Specify behavior for expired/revoked credentials

eclipse-dataspace-dcp / decentralized-claims-protocol

Apache License 2.0

6 stars 13 forks source link

Specify behavior for expired/revoked credentials #53

Open arnoweiss opened 5 months ago

arnoweiss commented 5 months ago

Description

As STS implementation , I want to know the desired behavior on whether a VP should also contain expired/revoked VCs, so that a verifier knows whether to expect invalid VCs in a VP.

Acceptance Criteria

[ ] Statement in VPP flow

Additional Information

It may make sense to comment that independent of the STS, a verifier's duties to perform proper verification (including a revocation checks) remain unchanged as they cannot rely on a STS's faithful behavior.

paullatzelsperger commented 5 months ago

Generally I agree with mentioning this, but it relates to the CredentialService, not the STS. My proposal would be to say, that "a CredentialService implementation SHOULD only include valid (non-expired, non-revoked, non-suspended) credentials in a PresentationResponseMessage"