Add section on schema validity #1137
Conversation
decentralgabe
requested review from
msporny,
OR13,
selfissued and
awoie
as code owners
|
|
||
| <p> | ||
| If the <code>credentialSchema</code> property is available, the schema of a | ||
| <a>verifiable credential</a> is expected to be evaluated by the <a>verifier</a> |
There was a problem hiding this comment.
| <a>verifiable credential</a> is expected to be evaluated by the <a>verifier</a> | |
| <a>verifiable credential</a> can be evaluated by the <a>verifier</a> |
There was a problem hiding this comment.
(Company representative hat on): Our software will probably not utilize credentialSchema in a significant number of use cases -- the reasoning being that either 1) the issuer wouldn't have issued a VC that goes against the schema they are specifying, or 2) they're doing bad job with their schema management and we don't want credentialSchema mismatches to get in the way of the VC being utilized. IOW, I'm not sure that we're positive or negative on this feature yet and therefore do not want any expectations set on verifier's using this feature. It's fine if it's there, it's fine if it's optional, so the request here is to not set any expectations that the verifier is expected to use the schema property (unless they want to).
There was a problem hiding this comment.
my intention was to convey if the property was there it is expected to be evaluated. if the issuer puts it there, they intend for it to be used.
There was a problem hiding this comment.
if the issuer puts it there and wants to say it's optional - I'm not sure how they convey that. I view the properties in the VCDM as a (loose) contract between an issuer and verifier
There was a problem hiding this comment.
Nevermind, I failed to realize that the section you added is in the Validation section of the spec. :)
If the intention is to make processing the credentialSchema field mandatory, then we need to discuss that as a WG.
With my company representative hat on, we would be a -1 to mandatory processing of credentialSchema. We believe it should be an option for the verifier to set because it is, ultimately, their decision. The feature should mirror how we do credentialStatus.
With my editor hat on, having language like "is expected to be", when what you really mean is "MUST", is dicey, because people will read it as a MAY instead of a MUST. Even SHOULD is dicey if you are suggesting that organizations will process the field by default.
To provide an analogy, the credentialStatus field processing is optional, the spec doesn't say you MUST process it. It just says what the field is used for and what the field should contain:
https://w3c.github.io/vc-data-model/#status
And then we use the "is expected to be" language in the section on Validation... which is what this PR does (IIUC).
In any case, I'm retracting my change request and merging the PR since I'm the only one that suggested changes. Thanks for the PR @decentralgabe ! :)
There was a problem hiding this comment.
thanks @msporny I'm open to a future change to keep the language more consistent with credentialStatus
Co-authored-by: Manu Sporny <msporny@digitalbazaar.com>
|
Editorial, multiple reviews, changes requested (but not made due to change request being retracted), no objections, merging. |
Also updated reference to the FPWD of the Credential Schema 2023 spec
Preview | Diff