Closed npdoty closed 6 months ago
Yes, agreed. The specification would benefit from a section that speaks to when status information is appropriate and when it isn't.
PR #160 has been raised to address this issue. This issue will be closed once PR #160 has been merged.
PR #160 has been merged, closing.
Revocation status is often not important to the use case for credentials. For example, my driver's license may have expired or my driving privileges may have been revoked, but my age won't have changed in either case. It seems guidance is necessary for when status list information should be included at all in the response to a credential request, and when it isn't appropriate. Or when it is appropriate, the spec needs to highlight the privacy issues in doing so, and verifiers and holder software will need to communicate that to the user.