Skip to main content

Digital Credentials Query Language (DCQL)

When you create a presentation request, you need a precise way to tell the wallet which credentials and attributes you require. Digital Credentials Query Language (DCQL) is the standard format for expressing these requirements. It ensures that wallets can evaluate your request unambiguously and display a clear consent screen to the user.

DCQL is defined within the OpenID for Verifiable Presentations 1.0 specification. The Truvity EUDIW Connector uses DCQL as the query language in all OID4VP presentation requests.

Why DCQL matters

Without a standard query format, each wallet and Relying Party would need custom integration logic to interpret credential requests. DCQL solves this by providing a declarative syntax that every compliant implementation understands.

A DCQL query specifies:

  • Which credential types are acceptable (for example, a PID or a custom attestation)
  • Which specific attributes you need from those credentials
  • Which combinations of credentials and attributes satisfy the request

This structured approach enables wallets to evaluate the request automatically and show users exactly what data is being requested before they consent.

Core concepts

Credential selection

A DCQL query identifies which credentials satisfy your requirements by filtering on the credential format and type. For example, you can request a PID in SD-JWT format, and the wallet matches this against the credentials stored on the device.

If the wallet holds a matching credential, it proceeds to the disclosure step. If not, it informs the user that the required credential is unavailable.

Selective disclosure

A key feature of DCQL is its support for selective disclosure. Rather than requesting an entire credential, you request only the specific attributes you need.

For example, if you only need to verify that a user is over 18, you can request just the age verification attribute. The wallet generates a cryptographic proof of that fact without revealing the full date of birth, address, or other personal data. This aligns with the data minimization principles of eIDAS 2.0 and GDPR.

Required and optional semantics

DCQL's query model operates at two levels. At the credential level, you define which credentials are acceptable, for example, a PID or a specific attestation type. At the claim level, you specify which claims to request from each matched credential. The required and optional semantics are more nuanced than a simple per-attribute flag: whether a credential match is required depends on the overall query structure, and individual claims within a credential query control what the wallet discloses from a matched credential.

Credential sets

DCQL supports defining alternative credential combinations through credential sets. This allows you to specify that a request can be satisfied by different combinations of credentials, for example, "present a PID" or "present a national ID card and a proof of address." Credential sets enable flexible verification flows where multiple credential combinations are acceptable.

Privacy benefits

DCQL is a critical enabler of data minimization in the EUDI ecosystem:

  • Granularity: You request only the minimum dataset needed for your use case
  • Transparency: The wallet generates a clear consent screen showing exactly what data is requested
  • User control: The user sees and approves each attribute before sharing it

Transactional data

While DCQL selects which credentials and attributes to present, it works alongside transactional data to secure the context of the presentation. When you create a presentation request, you can include both a DCQL query (specifying what data you need) and transactional data (describing the purpose, such as authorizing a specific payment).

The wallet displays the transactional data to the user and signs over it, creating a cryptographic binding between the user's consent and the specific action. This prevents a presentation from being replayed in a different context.

Relationship to other standards

  • OID4VP: DCQL is the query language transported within the OID4VP protocol
  • SD-JWT: DCQL's attribute selection maps directly to the selective disclosure capabilities of SD-JWT credentials
  • HAIP: The High Assurance Interoperability Profile mandates DCQL as the query language for credential requests in the EUDI ecosystem

Further reading