revocation caching time & language review

[bluesteens]

Steering: Proposal Summary

Following technical review, the option to allow for revocation data to be older than 24 h under exceptional circumstances has been challenged.

#

Steering: Publication Summary

Used to present completed work to Steering for approval to publish. Discuss the work that was completed in reference to the above proposal. Include any differences from the proposal and why. use [GitHub Preview](https://htmlpreview.github.io/) to show final state of documents along with pull requests (if needed). #

---

Detailed Description: orig ticket proposal: The PR contains several typo and minor language edits. The main point, however, is the challenge of allowing revocation data to be older than 24 h under exceptional circumstances. It is proposed to be strict and limit to 24 h at all times. See review comment

P&A call Aug 10: What happens if revocation list not available due to exceptional/catastrophic circumstances? We could tighten up the wording, but should leave room for using older cache. Consider adding control method requirement to check when revocation list is back online. Ties into issue https://github.com/orgs/Open-Credentialing-Initiative/projects/2?pane=issue&itemId=21168468

---

Triage:

• [x] Is Issue appropriate for OCI Architecture
• [x] Assign Size
• [x] Assign Priority
• [x] Assign Label (if needed)
• [x] OCI affected Artifacts Identified
• [ ] Assign Triage - Artifact Version Target (v x.x.x Milestone)
• [ ] Assign Triage - Interop Profile Version Target (v x.x.x Milestone)
• [ ] Create sub-project (if needed)

Affected Parties (help determine Sunrise/Sunset):

• [ ] Trading Partners
• [ ] Issuers
• [x] Wallet Solutions
• [ ] PI Verification Solutions

Affected OCI Artifact

• [ ] Schema Document
• [ ] Identity Schema
• [ ] ATP Schema
• [ ] Issuer Conformance Criteria
• [x] Wallet Conformance Criteria
• [ ] VRS Solution Conformance Criteria
• [ ] Wallet API Specification
• [ ] Governance Document
• [ ] Conformance Program
• [ ] OCI Website
• [ ] Internal Process

Change Category (Guides Steering Review)

- Steering/Industry Review

• [x] Business-Level (May affect business operations)
• [ ] OCI Governance, Policy or website feature

- Steering/Industry Notification

• [ ] Technical-Level (Does not affect business operations)
• [ ] OCI Internal Process or Infrastructure

Communication

• [ ] Website
• [ ] Newsletter
• [ ] email:
• [ ] Other:

[bluesteens]

NFR007 says, "Cached data SHALL be valid no longer than 48 hours." Would this be considered the max cap, even in catastrophic circumstances?

[strumswell]

[bluesteens]

P&A mtg Sep 7: 24 h shall be overall max. caching time. new error code to be developed that says that revocation reg could not be accessed, suggest alt. verification method. if TP customer has instructed VRS that VC are optional, affected PIV interaction will pass; if VC are set to mandatory, the PIV interaction will fail.

[rceleste125]

2023-09-28: P&A approval to merge #75

[bluesteens]

Steering, Oct 9: remove "Credential revocation data SHALL not be older than 24 hours." - then publish