A Presentation Exchange is a machine-readable data format and negotiation protocol that defines how one party (the verifier or relying party) requests specific proofs of identity, and how another party (the holder) can selectively disclose verifiable credentials to satisfy that request. It standardizes the communication flow for requesting and presenting Verifiable Presentations, moving beyond simple credential issuance to enable complex, real-world interactions. This protocol is a core component of the W3C Verifiable Credentials data model and is essential for implementing Self-Sovereign Identity (SSI) principles.
LABS
Glossary
Presentation Exchange
Presentation Exchange is a standardized protocol and data model that defines how a verifier requests and a holder submits a Verifiable Presentation in a decentralized identity system.
Chainscore © 2026
definition
DECENTRALIZED IDENTITY PROTOCOL
What is Presentation Exchange?
Presentation Exchange is a standardized protocol that enables secure, privacy-preserving sharing of verifiable credentials between entities in a decentralized identity ecosystem.
The protocol operates through two primary JSON objects: the Presentation Definition and the Presentation Submission. The verifier creates a Presentation Definition specifying the required credentials, their types, the trusted issuers, and any constraints on the data fields. The holder's wallet processes this definition, matches it against their available credentials, and, if possible, constructs a Presentation Submission. This submission contains the actual verifiable credentials or derived proofs, packaged as a Verifiable Presentation, and references back to the specific requirements it fulfills in the definition.
Key technical features of Presentation Exchange include support for selective disclosure, where holders reveal only the necessary attributes from a credential, and predicate proofs, where they can prove a claim about data (e.g., "age > 21") without revealing the exact value. It also enables credential nesting and combining multiple credentials from different issuers to satisfy a single, complex request. This makes it far more flexible and privacy-enhancing than simply sending a raw credential, as it minimizes data exposure and gives the holder granular control.
A common use case is age verification. A liquor store's website (verifier) sends a Presentation Definition requiring proof that the user is over 21. The user's digital wallet (holder) holds a verifiable driver's license credential from their state's DMV (issuer). Using Presentation Exchange, the wallet can create a Verifiable Presentation that contains only a cryptographic proof of the "over 21" claim, without disclosing the user's exact birth date, address, or license number. This satisfies the business rule while maximizing user privacy.
Presentation Exchange is foundational for interoperable digital trust ecosystems. By providing a common language for credential requests, it allows wallets from different vendors to interact seamlessly with verifiers across various industries. Major frameworks implementing the protocol include the Decentralized Identity Foundation's (DIF) Presentation Exchange specification and its integration within OpenID for Verifiable Credentials (OIDC4VC). This standardization is critical for scaling verifiable credential adoption beyond isolated pilots into a global utility for identity verification.
how-it-works
VERIFIABLE CREDENTIAL PROTOCOL
How Presentation Exchange Works
Presentation Exchange is a standardized protocol that defines how a verifier requests and a holder submits Verifiable Presentations, enabling secure, privacy-preserving data sharing.
Presentation Exchange is a W3C-Recommended data format and process that structures the interaction between a verifier (relying party) and a holder (user). It operates through two primary JSON objects: the Presentation Definition and the Presentation Submission. The verifier creates a Presentation Definition that specifies the exact credentials or claims required, including the credential types, trusted issuers, and any constraints. The holder's wallet processes this definition, selects matching credentials from their digital wallet, and constructs a Presentation Submission that fulfills the request, which is then packaged into a Verifiable Presentation for submission.
The protocol's core innovation is enabling selective disclosure and data minimization. Instead of presenting an entire credential, a holder can prove they possess a credential meeting the verifier's criteria without revealing all its contents. For example, a verifier could request proof a user is over 21 by defining a requirement for a BirthdateCredential where the age field is greater than 21. The holder's agent can generate a cryptographic proof satisfying this predicate without disclosing their actual birth date. This is often implemented using BBS+ signatures or zero-knowledge proofs.
