0LVM1N3lRRGcxTVR6RjU2T2k5RGJTUTE0dTdqQnkwUkRkeDBZYmVWN3Nod2hDUzg4RzhTQ1hlRnE4MlBhZmhDclcifSwiY3JlZGVudGlhbFN1YmplY3QiOnsiaWQiOiJodHRwczovL2V4YW1wbGUuY29tL3NjaGVtYXMvZW1haWwtY3JlZGVudGlhbC1zY2hlbWEuanNvbiIsInR5cGUiOiJKc29uU2NoZW1hIiwianNvblNjaGVtYSI6eyIkaWQiOiJodHRwczovL2V4YW1wbGUuY29tL3NjaGVtYXMvZW1haWwtY3JlZGVudGlhbC1zY2hlbWEuanNvbiIsIiRzY2hlbWEiOiJodHRwczovL2pzb24tc2NoZW1hLm9yZy9kcmFmdC8yMDIwLTEyL3NjaGVtYSIsInRpdGxlIjoiRW1haWxDcmVkZW50aWFsIiwiZGVzY3JpcHRpb24iOiJFbWFpbENyZWRlbnRpYWwgdXNpbmcgSnNvblNjaGVtYUNyZWRlbnRpYWwiLCJ0eXBlIjoib2JqZWN0IiwicHJvcGVydGllcyI6eyJjcmVkZW50aWFsU3ViamVjdCI6eyJ0eXBlIjoib2JqZWN0IiwicHJvcGVydGllcyI6eyJlbWFpbEFkZHJlc3MiOnsidHlwZSI6InN0cmluZyIsImZvcm1hdCI6ImVtYWlsIn19LCJyZXF1aXJlZCI6WyJlbWFpbEFkZHJlc3MiXX19fX19.zY76nicAKLGea5h_UrLyvmn26cbIkkisF9hldOyNbmifnkW8Wx25OB4OvadcSyBmDGGx0EgG0VyDhmSNpdylzWIVkkwI_Do_LhiK26Y4B4yPrZoOpAG4ojsFVv2UNAjJThis term is part of the Verifiable Credentials Vocabulary v2.0.
jsonSchema enables the use of the jsonSchema property
                  within the credentialSubject of a verifiable credential.  The term is
                  intended to be used with the 2.2 JsonSchemaCredential type only. The value of
                  the jsonSchema property MUST be a valid [JSON-SCHEMA].
               
 {
  "@context": [
      "https://www.w3.org/ns/credentials/v2",
      "https://www.w3.org/ns/credentials/examples/v2"
  ],
  "id": "https://example.com/credentials/3734",
  "type": ["VerifiableCredential", "JsonSchemaCredential"],
  "issuer": "https://example.com/issuers/14",
  "issuanceDate": "2010-01-01T19:23:24Z",
  "credentialSchema": {
    "id": "https://www.w3.org/2022/credentials/v2/json-schema-credential-schema.json",
    "type": "JsonSchema",
  },
  "credentialSubject": {
    "id": "https://example.com/schemas/favorite-color-schema.json",
    "type": "JsonSchema",
     "jsonSchema": {
       "$id": "https://example.com/schemas/favorite-color-schema.json",
       "$schema": "https://json-schema.org/draft/2020-12/schema",
       "title": "Favorite Color Schema",
       "description": "Favorite Color using JsonSchemaCredential",
       "type": "object",
       "properties": {
         "credentialSubject": {
           "type": "object",
           "properties": {
             "favoriteColor": {
               "type": "string"
               "enum": ["red", "orange", "green", "blue", "yellow", "purple"]
             }
           },
           "required": ["favoriteColor"]
         }
       }
    }
    
  }
}
      The following section describes the allowed specifications for using a [JSON-SCHEMA] with a credential schema.
To promote conformance and enable interoperability, implementers MUST provide support for JSON Schema specifications where, in the following table, the required column's value is yes.
| JSON Schema Specification | Date of Publication | $schema URI | Required | 
|---|---|---|---|
| [JSON-SCHEMA-2020-12] | 10 June 2022 | https://json-schema.org/draft/2020-12/schema | Yes | 
| [JSON-SCHEMA-2019-09] | 19 March 2020 | https://json-schema.org/draft/2019-09/schema | No | 
| [JSON-SCHEMA-DRAFT-7] | 20 September 2018 | http://json-schema.org/draft-07/schema# | No | 
A stable JSON Schema specification is in the works. When it's released, we intend to update this table to require the stable version.
JSON Schema specifications reserve certain keywords that hold specific meanings and functions during the processing of JSON Schemas. It is crucial to avoid using conflicting keys when creating JSON Schemas. The specification document for each version of JSON Schema lists these reserved keywords, which can be found in the table provided above.
In the upcoming sections we list some keywords that possess unique significance in [JSON-SCHEMA] documents and SHOULD NOT be used in conflicting ways, such as redefining these keywords, or using them in a manner other than as noted by [JSON-SCHEMA] specifications.
Furthermore, we identify specific keywords, that are not explicitly defined by JSON Schema, but are emphasized in this specification to support widespread usage.
                  Across JSON Schema specifications, the $id keyword identifies a schema resource 
                  with its canonical URI. The $id MUST be present, and its value MUST represent 
                  a valid URI-reference as specified by the associated [JSON-SCHEMA] version.
               
                  It is RECOMMENDED that the value of the $id property match the id
                  value in the credentialSchema object of a verifiable credential, and
                  that the value of the $id is a dereferenceable URL.
               
                  Across JSON Schema specifications, the $schema keyword identifies a JSON Schema
                  providing the feature set for a given JSON Schema specification. This property MUST be present
                  in each schema. For example, when constructing a schema for Draft 2020-12 the value of 
                  the $schema identifier MUST be https://json-schema.org/draft/2020-12/schema.
               
                  It is RECOMMENDED that all JSON Schemas include the optional title property as defined in
                  [JSON-SCHEMA].
               
                  It is RECOMMENDED that all JSON Schemas include the optional description property as
                  defined in [JSON-SCHEMA].
               
