Closed clehner closed 8 months ago
yes
Who else has the knowledge to do that but the issuer?
if issuer is part of a trust framework or a federation, there might be one list for multiple issuers? (though maintaining that might be a nightmare)
One sentence that it might or might not match might be helpful/all we can do.
something like what we added in openid4vci spec when we had a similar question: "Depending on the Credential format, the issuer identifier in the issued Credential is not always a URL using the https
scheme. Some other forms that it can take are a DID included in the issuer
property in a [@VC_DATA] format, or the Subject
value of the document signer certificate included in the x5chain
element in a [@ISO.18013-5] format."
and it is up to the verifer/holder/issuer trust model to decide whether to check if it is the same or not.
yes
to elaborate: a lot is possible, but the intention is that typically the issuer would be the one issuing the status list, even if that is a delegated responsibility
The issue was discussed in a meeting on 2023-01-31
PR #103 has been raised to address this issue. This issue will be closed once PR #103 has been merged.
PR #103 has been merged, closing.
Is a StatusList2021Credential expected to be issued by the issuer of the verifiable credentials whose revocation status it encodes?