New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add notes for validFrom and validUntil. #646
Conversation
index.html
Outdated
that is backwards-compatible. The range of acceptable values will remain the | ||
same as will the semantic meaning of the <a>property</a>. Implementers are | ||
advised that the <code>validFrom</code> <a>property</a> is reserved and its use | ||
for any other purpose is discouraged. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I think there's a slight problem here for JWT representation. We current express issuanceDate
as the "iat" claim in a JWT. The validFrom
property should instead map to the "nbf" claim in a JWT.
It is true that we intended "issuanceDate" to mean validFrom
in the absence of that property. However, I think both properties could be present in a VC with different values and, under that circumstance, validFrom
should take precedence for determining validity. So issuanceDate
means the earliest point at which a VC should be considered valid, unless validFrom
is present. Of course, we can't say that normatively now and we're just reserving this for the future.
So I think it's still true that the range of acceptable values will remain the same and the semantic meaning of the property will be the same but this will not be a "renaming", rather, the presence of validFrom
would take precedence over issuanceDate
when determining the VC validity period. Also, as mentioned above, mapping these properties to a JWT would result in using different JWT claims.
cc: @TallTed
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Good catch. I think that in the current iteration, we must express issuanceDate
as nbf
(as this is and was the intended semantic), and not as iat
(which was never the intended semantic). Future versions of the VCDM can change things however is appropriate at that point, including how precedence lays out if/when both are present.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Ok, updating the PR w/ these changes in mind.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Fixed in afaedca
a9c9adb
to
c364611
Compare
Need a re-review on this one as it too complicated to just merge on its own. |
@msporny, @dlongley -- I think associated changes (which I think would be best made in the same merge) are also needed to the JWT mapping section, particularly (in the msporny-issue-584 branch) the following, which are now focused on JWT |
As it seems my review is the blocker here... I cannot approve this without the changes to the associated areas that I highlighted previously. I think these would count as bugfix, though they would change normative text, and should therefore not trigger a new CR. |
PR was merged to make way for the resolution from WG call on 18 June 19: |
Reserve validFrom and validUntil, note expected changes in next version of spec.
Related to #584.
Preview | Diff