                JSON Schemas SHOULD choose to include an optional lang property that indicates the
                language tag for the values of the title and
                description properties defined in the JSON Schema. The value of this field MUST be a
                canonical unicode locale identifier.
                When absent, implementers MUST assume that the value of this property is und.
              
                  JSON Schemas SHOULD choose to include an optional dir property that indicates the
                  base direction for the values of the title and description properties defined in
                  the JSON Schema. The value of this property MUST be a text-direction. When absent, implementers
                  MUST assume that the value of this property is "auto".
               
The text-directions are the following:
               The standard representation of [JSON-SCHEMA] uses the [RFC8259] JSON data interchange
               syntax with .json as the file extension.
            
               Implementers MAY use OpenAPI Specification's OpenAPI Specification - version 3.1.0 [YAML] representation
               of a [JSON-SCHEMA] with .yaml as the file extension. 
               
YAML representations of JSON Schemas can only be used with credential schemas whose type is JsonSchema.
---
"$id": https://example.com/schemas/email.json
"$schema": https://json-schema.org/draft/2020-12/schema
title: Email Credential Schema
description: Email Credential JSON Schema using YAML
type: object
properties:
  credentialSubject:
    type: object
    properties:
      emailAddress:
        type: string
        format: email
    required:
    - emailAddress
example: |-
  {
    "$id": "https://example.com/schemas/email.json",
    "$schema": "https://json-schema.org/draft/2019-09/schema",
    "title": "EmailCredential",
    "description": "Email Credential JSON Schema",
    "type": "object",
    "properties": {
      "credentialSubject": {
        "type": "object",
        "properties": {
          "emailAddress": {
            "type": "string",
            "format": "email"
          }
        },
        "required": ["emailAddress"]
      }
    }
  }This section details how to process Credential Schemas, which is commonly referred to as JSON schema validation.
There are many open source implementations of [JSON-SCHEMA] validators across many common programming languages. The OpenJS Foundation maintains a list of implementations as a part of the JSON Schema official documentation.
         A common feature of a JSON Schema validator is the ability to detect the version of a JSON Schema document
         and select the validator for that specific version of [JSON-SCHEMA]. This is done by switching on the
         schema's $schema property and picking the corresponding validator. Schemas without a 
         $schema property are not considered valid and MUST NOT be processed. Implementers
         SHOULD choose validators which possess this capability and are able to limit validation to the 
         JSON Schema specifications supported by this document.
        
Conformant implementers MUST support JSON Schema specification versions marked as required in the table defined in the JSON Schema specifications section of this document. Implementers MAY support JSON Schema specification versions not marked as required.
Credential Schemas MAY be packaged as verifiable credentials as defined by usage of the JsonSchemaCredential type. The credential containing a credential schema MAY be secured by using either an embedded or external proof as defined in Securing Verifiable Credentials.
Secured credentials representing credential schemas SHOULD first be validated according to the rules set out in the aforementioned securing specifications before proceeding with additional processing.
Provide examples for secured credential schemas.
            Credential Schemas of type JsonSchema MAY
            be annotated with integrity information by adding the digestSRI property to the credentialSchema value
            in the Verifiable Credential which contains the schema, using the method specified in
            Integrity of Related Resources.
            It is RECOMMENDED that validation of the integrity of the schema be done before evaluation.
          
An example of such usage is provided below:
{
  "@context": [
    "https://www.w3.org/ns/credentials/v2",
    "https://www.w3.org/ns/credentials/examples/v2"
  ],
  "id": "https://example.com/credentials/3733",
  "type": ["VerifiableCredential", "EmailCredential"],
  "issuer": "https://example.com/issuers/14",
  "issuanceDate": "2010-01-01T19:23:24Z",
  "credentialSubject": {
    "id": "did:example:ebfeb1f712ebc6f1c276e12ec21",
    "emailAddress": "subject@example.com"
  },
  "credentialSchema": {
    "id": "https://example.com/schemas/email.json",
    "type": "JsonSchema",
    "digestSRI": "sha384-dNwyy/Zs/YjPor8aoOgnaCqb+PH24QcNFxbxM1XoBOxdbgnpQcVaGYH8QunXww2U"
  }
}graph LR
82("VerifiableCredential")
83{{"id"}}
84("https://example.com/credentials/3733")
85(("type"))
86("EmailCredential")
87("issuer")
88("https://example.com/issuers/14")
89("issuanceDate")
90("2010-01-01T19:23:24Z")
91("credentialSubject")
92{{"id"}}
93("did:example:ebfeb1f712ebc6f1c276e12ec21")
94("emailAddress")
95("subject@example.com")
96("credentialSchema")
97{{"id"}}
98("https://example.com/schemas/email.json")
99(("type"))
100("JsonSchema")
101("digestSRI")
102("sha384-dNwyy/Zs/YjPor8aoOgnaCqb+PH24QcNFxbxM1XoBOxdbgnpQcVaGYH8QunXww2U")
82 --- 83
83 --- 84
82 --- 85
85 --- 86
82 --- 87
87 --- 88
82 --- 89
89 --- 90
82 --- 91
91 --- 92
92 --- 93
91 --- 94
94 --- 95
82 --- 96
96 --- 97
97 --- 98
96 --- 99
99 --- 100
96 --- 101
101 --- 102---------------- Decoded Protected Header ----------------
{
  "alg": "ES384"
}
---------------- Decoded Protected Claimset ----------------
{
  "@context": [
    "https://www.w3.org/ns/credentials/v2",
    "https://www.w3.org/ns/credentials/examples/v2"
  ],
  "id": "https://example.com/credentials/3733",
  "type": [
    "VerifiableCredential",
    "EmailCredential"
  ],
  "issuer": "https://example.com/issuers/14",
  "issuanceDate": "2010-01-01T19:23:24Z",
  "credentialSubject": {
    "id": "did:example:ebfeb1f712ebc6f1c276e12ec21",
    "emailAddress": "subject@example.com"
  },
  "credentialSchema": {
    "id": "https://example.com/schemas/email.json",
    "type": "JsonSchema",
    "digestSRI": "sha384-dNwyy/Zs/YjPor8aoOgnaCqb+PH24QcNFxbxM1XoBOxdbgnpQcVaGYH8QunXww2U"
  }
}
---------------- Compact Encoded JSON Web Token ----------------
eyJhbGciOiJFUzM4NCJ9.eyJAY29udGV4dCI6WyJodHRwczovL3d3dy53My5vcmcvbnMvY3JlZGVudGlhbHMvdjIiLCJodHRwczovL3d3dy53My5vcmcvbnMvY3JlZGVudGlhbHMvZXhhbXBsZXMvdjIiXSwiaWQiOiJodHRwczovL2V4YW1wbGUuY29tL2NyZWRlbnRpYWxzLzM3MzMiLCJ0eXBlIjpbIlZlcmlmaWFibGVDcmVkZW50aWFsIiwiRW1haWxDcmVkZW50aWFsIl0sImlzc3VlciI6Imh0dHBzOi8vZXhhbXBsZS5jb20vaXNzdWVycy8xNCIsImlzc3VhbmNlRGF0ZSI6IjIwMTAtMDEtMDFUMTk6MjM6MjRaIiwiY3JlZGVudGlhbFN1YmplY3QiOnsiaWQiOiJkaWQ6ZXhhbXBsZTplYmZlYjFmNzEyZWJjNmYxYzI3NmUxMmVjMjEiLCJlbWFpbEFkZHJlc3MiOiJzdWJqZWN0QGV4YW1wbGUuY29tIn0sImNyZWRlbnRpYWxTY2hlbWEiOnsiaWQiOiJodHRwczovL2V4YW1wbGUuY29tL3NjaGVtYXMvZW1haWwuanNvbiIsInR5cGUiOiJKc29uU2NoZW1hIiwiZGlnZXN0U1JJIjoic2hhMzg0LWROd3l5L1pzL1lqUG9yOGFvT2duYUNxYitQSDI0UWNORnhieE0xWG9CT3hkYmducFFjVmFHWUg4UXVuWHd3MlUifX0.xinoL5oJKDsSXzQIHAJsQcey0GJvzNYU1trJv5U_4VhPeatVzp_zgn70MFmIzpupE8C-7oFf66YRb7fgXsSkY_m5JmDwWkxHGjj0bD7iWHyxMQu1DxnKva1GnxyT_P-1Validation of a given credential against a schema is to be performed according to its associated [JSON-SCHEMA] specification. Validation MUST result in one of the following three possible outcomes:
Examples for the Success and Failure possible outcomes are provided below.
{
  "$id": "https://example.com/schemas/email.json",
  "$schema": "https://json-schema.org/draft/2020-12/schema",
  "title": "EmailCredential",
  "description": "EmailCredential using JsonSchema",
  "type": "object",
  "properties": {
    "credentialSubject": {
      "type": "object",
      "properties": {
        "emailAddress": {
          "type": "string",
          "format": "email"
        }
      },
      "required": ["emailAddress"]
     }
   }
}Validation according to the spec [JSON-SCHEMA-2020-12] yields a Success result when applying it to the VC below.
{
  "@context": [
    "https://www.w3.org/ns/credentials/v2",
    "https://www.w3.org/ns/credentials/examples/v2"
  ],
  "id": "https://example.com/credentials/3732",
  "type": ["VerifiableCredential", "EmailCredential"],
  "issuer": "https://example.com/issuers/14",
  "issuanceDate": "2010-01-01T19:23:24Z",
  "credentialSubject": {
    "id": "did:example:ebfeb1f712ebc6f1c276e12ec21",
    "emailAddress": "subject@example.com"
  },
  "credentialSchema": {
    "id": "https://example.com/schemas/email.json",
    "type": "JsonSchema"
  }
}graph LR
103("VerifiableCredential")
104{{"id"}}
105("https://example.com/credentials/3732")
106(("type"))
107("EmailCredential")
108("issuer")
109("https://example.com/issuers/14")
110("issuanceDate")
111("2010-01-01T19:23:24Z")
112("credentialSubject")
113{{"id"}}
114("did:example:ebfeb1f712ebc6f1c276e12ec21")
115("emailAddress")
116("subject@example.com")
117("credentialSchema")
118{{"id"}}
119("https://example.com/schemas/email.json")
120(("type"))
121("JsonSchema")
103 --- 104
104 --- 105
103 --- 106
106 --- 107
103 --- 108
108 --- 109
103 --- 110
110 --- 111
103 --- 112
112 --- 113
113 --- 114
112 --- 115
115 --- 116
103 --- 117
117 --- 118
118 --- 119
117 --- 120
120 --- 121---------------- Decoded Protected Header ----------------
{
  "alg": "ES384"
}
---------------- Decoded Protected Claimset ----------------
{
  "@context": [
    "https://www.w3.org/ns/credentials/v2",
    "https://www.w3.org/ns/credentials/examples/v2"
  ],
  "id": "https://example.com/credentials/3732",
  "type": [
    "VerifiableCredential",
    "EmailCredential"
  ],
  "issuer": "https://example.com/issuers/14",
  "issuanceDate": "2010-01-01T19:23:24Z",
  "credentialSubject": {
    "id": "did:example:ebfeb1f712ebc6f1c276e12ec21",
    "emailAddress": "subject@example.com"
  },
  "credentialSchema": {
    "id": "https://example.com/schemas/email.json",
    "type": "JsonSchema"
  }
}
---------------- Compact Encoded JSON Web Token ----------------
eyJhbGciOiJFUzM4NCJ9.eyJAY29udGV4dCI6WyJodHRwczovL3d3dy53My5vcmcvbnMvY3JlZGVudGlhbHMvdjIiLCJodHRwczovL3d3dy53My5vcmcvbnMvY3JlZGVudGlhbHMvZXhhbXBsZXMvdjIiXSwiaWQiOiJodHRwczovL2V4YW1wbGUuY29tL2NyZWRlbnRpYWxzLzM3MzIiLCJ0eXBlIjpbIlZlcmlmaWFibGVDcmVkZW50aWFsIiwiRW1haWxDcmVkZW50aWFsIl0sImlzc3VlciI6Imh0dHBzOi8vZXhhbXBsZS5jb20vaXNzdWVycy8xNCIsImlzc3VhbmNlRGF0ZSI6IjIwMTAtMDEtMDFUMTk6MjM6MjRaIiwiY3JlZGVudGlhbFN1YmplY3QiOnsiaWQiOiJkaWQ6ZXhhbXBsZTplYmZlYjFmNzEyZWJjNmYxYzI3NmUxMmVjMjEiLCJlbWFpbEFkZHJlc3MiOiJzdWJqZWN0QGV4YW1wbGUuY29tIn0sImNyZWRlbnRpYWxTY2hlbWEiOnsiaWQiOiJodHRwczovL2V4YW1wbGUuY29tL3NjaGVtYXMvZW1haWwuanNvbiIsInR5cGUiOiJKc29uU2NoZW1hIn19.viOqcptBQBSNErG21yg7UETrMMORwS1_cQ8PaEsTtXsJyXjJAuXut-4vu_Uz2SpNXH03xWbAcxEIy6R-K7GxbFWWDVF4yz2CQhDQgdqJZwG1QOXxupw0d4CzGfFH1cp6Validation according to the spec [JSON-SCHEMA-2020-12] yields a Failure result when applying it to the VC below.
{
  "@context": [
    "https://www.w3.org/ns/credentials/v2",
    "https://www.w3.org/ns/credentials/examples/v2"
  ],
  "id": "https://example.com/credentials/3732",
  "type": ["VerifiableCredential", "EmailCredential"],
  "issuer": "https://example.com/issuers/14",
  "issuanceDate": "2010-01-01T19:23:24Z",
  "credentialSubject": {
    "id": "did:example:ebfeb1f712ebc6f1c276e12ec21",
    "emailAddress": "not an email"
  },
  "credentialSchema": {
    "id": "https://example.com/schemas/email.json",
    "type": "JsonSchema"
  }
}graph LR
122("VerifiableCredential")
123{{"id"}}
124("https://example.com/credentials/3732")
125(("type"))
126("EmailCredential")
127("issuer")
128("https://example.com/issuers/14")
129("issuanceDate")
130("2010-01-01T19:23:24Z")
131("credentialSubject")
132{{"id"}}
133("did:example:ebfeb1f712ebc6f1c276e12ec21")
134("emailAddress")
135("not an email")
136("credentialSchema")
137{{"id"}}
138("https://example.com/schemas/email.json")
139(("type"))
140("JsonSchema")
122 --- 123
123 --- 124
122 --- 125
125 --- 126
122 --- 127
127 --- 128
122 --- 129
129 --- 130
122 --- 131
131 --- 132
132 --- 133
131 --- 134
134 --- 135
122 --- 136
136 --- 137
137 --- 138
136 --- 139
139 --- 140---------------- Decoded Protected Header ----------------
{
  "alg": "ES384"
}
---------------- Decoded Protected Claimset ----------------
{
  "@context": [
    "https://www.w3.org/ns/credentials/v2",
    "https://www.w3.org/ns/credentials/examples/v2"
  ],
  "id": "https://example.com/credentials/3732",
  "type": [
    "VerifiableCredential",
    "EmailCredential"
  ],
  "issuer": "https://example.com/issuers/14",
  "issuanceDate": "2010-01-01T19:23:24Z",
  "credentialSubject": {
    "id": "did:example:ebfeb1f712ebc6f1c276e12ec21",
    "emailAddress": "not an email"
  },
  "credentialSchema": {
    "id": "https://example.com/schemas/email.json",
    "type": "JsonSchema"
  }
}
---------------- Compact Encoded JSON Web Token ----------------