The technical flow follows a clear sequence. First, the verifier embeds or transmits the Presentation Definition to the holder, typically via a QR code or a direct API call. The holder's identity agent (e.g., a mobile wallet) evaluates the definition against its stored Verifiable Credentials. If suitable credentials exist, the agent creates a corresponding Presentation Submission—a manifest listing which credentials fulfill which requirements. This submission is then wrapped, along with the credentials or proofs, into a Verifiable Presentation, which is cryptographically signed by the holder. Finally, this VP is transmitted back to the verifier for validation.
Interoperability is a key goal, achieved by leveraging other core standards. Presentation Definitions reference credential schemas defined in the W3C Verifiable Credentials Data Model and can mandate specific proof formats like JSON Web Tokens (JWT) or Linked Data Proofs. The protocol is transport-agnostic, meaning it can be used over various communication channels such as OpenID Connect (OIDC), CHAPI (Credential Handler API), or direct HTTPS APIs. This decoupling of the what (the data request) from the how (the transport mechanism) ensures broad compatibility across different SSI (Self-Sovereign Identity) ecosystems and implementations.
In practice, Presentation Exchange is foundational for user-centric identity. Use cases range from know-your-customer (KYC) processes, where a bank requests proof of address and identity from government-issued credentials, to access control, where a website requests a credential proving membership or professional accreditation. By providing a machine-readable format for credential negotiations, it eliminates the need for custom, one-off integrations and allows holders to maintain control over their personal data, sharing only what is necessary for a specific transaction.
key-components
DECENTRALIZED IDENTITY
Key Components of Presentation Exchange
Presentation Exchange is a standardized protocol that governs how a Verifier requests and a Holder presents Verifiable Credentials, enabling secure and privacy-preserving digital interactions.
01
Presentation Definition
A machine-readable request from a Verifier specifying the required credentials. It defines the Input Descriptors, which are the specific data points needed (e.g., a driver's license with an expiration date after a certain year). This is the formal query that initiates the exchange.
02
Presentation Submission
The structured response from a Holder containing the requested Verifiable Credentials. It fulfills the Presentation Definition by mapping the Holder's credentials to the Verifier's Input Descriptors. This package is cryptographically signed for proof of authenticity.
03
Verifier
The entity (e.g., a website, service, or institution) that requests proof of certain claims. The Verifier creates a Presentation Definition and evaluates the returned Presentation Submission against its policy. It never receives raw identity data, only the verified proofs it requested.
04
Holder
The individual or entity that possesses Verifiable Credentials in a digital wallet. The Holder receives the Verifier's request, selects which credentials to share from their wallet, and constructs the compliant Presentation Submission. They maintain control over their data.
05
Input Descriptors
The core building blocks within a Presentation Definition. Each descriptor defines a specific piece of data required by the Verifier, using schemas and constraints. For example:
- Schema:
https://schema.org/DriverLicense - Constraint:
expiration_datemust be>= 2025-01-01A definition can contain multiple descriptors.
06
Verifiable Credential (VC)
The foundational data object presented by the Holder. A VC is a tamper-evident, cryptographically signed credential issued by an Issuer (e.g., a university or DMV). It contains claims about the Holder (e.g., name, degree, age) and is the atomic unit of data shared in a Presentation Exchange.
visual-explainer
VERIFIABLE CREDENTIAL PROTOCOL
The Presentation Exchange Flow
The Presentation Exchange flow is a standardized process defined by the Decentralized Identity Foundation (DIF) for requesting and submitting Verifiable Presentations, enabling secure, privacy-preserving data sharing between a Verifier and a Holder.
The flow is initiated by a Verifier who creates a Presentation Definition, a machine-readable specification detailing the required credentials. This definition outlines the specific Verifiable Credential types, the claims (or attributes) needed, and any constraints, such as the identity of the trusted Issuer. This request is typically encoded in a presentation_definition object and transmitted to the Holder, often embedded within a DIDComm message or a SIOPv2 (Self-Issued OpenID Connect v2) authentication request.
