Skip to content

Configure Eligibility Criteria

Creating and Configuring Eligibility Criteria

As a verifier, one of the key tasks is defining eligibility criteria. Eligibility criteria determine the conditions a user must meet to access a service or feature.

These criteria are implemented as queries using Iden3's Zero Knowledge Proof (ZKP) protocol. This document explains how to create these queries, the types we support, how to use schemas, and provides working examples.

What is an Eligibility Criteria?

Eligibility criteria is a set of conditions that a verifier defines, which a user must satisfy using ZK credentials. For example:

  • Age greater than 18
  • Country equals Australia
  • AML status equals "passed"
  • Holding a specific credential type like Passport, POA, etc.

These conditions are expressed as queries in the SDK, which are then verified using the Iden3 ZKP protocol.

You create a query by:

  1. Pointing to the correct JSON‑LD context (schema URL).
  2. Specifying credential type.
  3. Defining allowed issuers.
  4. Setting conditions (e.g. $eq, $gt, $in) on credential attributes.
  5. Selecting a circuit for off‑chain or on‑chain validation.

Query Construction Workflow

  • Select Schema Context & Credential Type
    Choose the appropriate JSON‑LD schema URL and the credential type (e.g., AMLCTFCredential, ProofOfAddressCredential). These schemas define the structure and fields available for querying.

  • Pick Proof Type and Circuit ID
    Choose whether your query will be verified off-chain or on-chain. Use credentialAtomicQuerySigV2OnChain for On-chain and use credentialAtomicQuerySigV2 for Off-chain.

  • Choose Query Type
    Decide the type of query you want to run: Condition: Validates a field meets a condition (e.g. country == "AUS"), Selective Disclosure: Reveals specific fields without checking conditions, Proof of Issuance: Proves that a credential exists, without revealing content

  • Set Attribute Operators
    Define conditions on attributes using supported operators such as: $eq, $ne, $in, $nin, $lt, $lte, $gt, $gte, $between, $nonbetween, $exists

  • (Optional) Skip Revocation Check
    You may skip the revocation check by setting skipClaimRevocationCheck: true. This can be useful for testing, though it’s not recommended for production environments.

  • Build and Test the Query
    Once all parts are defined, build the full query object in JSON format. This can be directly embedded into your SDK's verifier configuration or used in on-chain verification flows.

Supported Query Types

Currently, we support the following query types:

  • Off-chain Single Query
  • Off-chain Multi Query
  • Off-chain Selective Disclosure
  • On-chain Single Query

We plan to support the following query types soon:

  • On-chain Multi Query
  • On-chain Selective Disclosure

Available Schemas

When creating a query, you must specify the credential type and context. Below are the supported credential types and their schema links:

Credential Type JSON Context JSON-LD Context
AMLCTFCredential JSON JSON-LD
AUSophisticatedWholesaleInvestorCredential JSON JSON-LD
DriversLicenceCredential JSON JSON-LD
EssentialIdCredential JSON JSON-LD
KYC1By1Credential JSON JSON-LD
NationalIdCredential JSON JSON-LD
PassportCredential JSON JSON-LD
ProofOfAddressCredential JSON JSON-LD

How to Write a Query

  • Example: Check if user's AML status equals "passed" (Off-Chain Single Query)
{
  "circuitId": "credentialAtomicQuerySigV2",
  "id": 100,
  "query": {
    "skipClaimRevocationCheck": true,
    "allowedIssuers": [
      "did:receptor:redbelly:testnet:31K82iKCtE6ciDc7oAr3T5EpjZb4S1EFM7c4xJaWkM2"
    ],
    "context": "https://raw.githubusercontent.com/redbellynetwork/receptor-schema/refs/heads/main/schemas/json-ld/AMLCTFCredential.jsonld",
    "type": "AMLCTFCredential",
    "credentialSubject": {
      "amlCheckStatus": {
        "$eq": "passed"
      }
    }
  }
}
  • Example: Check if a verifier only needs to see the user's name (Off-Chain Selective Disclosure)
{
  "id": 101,
  "circuitId": "credentialAtomicQuerySigV2",
  "query": {
    "allowedIssuers": [
      "did:receptor:redbelly:testnet:31K82iKCtE6ciDc7oAr3T5EpjZb4S1EFM7c4xJaWkM2"
    ],
    "type": "PassportCredential",
    "context": "https://raw.githubusercontent.com/redbellynetwork/receptor-schema/refs/heads/main/schemas/json-ld/PassportCredential.jsonld",
    "skipClaimRevocationCheck": true,
    "credentialSubject": {
      "name": {}
    }
  }
}
  • Example: Check if the user has a ProofOfAddressCredential with country == "DEU", discloses the user's name from EssentialIdCredential, and accountantEmail from AUSophisticatedWholesaleInvestorCredential (Off-Chain Multi Query)
[
  {
    "id": 102,
    "circuitId": "credentialAtomicQuerySigV2",
    "query": {
      "skipClaimRevocationCheck": true,
      "allowedIssuers": [
        "did:receptor:redbelly:testnet:31K82iKCtE6ciDc7oAr3T5EpjZb4S1EFM7c4xJaWkM2"
      ],
      "type": "ProofOfAddressCredential",
      "context": "https://raw.githubusercontent.com/redbellynetwork/receptor-schema/refs/heads/main/schemas/json-ld/ProofOfAddressCredential.jsonld",
      "credentialSubject": {
        "country": { "$eq": "DEU" }
      }
    }
  },
  {
    "id": 103,
    "circuitId": "credentialAtomicQuerySigV2",
    "query": {
      "allowedIssuers": [
        "did:receptor:redbelly:testnet:31K82iKCtE6ciDc7oAr3T5EpjZb4S1EFM7c4xJaWkM2"
      ],
      "type": "EssentialIdCredential",
      "context": "https://raw.githubusercontent.com/redbellynetwork/receptor-schema/refs/heads/main/schemas/json-ld/EssentialIdCredential.jsonld",
      "skipClaimRevocationCheck": true,
      "credentialSubject": {
        "name": {}
      }
    }
  },
  {
    "id": 104,
    "circuitId": "credentialAtomicQuerySigV2",
    "query": {
      "allowedIssuers": [
        "did:receptor:redbelly:testnet:31K82iKCtE6ciDc7oAr3T5EpjZb4S1EFM7c4xJaWkM2"
      ],
      "type": "AUSophisticatedWholesaleInvestorCredential",
      "context": "https://raw.githubusercontent.com/redbellynetwork/receptor-schema/refs/heads/main/schemas/json-ld/AUSophisticatedWholesaleInvestorCredential.jsonld",
      "skipClaimRevocationCheck": true,
      "credentialSubject": {
        "accountantEmail": {}
      }
    }
  }
]
  • Example: Checks that the user has a ProofOfAddressCredential with country == "AUS" (On-Chain Single Query)
{
  "circuitId": "credentialAtomicQuerySigV2OnChain",
  "id": 108,
  "query": {
    "skipClaimRevocationCheck": true,
    "allowedIssuers": [
      "did:receptor:redbelly:testnet:31K82iKCtE6ciDc7oAr3T5EpjZb4S1EFM7c4xJaWkM2"
    ],
    "type": "ProofOfAddressCredential",
    "context": "https://raw.githubusercontent.com/redbellynetwork/receptor-schema/refs/heads/main/schemas/json-ld/ProofOfAddressCredential.jsonld",
    "credentialSubject": {
      "country": {
        "$eq": "AUS"
      }
    }
  }
}

For Setting Request On-chain go through this: Set Request

Next: