PID/EAA Issuance Notification - Credential Issuer actions on notification

[pietroACN]

The actual specification indicates that "The Notification Endpoint is used by the Wallet to notify the PID/(Q)EAA Provider of certain events for issued Credentials, such as if the Credential was successfully stored in the Wallet Instance or in case of unsuccessful Credential issuance caused by a User action."

The corresponding events, track user behavior within the wallet. (accepted, deleted, failure)

While these events may disclose user wallet behavior to the Credential Issuer, within the specification is not defined the Issuer corresponding actions to such notification. It seems (but not specified) that Credentail Issuer in case of "Credential Deleted" or "Credential Failure" cases should revoke the issued credential (see Low Level Issuance Flow blue box next step 22).

A detailed requirement is needed in this case to avoid inconsistent behavior from different Credential Issuers

[peppelinux]

The notification endpoint is defined in OpenID4VCI, here.

It gives the appopriate evidence that the issued credential is taken by its legitimate possessor, making the flow consistent.

there is no user behaviour, such deleted or accepted, since its storage belongs to the previous user request.

the "event_description" is optional and the current specs does not mandates its use.