Upon receiving the request, the Holder's wallet software evaluates the presentation_definition against its secure credential store. The wallet identifies which credentials satisfy the Verifier's requirements. The Holder then constructs a Verifiable Presentation, which is a cryptographically signed package containing the selected credentials and optional proof of Holder control. A key step is the creation of a Presentation Submission, a data structure that explicitly maps the submitted credentials to the specific requirements in the Verifier's original definition, proving compliance.
The completed Verifiable Presentation and its accompanying Presentation Submission are then sent back to the Verifier. The Verifier performs several critical validations: verifying the digital signatures on both the presentation and the embedded credentials, confirming the credentials were issued by trusted entities, checking that all required claims are present and correctly mapped, and ensuring no credentials have been revoked (e.g., by checking a revocation registry). This entire exchange allows for selective disclosure, where the Holder can share minimal necessary information without revealing their entire credential wallet.
key-features
PRESENTATION EXCHANGE
Key Features & Benefits
Presentation Exchange is a standardized protocol for requesting and presenting verifiable credentials. It defines a machine-readable format for a Verifier to specify the exact data it requires from a Holder, enabling privacy-preserving, selective disclosure.
01
Machine-Readable Request Format
A Presentation Exchange defines a Presentation Definition—a JSON-LD or JSON schema that specifies the exact Verifiable Credentials a Verifier requires. This includes:
- Input Descriptors: Define the type, format, and constraints for each required credential.
- Submission Requirements: Logic (e.g., "all of", "pick one of") for how multiple credentials must be submitted.
- Format Constraints: Specifies supported proof formats like JWT, JSON-LD Proofs, or CWT.
02
Selective Disclosure & Data Minimization
The protocol enforces the principle of data minimization. A Holder can satisfy a request by presenting only the specific claims required, not the entire credential. For example, to prove age > 21, a Holder can generate a Zero-Knowledge Proof from a birthdate credential instead of revealing the exact date. This is a core privacy benefit over sharing raw documents.
03
Holder-Agent Negotiation Flow
The exchange follows a clear, interoperable sequence managed by a user's Wallet or Identity Agent:
- Request: Verifier sends a Presentation Definition.
- Matching: The Holder's agent evaluates which credentials in its Wallet satisfy the definition.
- Construction: The agent builds a Presentation Submission—a bundle of credentials and proofs that meets the request.
- Verification: The Verifier validates the submission's signatures, proofs, and compliance with the original definition.
04
Decentralized Identifier (DID) Binding
Presentations are cryptographically bound to the Holder's Decentralized Identifier (DID). This proves the presenter controls the DID that is the subject of the credentials, preventing credential theft and replay attacks. The Verifier checks that all presented credentials share a common DID Subject and that the presentation signature is from that same DID's private key.
05
Interoperability Standard
Presentation Exchange is defined by the Decentralized Identity Foundation (DIF) and the W3C Credentials Community Group. This standardization ensures wallets from vendor A (e.g., Trinsic) can interact with verifiers from vendor B (e.g., Microsoft Entra Verified ID) without custom integration. It is the backbone of ecosystems like COVID-19 Vaccine Credentials and employer credential verification.
06
Support for Complex Logic & Constraints
Beyond simple credential requests, the protocol supports sophisticated requirements using JSONPath or JSON Schema:
- Field Constraints: Require a claim value to be within a specific range or match a pattern.
- Temporal Constraints: Require a credential's issuance or expiration date to be within a window.
- Status Constraints: Mandate checking against a Status List or Revocation Registry to ensure the credential is not revoked.
ARCHITECTURAL COMPARISON
Presentation Exchange vs. Traditional Auth
A technical comparison of decentralized identity verification (Presentation Exchange) and centralized authentication models.
| Feature / Metric | Presentation Exchange (W3C VC Model) | Traditional OAuth 2.0 / OIDC | Traditional SAML 2.0 |
|---|---|---|---|
Data Minimization & Selective Disclosure | |||
User-Centric Data Portability | |||
Verifier Dependency on Issuer Runtime | |||
Authentication Flow Complexity | 1-2 RTTs (Direct Presentation) | 3-5 RTTs (Auth Code Flow) | 2-4 RTTs (SP-Initiated SSO) |
Cryptographic Proof Type | Verifiable Credentials (ZK, JWT, etc.) | Bearer Tokens (JWT) | XML Signatures |
Standardized Schema for Claims | W3C Verifiable Credentials | OpenID Connect Claims | SAML Attributes |
Interoperability Across Domains | Limited (Federated) | ||
Verifier Can Cache/Store Credential Proof |
examples
PRESENTATION EXCHANGE
Real-World Use Cases
Presentation Exchange is a standardized protocol for requesting and exchanging verifiable credentials. These examples illustrate its practical applications in identity and access management.
01
Know Your Customer (KYC) Onboarding
Financial institutions can request a KYC credential from a user's digital wallet instead of collecting raw documents. The user presents a verifiable credential issued by a trusted provider, proving identity without exposing sensitive data. This streamlines compliance, reduces fraud, and enhances user privacy through selective disclosure.
- Example: A crypto exchange requests proof of residency and government ID.
- Benefit: Eliminates manual document uploads and repetitive KYC checks across platforms.
02
Decentralized Identity & Login
Websites and dApps can replace password-based logins with Decentralized Identifiers (DIDs). A Presentation Request asks for proof of control over a specific DID. The user presents a cryptographic signature as verification, enabling passwordless, phishing-resistant authentication.
- Example: Logging into a DAO governance portal using a wallet-held identity.
- Core Concept: Shifts authentication from 'what you know' (password) to 'what you have' (private key).
03
Professional Credential Verification
Employers, conference organizers, or online platforms can instantly verify professional qualifications. A Presentation Request specifies the required credential type (e.g., university degree, professional license). The user presents a tamper-proof credential issued by the authoritative institution.
- Example: A freelance platform verifying a developer's certification from a coding bootcamp.
- Benefit: Reduces administrative overhead and the risk of fraudulent resumes.
04
Age-Restricted Access & Gating
Services requiring age verification (e.g., alcohol delivery, mature content) can request a zero-knowledge proof of age. The user presents a credential that cryptographically proves they are over a certain threshold without revealing their exact birth date.
- Example: Accessing an age-gated DeFi protocol or NFT community.
- Privacy Feature: Uses cryptographic predicates (e.g., 'age >= 21') to minimize data exposure.
05
Cross-Border Travel & Digital Passports
Border control systems can request a verifiable presentation containing visa status, vaccination records, and passport details. The traveler presents credentials from issuing governments, enabling faster processing and secure data exchange between authorities.
- Standards: Often built alongside W3C Verifiable Credentials and ICAO standards.
- Benefit: Creates interoperable, machine-verifiable travel documents.
06
Selective Disclosure for Data Privacy
Users can prove specific claims from a credential without revealing the entire document. A Presentation Request may ask for proof of account ownership or membership. The user can create a derived presentation containing only the necessary signed attributes.
- Example: Proving you are a resident of a specific city for a service discount, without showing your full address.
- Technical Basis: Enabled by BBS+ signatures or other zero-knowledge-capable cryptosystems.
ecosystem-usage
PRESENTATION EXCHANGE
Ecosystem & Implementations
Presentation Exchange is a standardized protocol for requesting and presenting verifiable credentials, enabling secure, machine-readable data exchange between holders and verifiers.
03
Use Case: Selective Disclosure
A primary application is selective disclosure, allowing a user to prove a specific claim without revealing the entire credential. For example, a Presentation Definition can request proof that a user is over 21. The holder's wallet can create a Verifiable Presentation containing only a derived proof of that claim from their driver's license credential, preserving privacy.