eyJhbGciOiJFUzM4NCJ9.eyJAY29udGV4dCI6WyJodHRwczovL3d3dy53My5vcmcvbnMvY3JlZGVudGlhbHMvdjIiLCJodHRwczovL3d3dy53My5vcmcvbnMvY3JlZGVudGlhbHMvZXhhbXBsZXMvdjIiXSwiaWQiOiJodHRwczovL2V4YW1wbGUuY29tL2NyZWRlbnRpYWxzLzM3MzIiLCJ0eXBlIjpbIlZlcmlmaWFibGVDcmVkZW50aWFsIiwiRW1haWxDcmVkZW50aWFsIl0sImlzc3VlciI6Imh0dHBzOi8vZXhhbXBsZS5jb20vaXNzdWVycy8xNCIsImlzc3VhbmNlRGF0ZSI6IjIwMTAtMDEtMDFUMTk6MjM6MjRaIiwiY3JlZGVudGlhbFN1YmplY3QiOnsiaWQiOiJkaWQ6ZXhhbXBsZTplYmZlYjFmNzEyZWJjNmYxYzI3NmUxMmVjMjEiLCJlbWFpbEFkZHJlc3MiOiJub3QgYW4gZW1haWwifSwiY3JlZGVudGlhbFNjaGVtYSI6eyJpZCI6Imh0dHBzOi8vZXhhbXBsZS5jb20vc2NoZW1hcy9lbWFpbC5qc29uIiwidHlwZSI6Ikpzb25TY2hlbWEifX0.wGz0esPUYHctd5l5HVEJcGjgcTGBUgcurrmbX2EkhD5MNxzgR005c40iIK0zIZUzgAn2xdulkt0cYSD_KB6b3LIy1dyJch12YSODkdMqLDamVp80eg6KF-It4MQGyJV7Assuming that the implementer does not support [JSON-SCHEMA-2019-09], an example of an Indeterminate evaluation is provided below.
{
  "$id": "https://example.com/schemas/email.json",
  "$schema": "https://json-schema.org/draft/2019-09/schema",
  "title": "EmailCredential",
  "description": "EmailCredential using JsonSchema",
  "type": "object",
  "properties": {
    "credentialSubject": {
      "type": "object",
      "properties": {
        "emailAddress": {
          "type": "string",
          "format": "email"
        }
      },
      "required": [
        "emailAddress"
      ]
    }
  }
}
{
  "@context": [
    "https://www.w3.org/ns/credentials/v2",
    "https://www.w3.org/ns/credentials/examples/v2"
  ],
  "id": "https://example.com/credentials/3732",
  "type": ["VerifiableCredential", "EmailCredential"],
  "issuer": "https://example.com/issuers/14",
  "issuanceDate": "2010-01-01T19:23:24Z",
  "credentialSubject": {
    "id": "did:example:ebfeb1f712ebc6f1c276e12ec21",
    "emailAddress": "not an email"
  },
  "credentialSchema": {
    "id": "https://example.com/schemas/email.json",
    "type": "JsonSchema"
  }
}graph LR
141("VerifiableCredential")
142{{"id"}}
143("https://example.com/credentials/3732")
144(("type"))
145("EmailCredential")
146("issuer")
147("https://example.com/issuers/14")
148("issuanceDate")
149("2010-01-01T19:23:24Z")
150("credentialSubject")
151{{"id"}}
152("did:example:ebfeb1f712ebc6f1c276e12ec21")
153("emailAddress")
154("not an email")
155("credentialSchema")
156{{"id"}}
157("https://example.com/schemas/email.json")
158(("type"))
159("JsonSchema")
141 --- 142
142 --- 143
141 --- 144
144 --- 145
141 --- 146
146 --- 147
141 --- 148
148 --- 149
141 --- 150
150 --- 151
151 --- 152
150 --- 153
153 --- 154
141 --- 155
155 --- 156
156 --- 157
155 --- 158
158 --- 159---------------- Decoded Protected Header ----------------
{
  "alg": "ES384"
}
---------------- Decoded Protected Claimset ----------------
{
  "@context": [
    "https://www.w3.org/ns/credentials/v2",
    "https://www.w3.org/ns/credentials/examples/v2"
  ],
  "id": "https://example.com/credentials/3732",
  "type": [
    "VerifiableCredential",
    "EmailCredential"
  ],
  "issuer": "https://example.com/issuers/14",
  "issuanceDate": "2010-01-01T19:23:24Z",
  "credentialSubject": {
    "id": "did:example:ebfeb1f712ebc6f1c276e12ec21",
    "emailAddress": "not an email"
  },
  "credentialSchema": {
    "id": "https://example.com/schemas/email.json",
    "type": "JsonSchema"
  }
}
---------------- Compact Encoded JSON Web Token ----------------
eyJhbGciOiJFUzM4NCJ9.eyJAY29udGV4dCI6WyJodHRwczovL3d3dy53My5vcmcvbnMvY3JlZGVudGlhbHMvdjIiLCJodHRwczovL3d3dy53My5vcmcvbnMvY3JlZGVudGlhbHMvZXhhbXBsZXMvdjIiXSwiaWQiOiJodHRwczovL2V4YW1wbGUuY29tL2NyZWRlbnRpYWxzLzM3MzIiLCJ0eXBlIjpbIlZlcmlmaWFibGVDcmVkZW50aWFsIiwiRW1haWxDcmVkZW50aWFsIl0sImlzc3VlciI6Imh0dHBzOi8vZXhhbXBsZS5jb20vaXNzdWVycy8xNCIsImlzc3VhbmNlRGF0ZSI6IjIwMTAtMDEtMDFUMTk6MjM6MjRaIiwiY3JlZGVudGlhbFN1YmplY3QiOnsiaWQiOiJkaWQ6ZXhhbXBsZTplYmZlYjFmNzEyZWJjNmYxYzI3NmUxMmVjMjEiLCJlbWFpbEFkZHJlc3MiOiJub3QgYW4gZW1haWwifSwiY3JlZGVudGlhbFNjaGVtYSI6eyJpZCI6Imh0dHBzOi8vZXhhbXBsZS5jb20vc2NoZW1hcy9lbWFpbC5qc29uIiwidHlwZSI6Ikpzb25TY2hlbWEifX0.1IQwA8RP8H7DZ2s2Gho5WjmfGzzIhjMbs1F7n7Juzsr2uBKZqZYucYSboeZMxaGbClMlvEnLD6WlqdSnu-JGr8DjWyszHuu0_pFJddhE5rXS2CUj0ZrU9CJoE8SpxClKThis section is non-normative.
This section details some issues implementers of the specification may consider.
This section is non-normative.
Implementers may wish to validate certain properties in a verifiable credential. To do this, credential schemas can be constructed to validate subsets of a credential's data.
            One example of such a construction would be to validate the presence of certain
            top-level properties in a verifiable credential. The following example
            demonstrates a schema which enforces that a credential issued against it
            has an validUntil property and includes evidence.
          
