query language requirements discussion: based on any/set piece of data?

[Sakurann]

Based on what verifier is able to specify what credential it needs: any piece of data in a credential, or a common list of parameters (current list is format, type, specific claims, verifier's intention to retain the data, and issuer value)? (one comment on google doc, not enough discussion)

[David-Chadwick]

My opinion is that the verifier should be able query on any piece of data in the credential. It should be a general purpose query language. We might wish to have a simple mandatory to implement subset of this, but we should not restrict the overall functionality.

[selfissued]

Per my comments at https://github.com/openid/OpenID4VP/issues/157#issuecomment-2081289581, some of the criteria above (format, type, specific claims) seem general-purpose, others seem ecosystem-specific (intent to retain), and some are likely too simple to meet the actual needs (issuer). And while not listed in the issue description, for the avoidance of doubt, I do not support including cryptographic algorithms in these criteria. More discussion on this topic is needed. "Any" is too strong and underspecified at this point.

[Sakurann]

clarification during the WG call: any parameters in the payload (body of SD-JWT, data doctype/element_identifiers/namespaces part of mdoc) has to be queriable. not all of those parameters are mandatory to be queriable (separate issue). things in the header of sd-jwt are not queriable.