Add intent_to_retain to DCQL

[martijnharing]

The presentation exchange supports the intent_to_retain parameter to indicate whether the RP intends to retain the received data element / claim. A similar parameter should be added to the DCQL.

A solution would be to add it to the claims query, either as a generic option or as an mdoc specific option.

[leecam]

Is there a more precise definition of intent_to_retain? If I retain the data for an hour, a year or 2 seconds, are any of these considered retained?

What if don't store the value but I derive long lived state from it. e.g I asked for age_over_18, I don't store the value directly but I use it to decide to create a kids account or not. Even more subtle, say I'm an adult website that collects age_over_18 as an anonymous age check, which i don't store, but I do record web traffic logs. As such I would be retaining that the user of a given IP was over 18.

As an RP I think we'd need clear guidance on when it should be set. And as a Wallet/OS we'd need to be able to explain to the user what it means when this is true or false

Does ISO have a precise definition for it?

[martijnharing]

ISO 18013-5 has the following definition for retain: “to store for a period longer than necessary to conduct the transaction in realtime” and indicates that this requirement includes derived data from the data elements.