{
  "$id": "validuntil-and-evidence-schema",
  "$schema": "https://json-schema.org/draft/2020-12/schema",
  "title": "Example validUntil and evidence schema",
  "description": "Schema requiring validUntil and evidence properties",
  "type": "object",
  "properties": {
    "validUntil": {
      "type": "object"
    },
    "evidence": {
      "type": "object"
    }
  },
  "required": ["validUntil", "evidence"]
}This section is non-normative.
            When using [JSON-SCHEMA], it is advised that implementers avoid
            setting the additionalProperties to false. Doing
            so could inadvertently exclude properties in a credential from passing
            validation.
          
            As an example, consider a credential schema that is intended to validate
            the credentialSubject property of a credential. It is common
            for the credentialSubject property to include an id,
            denoting the identifier the subject. Not including this id property
            in a given schema would result in validation failure. The simple alternative
            is to avoid setting additionalProperties to false.
          
{
  "$id": "name-schema",
  "$schema": "https://json-schema.org/draft/2020-12/schema",
  "title": "Name schema",
  "description": "A schema capturing a human name",
  "type": "object",
  "properties": {
    "credentialSubject": {
      "type": "object",
      "properties": {
        "name": {
          "type": "object",
          "properties": {
            "firstName": {
              "type": "string"
            },
            "lastName": {
              "type": "string"
            },
            "additionalProperties": false
          },
          "required": [
            "firstName",
            "lastName"
          ]
        }
      }
    }
  }
}This section is non-normative.
Versioning is not provided as an explicit feature of this specification. Implementers are advised to make backwards compatabile changes to schemas, should they be adjusted. Otherwise, it is advised that new credential schemas be created with unique identifiers to avoid processing conflicts.
This section is non-normative.
            It is important to make sure that credential schemas have not been tampered with
            before processing. When making use of the JsonSchemaCredential2023 representation
            of a schema, the credential's associated integrity protection mechanism can be used to detect mutations
            of a credential schema via its digital signature.
         
As an alternative, the aforementioned Integrity of Related Resources scheme may be used to provide content integrity protection, ensuring that the underlying credential schema resource has not been tampered with.
This section is non-normative.
Credential schemas can be stored on any number of storage media such as a distributed ledger, traditional database, or decentralized file storage. For more robust availability guarantees, the same schema could be replicated across multiple file stores.
This section is non-normative.
            A common use case is to include multiple schemas to validate against a single
            verifiable Credential. One such use case is to use the JSON Schema defined by the [VC-DATA-MODEL-2.0] in addition to a schema to validate a specific property in the credential, such as the credentialSubject. Multiple schemas MAY be combined using native constructs from the [JSON-SCHEMA] specification, through use of properties such as oneOf, anyOf, or allOf.
          
            An example of how to construct such a schema using the [JSON-SCHEMA] property
            allOf is provided below, combining schemas for a verifiable credential,
            name, and email address:
            
            
{
  "allOf": [
    {
      "$ref": "https://raw.githubusercontent.com/w3c/vc-data-model/main/schema/verifiable-credential/verifiable-credential-schema.json"
    },
    {
      "$id": "name-schema",
      "$schema": "https://json-schema.org/draft/2020-12/schema",
      "title": "Name schema",
      "description": "A schema capturing a human name",
      "type": "object",
      "properties": {
        "credentialSubject": {
          "type": "object",
          "properties": {
            "name": {
              "type": "object",
              "properties": {
                "firstName": {
                  "type": "string"
                },
                "lastName": {
                  "type": "string"
                },
                "additionalProperties": false
              },
              "required": [
                "firstName",
                "lastName"
              ]
            }
          }
        }
      }
    },
    {
      "$id": "email-schema-1.0",
      "$schema": "https://json-schema.org/draft/2020-12/schema",
      "title": "Email schema",
      "description": "A schema requiring an email address.",
      "type": "object",
      "properties": {
        "credentialSubject": {
          "type": "object",
          "properties": {
            "email": {
              "type": "object",
              "properties": {
                "emailAddress": {
                  "type": "string",
                  "format": "email"
                }
              },
              "required": ["emailAddress"]
            }
          }
        }
      }
    }
  ]
}The example above is used to validate every property in the following verifiable credential:
{
    "@context": ["https://www.w3.org/ns/credentials/v2"],
    "id": "4995c86c-851f-43a6-9dd2-03dc891091fd",
    "type": ["VerifiableCredential"],
    "issuer": "did:example:1234",
    "validFrom": "2023-01-01T05:05:05Z",
    "credentialSubject": {
        "firstName": "Alice",
        "lastName": "Bobertson",
        "emailAddress": "alice@bobertson.com"
    },
    "credentialSchema": {
        "id": "multiple-credential-schema-test",
        "type": "JsonSchemaCredential"
    }
}graph LR
160("VerifiableCredential")
161{{"id"}}
162("4995c86c-851f-43a6-9dd2-03dc891091fd")
163("issuer")
164("did:example:1234")
165("validFrom")
166("2023-01-01T05:05:05Z")
167("credentialSubject")
168("firstName")
169("Alice")
170("lastName")
171("Bobertson")
172("emailAddress")
173("alice@bobertson.com")
174("credentialSchema")
175{{"id"}}
176("multiple-credential-schema-test")
177(("type"))
178("JsonSchemaCredential")
160 --- 161
161 --- 162
160 --- 163
163 --- 164
160 --- 165
165 --- 166
160 --- 167
167 --- 168
168 --- 169
167 --- 170
170 --- 171
167 --- 172
172 --- 173
160 --- 174
174 --- 175
175 --- 176
174 --- 177
177 --- 178---------------- Decoded Protected Header ----------------
{
  "alg": "ES384"
}
---------------- Decoded Protected Claimset ----------------
{
  "@context": [
    "https://www.w3.org/ns/credentials/v2"
  ],
  "id": "4995c86c-851f-43a6-9dd2-03dc891091fd",
  "type": [
    "VerifiableCredential"
  ],
  "issuer": "did:example:1234",
  "validFrom": "2023-01-01T05:05:05Z",
  "credentialSubject": {
    "firstName": "Alice",
    "lastName": "Bobertson",
    "emailAddress": "alice@bobertson.com"
  },
  "credentialSchema": {
    "id": "multiple-credential-schema-test",
    "type": "JsonSchemaCredential"
  }
}
---------------- Compact Encoded JSON Web Token ----------------
eyJhbGciOiJFUzM4NCJ9.eyJAY29udGV4dCI6WyJodHRwczovL3d3dy53My5vcmcvbnMvY3JlZGVudGlhbHMvdjIiXSwiaWQiOiI0OTk1Yzg2Yy04NTFmLTQzYTYtOWRkMi0wM2RjODkxMDkxZmQiLCJ0eXBlIjpbIlZlcmlmaWFibGVDcmVkZW50aWFsIl0sImlzc3VlciI6ImRpZDpleGFtcGxlOjEyMzQiLCJ2YWxpZEZyb20iOiIyMDIzLTAxLTAxVDA1OjA1OjA1WiIsImNyZWRlbnRpYWxTdWJqZWN0Ijp7ImZpcnN0TmFtZSI6IkFsaWNlIiwibGFzdE5hbWUiOiJCb2JlcnRzb24iLCJlbWFpbEFkZHJlc3MiOiJhbGljZUBib2JlcnRzb24uY29tIn0sImNyZWRlbnRpYWxTY2hlbWEiOnsiaWQiOiJtdWx0aXBsZS1jcmVkZW50aWFsLXNjaGVtYS10ZXN0IiwidHlwZSI6Ikpzb25TY2hlbWFDcmVkZW50aWFsIn19.WGMN1BE-IvxdYDZJqGK9XlBonERx0Spt-8NwNif2jJmgOP2iN-V2r2i2Yq-yOlVZm3lgyv2fIWgrZ1qStz9GKo8IaPDYb2ncxpI5RNp9-SQbK7Jsq761mQBgfWTaC9TQ
            Using allOf when composing a JSON Schema can easily result in a schema for which all JSON documents will fail to validate. Such a situation may happen when multiple schemas reference the same property. Implementers are advised to test their schemas against a set of sample input documents before introducing any real world usage. Including sample input that suceeds and fails is considered a good practice.
          
