We shouldn't be "verifying" a credential

w3c-ccg / vc-issuer-http-api

A specification for an HTTP API used to issue Verifiable Credentials.

https://w3c-ccg.github.io/vc-http-api/

Other

7 stars 5 forks source link

We shouldn't be "verifying" a credential #13

Closed dhh1128 closed 4 years ago

dhh1128 commented 4 years ago

The terminology of the VC spec is that we verify a presentation, not a credential. (A presentation contains one or more pieces of data that match the credential data model, right?) This suggests that any verification that happens should be under /presentations/x, not /credentials/x.

Unless we mean that verification is just checking to see if the credential looks legit from the issuer's (not verifier's) perspective.

peacekeeper commented 4 years ago

The terminology of the VC spec says that "verification" and "validation" are applicable to both credentials and presentations, even though I would agree that many well-design systems in practice would not need to directly verify credentials, only presentations.

Also I think this comment belongs into https://github.com/w3c-ccg/vc-verifier-http-api, not here? Apparently that only mentions credentials right now, not presentations. That should be fixed.

dhh1128 commented 4 years ago

I'll move this (and reword to address your correction; thank you) to the verifier API.