-
Notifications
You must be signed in to change notification settings - Fork 19
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Status list credential issuer validation #7
Comments
yes |
Who else has the knowledge to do that but the issuer? |
if issuer is part of a trust framework or a federation, there might be one list for multiple issuers? (though maintaining that might be a nightmare) |
One sentence that it might or might not match might be helpful/all we can do. something like what we added in openid4vci spec when we had a similar question: "Depending on the Credential format, the issuer identifier in the issued Credential is not always a URL using the and it is up to the verifer/holder/issuer trust model to decide whether to check if it is the same or not. |
to elaborate: a lot is possible, but the intention is that typically the issuer would be the one issuing the status list, even if that is a delegated responsibility |
The issue was discussed in a meeting on 2023-01-31
View the transcript2.3. Status list credential issuer validation (issue vc-status-list-2021#7)See github issue vc-status-list-2021#7. Brent Zundel: is status list 2021 expected to be issued by the same issuer as the credential.
Orie Steele: as far as I know, the answer is "yes", but there are "hierarchy" concerns -- is the global company the same as the sub-company? Does it have to be with the same keys? I don't know the specific guidance on this, but errors would be thrown if the issuer is not matching. Looking for clear guidance on issuer, keys, etc. being the same vs. different..
Brent Zundel: the setup is that the issuer has issued a vc and the issuer has indicated where a verifier can retrieve the credential.... does it matter?... can an issuer delegate revocation authority?.
Manu Sporny: +1 to yes... the answer is yes in general.
Manu Sporny: its true, there are questions about hierarchy and global company vs local companies..... Phil ASU: in the k12 space, highschool vs districts use case seems relevant....
Kristina Yasuda: can we say the issuer may or may not match.
|
PR #103 has been merged, closing. |
Is a StatusList2021Credential expected to be issued by the issuer of the verifiable credentials whose revocation status it encodes?
The text was updated successfully, but these errors were encountered: