stale[bot]
commented
1 year ago This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.
Closed esune closed 1 year ago
stale[bot]
commented
1 year ago This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.
swcurran
commented
1 year ago It would be good to use the Aries/DIDComm ~timing protocol for this. May need to do some updates in ACA-Py and the BC Wallet to make it useful, but I think it is the right way to do expiries such as this.
esune
commented
1 year ago @swcurran thanks for the tip! This looks like something the holder agent would also have to support to discard the proof if I was thinking more in terms of expiring it so that it wouldn't present the proof - correct? I.e.: vc-authn adds an expires_time attribute to the timing decorator to indicate the proof is not valid.
I was thinking more in terms of having vc-authn delete (or at least "blacklist") unused proofs so that even if the holder scans the QR code they would not be able to push a proof.
I think we could (should?) implement both scenarios as the decorator is definitely very useful for both parties.
hiteshgh
commented
1 year ago possibly UI/Front end scope if this story get completed before end of sprint
esune
commented
1 year ago @popkinj let's try and connect wen you're starting to look into this. The ticket was mostly thought/focused on gatekeeping the validity of proofs in the back-end, however you are right that we might want to provide a way to return a message IF they are scanned after their validity time is expired.
popkinj
commented
1 year ago @esune Do you still want to touch base on this ticket?
esune
commented
1 year ago @popkinj and I synced-up: for the time being, we are going to ensure the UI gets a proof_status=EXPIRED if the proof-request age is older than what indicated in its expiry time. Further tweaks/improvements to be discussed with next steps.
vc-authnis used to access resources protected by OIDC authentication. As such, there should be a timout after which a proof-request that was not used will be marked asexpiredand removed from the queue of allowed authentication attempts.Note: a special scenario, if/when supported, would be multi-use proof-requests (see #64). This can be effectively worked-around by having each proof-request be unique, and the multi-use scenario be a "redirect" case that would trigger a brand new authentication attempt every time.