VC Storage

[boz1]

Where should ASCS (or any other issuer) store the verifiable credentials? The initial idea is that vcs shouldn't be publicly available but be only provided upon valid request.

[jdsika]

I think the ASCS should store them but then we need to define under which circumstances they are provided. First of all the ASCS needs the record for itself. As long as there is no "service" to offer them to others we can avoid the discussion and tools in the ecosystem might accept a simple "proof of existince" from the ASCS that a public key hash belongs to a certain identity? Is that technically feasable or even useful?

[boz1]

I think for now we can skip the discussions about under which circumstances ASCS provides a VC to a third party. For now, let's assume that every company (i.e., VC holder) always provides their VC to any party in ENVITED which requires it.

The question here is, where should ASCS store the VCs it issues? A Mongo DB instance could be one option as VCs are in JSON format.