Revocable indicator #211
Revocable indicator #211
Conversation
* Created architecture document file. * Added architecture image. * Added vc-issuer-http-api.drawio * Update vc-issuer-http-api.drawio * Added vc-issuer-http-api.png * Added component descriptions * Finished up the first draft for the PR. * Updated architecture.md based on PR feedback and open issues. Known issues: no Issuer API -> DB interface defined. Holder -> Issuer API interface not defined. Missing logic around ZKP proof API requirements. * updated PNG image from draw.io
* Define versioning scheme * Fixed link to releases
* Define versioning scheme * Fixed link to releases
* Add mandatory non-composition based API * Make all other APIs optional Co-authored-by: Manu Sporny <msporny@digitalbazaar.com> Co-Authored-By: Markus Sabadello <markus@danubetech.com>
Co-Authored-By: Markus Sabadello <markus@danubetech.com>
Co-Authored-By: Markus Sabadello <markus@danubetech.com>
Added contracts 70RSAT20T00000003 and 70RSAT20T00000033.
Co-authored-by: Ted Thibodeau Jr <tthibodeau@openlinksw.com>
Parameter to indicate credential revocability.
nissimsan
requested review from
mkhraisha,
msporny,
OR13 and
peacekeeper
as code owners
| @@ -42,6 +42,10 @@ components: | |||
| type: | |||
| type: string | |||
| description: The type of credential status to issue the credential with | |||
| revocable: | |||
| type: string | |||
| enum: ["revocable", "non-revocable"] | |||
There was a problem hiding this comment.
Why not just a true/false value here?
There was a problem hiding this comment.
How is this intended to work with credentialStatus -- doesn't that indicate whether or not the VC is revocable? For example: https://github.com/w3c-ccg/vc-http-api/pull/211/files#L53 ... I think we already have this feature:
"credentialStatus": { "type": "RevocationList2020Status" }
^^^ that indicates that the VC is revocable.
There was a problem hiding this comment.
right now, you are required to submit a credential with a member of the following form:
"credentialStatus": {
"id": "https://issuer.oidp.uscis.gov/credentials/status/3#94567",
"type": "RevocationList2020Status",
"revocationListIndex": "0",
"revocationListCredential": "https://w3c-ccg.github.io/vc-http-api/fixtures/revocationList.json"
},
perhaps it would be better to define this shape, and note that when it is present the credential MUST have an id.
Using the API today, you can issue revocable credentials, you just need to know how to hand crafter perfect JSON-LD to do it...
There was a problem hiding this comment.
I guess the question this raises, is... is the issuer really doing issuance, if they are not checking that the credentialStatus is wellformed? why are folks accepting / issuing vc's with credentialStatus that point to a CCG github repo?
I would expect an issuer to maintain their own list, or at the very least validate this entry from a schema perspective.
There was a problem hiding this comment.
Prefer to see the data shape of a "revocable vc" defined in json schema and referenced, we don't appear too have consensus on how to "issue a revocable VC", but its possible to document how its done today as a first step... and to be clear, the only way to do this today, is to hand craft the VC payload and call the issue API.
|
Now that history has been filtered on main, this PR doesn't line up and shouldn't be merged as is. Do you want to raise a new PR, or rework this one, @nissimsan? |
|
I agree, suggest reimplementing. |
|
Hi guys - thanks! I'll close this in any case to avoid github gymnastics. I don't see much support for a less-techie-user-friendly approach which shields users from the intricacies of |
|
@nissimsan my suggested changes was to define credentialStatus correctly here: https://github.com/w3c-ccg/vc-http-api/blob/main/components/Credential.yml as an optional field. |
|
@OR13, the I'm slightly hesitant - an "optional" field does seem to fit okay on the "options" object (passed right along the Credentials object at issuance). So, just confirming: is moving the field indeed what you had in mind? |
|
@nissimsan yes, I thought it would be best to focus on keeping the types as close to their output format as possible. I suppose this could be improved by describing how revocable credentials are issued with these APIs directly, including how the options is used to mutate the request body before signing... generally mutating request bodies should be minimized. |
Parameter to indicate credential revocability.