This section is non-normative.
Validation against a [JSON-SCHEMA] may be confused with validation or verification of a Verifiable Credential. A valid credential according to a [JSON-SCHEMA] refers only to the structure of the claims comprising a Verifiable Credential. This idea of validity does not imply anything about the validity of the Verifiable Credential itself. It's possible for a Verifiable Credential to be considered valid by one verifier, while another verifier would not consider it valid.
This section is non-normative.
            It is common to define a credential schema that will be set for 
            Verifiable Credentials whose type
            property contains a specific type. In this scenario, it is advised to use the value
            of the specific type in the id or in a name or
            description property.
            of a [JSON-SCHEMA].
          
            The example below illustrates this for EmailCredential:
            
{
  "@context": [
    "https://www.w3.org/ns/credentials/v2",
    "https://www.w3.org/ns/credentials/examples/v2"
  ],
  "id": "https://example.com/credentials/email-credential",
  "type": ["VerifiableCredential", "EmailCredential"],
  "issuer": "https://example.com/issuers/14",
  "issuanceDate": "2010-01-01T19:23:24Z",
  "credentialSubject": {
    "id": "did:example:ebfeb1f712ebc6f1c276e12ec21",
    "emailAddress": "tester@example.com"
  },
  "credentialSchema": {
    "id": "https://example.org/examples/email.json",
    "type": "JsonSchema"
  }
}graph LR
179("VerifiableCredential")
180{{"id"}}
181("https://example.com/credentials/email-credential")
182(("type"))
183("EmailCredential")
184("issuer")
185("https://example.com/issuers/14")
186("issuanceDate")
187("2010-01-01T19:23:24Z")
188("credentialSubject")
189{{"id"}}
190("did:example:ebfeb1f712ebc6f1c276e12ec21")
191("emailAddress")
192("tester@example.com")
193("credentialSchema")
194{{"id"}}
195("https://example.org/examples/email.json")
196(("type"))
197("JsonSchema")
179 --- 180
180 --- 181
179 --- 182
182 --- 183
179 --- 184
184 --- 185
179 --- 186
186 --- 187
179 --- 188
188 --- 189
189 --- 190
188 --- 191
191 --- 192
179 --- 193
193 --- 194
194 --- 195
193 --- 196
196 --- 197---------------- Decoded Protected Header ----------------
{
  "alg": "ES384"
}
---------------- Decoded Protected Claimset ----------------
{
  "@context": [
    "https://www.w3.org/ns/credentials/v2",
    "https://www.w3.org/ns/credentials/examples/v2"
  ],
  "id": "https://example.com/credentials/email-credential",
  "type": [
    "VerifiableCredential",
    "EmailCredential"
  ],
  "issuer": "https://example.com/issuers/14",
  "issuanceDate": "2010-01-01T19:23:24Z",
  "credentialSubject": {
    "id": "did:example:ebfeb1f712ebc6f1c276e12ec21",
    "emailAddress": "tester@example.com"
  },
  "credentialSchema": {
    "id": "https://example.org/examples/email.json",
    "type": "JsonSchema"
  }
}
---------------- Compact Encoded JSON Web Token ----------------
eyJhbGciOiJFUzM4NCJ9.eyJAY29udGV4dCI6WyJodHRwczovL3d3dy53My5vcmcvbnMvY3JlZGVudGlhbHMvdjIiLCJodHRwczovL3d3dy53My5vcmcvbnMvY3JlZGVudGlhbHMvZXhhbXBsZXMvdjIiXSwiaWQiOiJodHRwczovL2V4YW1wbGUuY29tL2NyZWRlbnRpYWxzL2VtYWlsLWNyZWRlbnRpYWwiLCJ0eXBlIjpbIlZlcmlmaWFibGVDcmVkZW50aWFsIiwiRW1haWxDcmVkZW50aWFsIl0sImlzc3VlciI6Imh0dHBzOi8vZXhhbXBsZS5jb20vaXNzdWVycy8xNCIsImlzc3VhbmNlRGF0ZSI6IjIwMTAtMDEtMDFUMTk6MjM6MjRaIiwiY3JlZGVudGlhbFN1YmplY3QiOnsiaWQiOiJkaWQ6ZXhhbXBsZTplYmZlYjFmNzEyZWJjNmYxYzI3NmUxMmVjMjEiLCJlbWFpbEFkZHJlc3MiOiJ0ZXN0ZXJAZXhhbXBsZS5jb20ifSwiY3JlZGVudGlhbFNjaGVtYSI6eyJpZCI6Imh0dHBzOi8vZXhhbXBsZS5vcmcvZXhhbXBsZXMvZW1haWwuanNvbiIsInR5cGUiOiJKc29uU2NoZW1hIn19.88E0alABs6avB1Fpqvw_Jb0auHP89WiVnC-SwQnXk903eKdUrv_1PUPM47JAP2Ic44xZWka34CwHTrZirJZVslmmjWTlAKWXvDGH9XYnscnxc6Hd-PvuLO5h1ZC6cUZ_
{
  "$id": "https://example.com/schemas/email.json",
  "$schema": "https://json-schema.org/draft/2020-12/schema",
  "title": "Email Credential",
  "description": "Email Credential Schema for usage in JsonSchema",
  "type": "object",
  "properties": {
    "credentialSubject": {
      "type": "object",
      "properties": {
        "emailAddress": {
          "type": "string",
          "format": "email"
        }
      },
      "required": [
        "emailAddress"
      ]
    }
  }
}
            It is important to note that a credential schema enables issuers to communicate how to process
            the structure of data inside a verifiable credential, whereas the type property of a verifiable credential
            lets issuers communicate the semantics of the data. It is advised to associate all properties
            that have a semantic mapping with a property in a credential schema.
          
This section is non-normative.
This section details the general privacy considerations and specific privacy implications of deploying this specification into production environments.
            When using the JsonSchemaCredential 
            type, implementers are advised to review the 
            Privacy Considerations outlined in the [VC-DATA-MODEL-2.0].
         
This section is non-normative.
Data associated with schemas and verifiable credentials are susceptible to privacy violations when shared. Personally identifying data, such as a government-issued identifier, address, or name, can be used to track and correlate entities. Even less overt personal data such as a birthdate or postal code has the ability to result in correlation and de-anonymization.
Implementers are strongly advised to avoid constructing schemas with any personally identifiable information (PII).
If such personally identifiable information is necessary in a schema, or a credential schema, implementers are strongly advised to use mechanisms while storing and transporting verifiable credentials that protect the data from those who should not access it such as Transportation Layer Security (TLS) or other means of encrypting the data whether in transit or at rest.
This section is non-normative.
Since schemas are immutable, they are highly cachable. It is possible for verifiers to increase the privacy of the holder whose verifiable credential is being checked by caching schemas that have been fetched from remote servers. By caching the content locally, less correlatable information can be inferred from verifier-based access patterns on the schema.
This section is non-normative.
Schema resolution is the process of dereferencing a credential schema's identifier in order to fetch a credential schema.
Issuers can increase the privacy of holders by using content distribution networks to reduce or eliminate requests for the schemas from the issuer. Often, a request for a schema will be served by an edge device and thus be faster and reduce the load on the server as well as cloaking verifiers and holders from issuers.
Furthermore, the use of Oblivious HTTP can prevent linkage of schema requests made by holders. Implementers are encouraged to allow configuration of an Oblivious Relay Resource for use during schema resolution.
When using credential schema identifiers that are unique to the issued credential, it is possible to correlate schema resolution of a credential with an IP address. Implementers are encouraged to prevent such correlation by selecting identifiers which are shared among a class of credentials.
Data minimization refers to the principle of sharing the minimum necessary data for any given data request, such as a verifier requesting one or more verifiable credentials from a holder.
               When using a credential schema with a credential that supports selective disclosure, it may be
               possible for a verifier to deduce additional attributes that would be available but were not presented
               when verifying a credential from a holder. To mitigate data leakage, holders may
               choose to reject verification requests that could disclose such additional attributes, or, if the capability is
               available, to selectively disclose properties in the associated credential schema. To enable this functionality,
               issuers can use selective disclosure schemes when creating credential schemas using
               the JsonCredentialSchema type.
            
This section is non-normative.
There are a number of security considerations that implementers should be aware of when processing data described by this specification. Ignoring or not understanding the implications of this section can result in security vulnerabilities.
            When using the JsonSchemaCredential 
            type, implementers are advised to review the 
            Security Considerations outlined in the [VC-DATA-MODEL-2.0].
         
This section is non-normative.
               It is possible for a schema to become authoritative, such as a schema
               provided by a recognized industry group like a consortium of financial
               companies. To avoid confusion as to the authorship of credential schemas,
               it is advised that they be packaged as verifiable credentials using the
               JsonSchemaCredential type.
            
This section is non-normative.
There are a number of accessibility considerations implementers should be aware of when processing data described in this specification. As with any web standards or protocols implementation, ignoring accessibility issues makes this information unusable to a large subset of the population. It is important to follow accessibility guidelines and standards, such as [WCAG21], to ensure all people, regardless of ability, can make use of this data. This is especially important when establishing systems utilizing cryptography, which have historically created problems for assistive technologies.
JSON Schemas are designed to be a machine-readable format which provides static validation. As such, human readability is a secondary concern. When using a verifiable credential to represent a schema, we recommend following the guidance in the VC Data Model.
This section is non-normative.
JSON Schemas are JSON text intended primarily for machines to read, since they are used for strict static validation of data. Language and text direction concerns are addressed by the noted specification documents for JSON Schema itself.
When using a verifiable credential to represent a schema, we recommend following the guidance in the VC Data Model.
                  The media type application/schema+json, as defined in 
                  [JSON-SCHEMA], SHOULD be used when transmitting a [JSON-SCHEMA] expressed
                  as JSON over HTTP. Clients receiving [JSON-SCHEMA] files over HTTP MAY accept content
                  using either the application/schema+json media type or the 
                  application/json media type as defined in [JSON].
               
                  When using the JsonSchema type with a [YAML]
                  representation of a [JSON-SCHEMA], defined by OpenAPI Specification - version 3.1.0, the types 
                  application/openapi+yaml or application/yaml MAY be used.
               
                  The media types application/vc+ld+json, application/vc+ld+json+jwt, or 
                  application/vc+ld+json+sd-jwt as defined in [VC-DATA-MODEL-2.0],
                  [VC-JOSE-COSE], or [SD-JWT] specifications, respectively, SHOULD be used when
                  transmitting a [JSON-SCHEMA] represented as a verifiable credential with usage of
                  the JsonSchemaCredential type. Clients receiving credential schemas
                  files over HTTP MAY accept content using any of these types.
               
This section is non-normative.
This section contains the substantive changes that have been made to this specification over time.
JsonSchema2023 to JsonSchemaCredentialSchema2023 to JsonSchemaCredentialjsonSchema type for usage within a credentialSubjectReferenced in:
Referenced in:
Referenced in:
Referenced in:
Referenced in:
Referenced in: