Closed msporny closed 1 year ago
[@David-Chadwick] Whilst this text is beneficial, it is not sufficient on its own since it raises the following question. When, or under what circumstances, will the validity periods be the same, and when or why will they be different.
Do you have any answers to those questions (which aren't really questions, since the sentence lacks the key syntactical element, ?
)?
Perhaps you might offer some text that gets us closer to what you consider to be sufficient?
Here is my suggestion
"Whilst created
and expires
refer to the validity period of the proof i.e. of the verifiableCredential
, 'validFrom' and 'validUntil' from the VC Data Model refer to the validity period of the credential object."
The current PR text should be changed to the following in order to align with the VC DM PR#1211
Document authors and implementers are advised to understand the difference between the validity period of a proof
, which is expressed using the created
and expires
properties, and the validity period of a credential , which is expressed using the validFrom
and validUntil
properties. While these properties might sometimes express the same validity periods, at other times they might not be aligned. When verifying a proof
, it is important to ensure that the time of interest (the current time or another time) is within the validity period for the proof. When validating
a verifiable credential , it is important to ensure that the time of interest is within the validity period for the credential . Note that a failure to validate either the validity period for the proof
, or the validity period for the credential , might result in accepting data that ought to have been rejected.
Massaging the latest from @David-Chadwick --
Document authors and implementers are advised to understand the difference between
the validity period of a `proof`, which is expressed using the `created` and `expires`
properties, and the validity period of a credential, which is expressed using the
`validFrom` and `validUntil` properties. While these properties might sometimes express
the same validity period, at other times they might not be aligned. When verifying a
`proof`, it is important to ensure that the time of interest (which may be the current
time or any other time) is within the validity period for the `proof` (i.e., between
`created` and `expires`). When `validating` a verifiable credential, it is important
to ensure that the time of interest is within the validity period for the credential
(i.e., between `validFrom` and `validUntil`). Note that a failure to validate either
the validity period for the `proof`, or the validity period for the credential, might
result in accepting data that ought to have been rejected.
@David-Chadwick if you are ok w/ @TallTed's modification of your text (above), I'm happy to update this PR w/ it and merge it. I believe it contains the changes that you were requesting?
@msporny Yes thanks, please go ahead
Editorial, multiple reviews, changes requested and made, no objections, merging.
This PR attempts to address issue #78 by adding text to the "Relationship to VCs" section on the difference between proof and VC validity periods.
Preview | Diff