search

w3c / vc-bitstring-status-list

A privacy-preserving mechanism to publish status information for Verifiable Credentials.
https://w3c.github.io/vc-bitstring-status-list/
Other
22 stars 19 forks source link

when revocation status is and isn't appropriate to present #147

Closed npdoty closed 6 months ago

npdoty commented 7 months ago

Revocation status is often not important to the use case for credentials. For example, my driver's license may have expired or my driving privileges may have been revoked, but my age won't have changed in either case. It seems guidance is necessary for when status list information should be included at all in the response to a credential request, and when it isn't appropriate. Or when it is appropriate, the spec needs to highlight the privacy issues in doing so, and verifiers and holder software will need to communicate that to the user.

msporny commented 6 months ago

Yes, agreed. The specification would benefit from a section that speaks to when status information is appropriate and when it isn't.

msporny commented 6 months ago

PR #160 has been raised to address this issue. This issue will be closed once PR #160 has been merged.

msporny commented 6 months ago

PR #160 has been merged, closing.