[Credential Lifecycle - Status Attestation ] - Functional Requirements - Status Attestation

[pietroACN]

From the specification is not clear how the two following requirements could interlace:

• contain the expiration datetime after which it SHOULD NOT be considered valid anymore and it MUST NOT be greater than the one contained in the Digital Credential which it refers to; Link
• have a validity period not greater than 24 hours; Link

For example if the expiration datetime would be set after 30days and validity period set after 12 hours, it's not clear if the Status Attestation, while being valid (expiration datetime) cannot be used after the validity time (expired validity)

[peppelinux]

status attestations are short lived and cannot expire after the expiration of the credential where they are bound to, eg: credential expires in the next 5 hours, the linked status attestation cannot expire after the next 5 hours.

expiration is part of the validity evaluation, while validity is a more complex concept that brings signature verification, revocation verification, issuer revocation and so on.

[SaraConsoliACN]

In my opinion, this issue can be considered resolved by the PR https://github.com/italia/eudi-wallet-it-docs/pull/308 in this section of the text: https://github.com/italia/eudi-wallet-it-docs/pull/308/files#:~:text=MUST%20contain%20the,the%20Digital%20Credential%3B.