04
Integration with Sign-In Protocols
Presentation Exchange is often combined with OpenID Connect (OIDC) and SIOPv2 (Self-Issued OpenID Provider) to create passwordless, phishing-resistant authentication flows. Instead of a traditional login, a service (relying party) sends a Presentation Definition, and the user presents a Verifiable Presentation as their identity proof, enabling Decentralized Identity-based sign-ins.
05
Credential Formats & Proof Types
The protocol is format-agnostic, supporting multiple credential and proof types. Common formats include:
- W3C Verifiable Credentials (JSON-LD): Often paired with Data Integrity Proofs or BBS+ Signatures for selective disclosure.
- JWT-based Verifiable Credentials: Use standard JSON Web Tokens and signatures. The Presentation Definition specifies the accepted formats and proof types the verifier will accept.
06
Trust Registry & Schema Validation
For a verifier to trust a presentation, it must validate the credential's issuer and structure. This often involves:
- Trust Registries: Decentralized lists of authorized issuers (e.g., using the Trust Establishment specification).
- Schema Validation: Checking the presented data against a known JSON Schema or Credential Schema to ensure it contains the required fields in the correct format.
PRESENTATION EXCHANGE
Technical Deep Dive
Presentation Exchange is a standardized protocol for requesting and exchanging verifiable credentials, enabling secure, interoperable identity verification across different systems.
Presentation Exchange is a W3C-compatible specification that defines a structured format for a Verifier to request specific proofs from a Holder of verifiable credentials. It works by the Verifier creating a Presentation Definition—a machine-readable request specifying the required credentials, constraints, and formats. The Holder's wallet processes this definition, selects matching credentials from their Digital Wallet, and constructs a Verifiable Presentation that is sent back to the Verifier for validation. This creates a standardized, interoperable flow for credential exchange, decoupling the request logic from the underlying credential formats like W3C Verifiable Credentials or AnonCreds.
PRESENTATION EXCHANGE
Common Misconceptions
Presentation Exchange is a W3C-adjacent specification for requesting and exchanging Verifiable Credentials. It is often misunderstood in its scope, relationship to other standards, and implementation details. This section clarifies the most frequent points of confusion.
No, Presentation Exchange is not the same as OAuth, though they can be used together for user authentication flows. Presentation Exchange is a credential-format-agnostic protocol for specifying the requirements a Verifier has for a set of credentials (the Presentation Definition) and how a Holder presents proofs that meet those requirements (the Presentation Submission). OAuth 2.0 is an authorization framework for granting third-party applications limited access to HTTP resources. In a Decentralized Identity stack, OAuth can handle user authentication and session management, while Presentation Exchange handles the standardized request and presentation of cryptographically verifiable claims.
PRESENTATION EXCHANGE
Frequently Asked Questions
Presentation Exchange is a W3C-CCG specification that defines a standardized format for requesting and presenting Verifiable Credentials. It enables secure, privacy-preserving interactions between holders and verifiers in decentralized identity systems.
Presentation Exchange is a protocol that standardizes how a verifier requests and a holder presents Verifiable Credentials (VCs). It works by defining two core JSON objects: a Presentation Definition and a Presentation Submission. The verifier creates a Presentation Definition specifying the required credentials (e.g., a driver's license with specific attributes). The holder's wallet evaluates this definition, selects credentials from their digital wallet that satisfy the request, and constructs a Presentation Submission containing the proofs. This submission is then sent back to the verifier for validation, enabling selective disclosure without revealing unnecessary personal data.
ENQUIRY
Get In Touch
today.
Our experts will offer a free quote and a 30min call to discuss your project.
NDA Protected
Confidentiality24h Response
Time to ValueDirectly to Engineering Team
No Sales Fluff10+
Protocols Shipped
$20M+
TVL Overall