peppelinux
commented
1 month ago this must be done here: https://github.com/peppelinux/draft-demarco-oauth-status-assertions/issues/85
Closed pietroACN closed 1 week ago
peppelinux
commented
1 month ago this must be done here: https://github.com/peppelinux/draft-demarco-oauth-status-assertions/issues/85
peppelinux
commented
1 week ago
The actual revocation flow allows multiple revocations to be requested at the same time. The Credential Revocation HTTP Request include a revocation_assertion_requests claim.
Within the Response flow, the response MUST include a JSON object with a member named revocation_assertion_responses.
The Revocation Assertion Error object within the response MUST contain an error parameters, among them the credential_updated parameter described as "One or more information contained in the Digital Credential are changed. The error_description field SHOULD contain a human-readable text describing the general parameters updated without specifying each one" is not clear how can be handled as:
1) The credential to be revoked is not provided in the revocation_assertion_requests claim as it contains only its HASH 2) In cash the verification would be performed only vs the credential hash, there is no possibility for the Credential Issuer to ensure that the provided Hash differs from the stored one only due to updates of its content 3) The Credential Issuer is forbidden to store details of the issued credential, thus cannot keep information about specific information changed within it as it could be used to track its contents.
It would be therefore preferable to remove this Error type to avoid Credential Issuers to try to manage it thus reducing related data privacy guarantees