Not all credentials expire.

peppelinux / draft-demarco-oauth-status-assertions

OAuth 2.0 Status Assertions for Digital Credentials

Other

4 stars 5 forks source link

Not all credentials expire. #71

Open peppelinux opened 3 months ago

peppelinux commented 3 months ago

Not all credentials expire.

I think we should provide examples for all cases of vc + sa with iat and exp.

There is also nbf which could interact negatively with iat and exp.

_Originally posted by @OR13 in https://github.com/peppelinux/draft-demarco-oauth-status-assertions/pull/65#discussion_r1635625370_

fmarino-ipzs commented 1 week ago

We can handle this case with the assertion status ‘SUSPENDED’ until the credential becomes valid. WDYT?

peppelinux commented 1 week ago

We should resolve this first: https://github.com/peppelinux/draft-demarco-oauth-status-assertions/issues/83#issue-2533906802

OR13 commented 1 week ago

nbf,iat, exp should be optional in base specs, they can be made mandatory in profiles for specific types.

in my opinion, iat and exp should be mandatory in key binding tokens, and status assertions, since they are meant to be "short lived"... not all credential types that have status are meant to be "short lived".