italia / eudi-wallet-it-docs

Italian EUDI Wallet Technical Specifications
Creative Commons Zero v1.0 Universal
56 stars 20 forks source link

[Status Attestation HTTP Response] - Status Code #340

Closed pietroACN closed 1 month ago

pietroACN commented 4 months ago

In the actual description of the Status Attestation HTTP Response Status Codes, we have the description of the status "404 Not Found" set as "The Digital Credential can not be found by the Issuer." here

I would suggest to improve the description, including in this return code the cases of "credential_revoked" and "credential_updated" thus changing the description as follows: "The Digital Credential can not be found by the Issuer, or the Status Attestation cannot be issued because the credential has been revoked or updated."

peppelinux commented 4 months ago

we already had this conversation: providing additional information may give the possibility to do information gathering

pietroACN commented 4 months ago

Thus the wallet will not be able to return to the user any information on why the status attestation cannot be issued. As the entire flow is protected by HTTPS, tracking these details would be difficult: unlocking/breaking HTTPS in this case would be costly in relation to the outcome (disclosing these information) and I believe that these additional details are protected enough from any data interception.

SaraConsoliACN commented 2 months ago

This issue has been resolved in PR #342.