Description: Independently verify every returned presentation: integrity, replay binding (nonce, audience / domain), format-specific checks, trust/revocation as required, and that results satisfy the issued DCQL. Do not assume the wallet enforced DCQL.
Spec: Final 1.0 §8.6, §14.9
https://openid.net/specs/openid-4-verifiable-presentations-1_0.html#name-vp-token-validation
https://openid.net/specs/openid-4-verifiable-presentations-1_0.html#name-security-checks-on-the-retu
Approach: Structure → per-format → DCQL satisfaction order.
EST: 1 day
Description: Independently verify every returned presentation: integrity, replay binding (nonce, audience / domain), format-specific checks, trust/revocation as required, and that results satisfy the issued DCQL. Do not assume the wallet enforced DCQL.
Spec: Final 1.0 §8.6, §14.9
https://openid.net/specs/openid-4-verifiable-presentations-1_0.html#name-vp-token-validation
https://openid.net/specs/openid-4-verifiable-presentations-1_0.html#name-security-checks-on-the-retu
Approach: Structure → per-format → DCQL satisfaction order.
EST: 1 day