Define what a credential validity does mean

[filip26]

In my understanding a credential validity determines time range in which claims attributed to a subject are truthful. If validity is not specified then the statements are truthful with no regard on time.

Please note validFrom property is optional as well as validUntil.

Clear definition could prevent confusion and help with proper use. See issue #965

[OR13]

Truth is the wrong word.

Validity is about the time interval for which the issuer wants verifiers to understand it's claims as applying to the subject.

[brentzundel]

we do have a definition for validation https://w3c.github.io/vc-data-model/#dfn-credential-validation

[andresuribe87]

There is no clear indication between the relationship between validation and validity period.

Specifically, the latter section says:

This specification defines the validFrom property to help an issuer to express the date and time when a credential becomes valid

Perhaps we should explicitly state what "becomes valid" means in relation to the validation process as defined in the terminology. My proposal would be something along the lines of: "When validFrom is present, any validation process MUST include a check with respect to the current time, and evaluates the verifiable credential as not valid."

[brentzundel]

Perhaps we should explicitly state what "becomes valid" means in relation to the validation process as defined in the terminology. My proposal would be something along the lines of: "When validFrom is present, any validation process MUST include a check with respect to the current time, and evaluates the verifiable credential as not valid."

I think the argument here is that an issuer can indicate when they intend a credential will become valid using validFrom, but a verifier is free to ignore that.

[filip26]

There are at least two possible ways to define semantics of the validity period.

Validity period is related to the VC itself

The validity period says nothing about the claims and the subject as it applies to the VC as whole. validUntil is then simply revocation of the credential. An example is @OR13 's definition and v1.1 interpretation. This approach is well adopted by SSL certificates.

Validity period is related to claims

The validity period specifies limits/duration in which claims attributed to a subject are truthful/verified. validUntil does not represent a credential revocation but just states a fact that after the date the claims are not truthful/verified by the issuer, that in fact can have the same effect as revocation but semantically it adds a value because it says something about the claims.

Generally, In order to issue a credential an issuer must "verify" that claims are truthful, somehow. e.g. by checking physical evidence, or an internal registry, etc. So there is some truth being said about the claims by an issuer. (not saying truth[ful] is the right word).

I prefer the second option, make the validity period a statement about claims and subject instead of the credential as whole. Silently expecting we can revoke a credential (btw. what is the reason to revoke a credential - except compromised issuer's private key - when validity period is related to claims?) with status lists.

[andresuribe87]

Perhaps we should explicitly state what "becomes valid" means in relation to the validation process as defined in the terminology. My proposal would be something along the lines of: "When validFrom is present, any validation process MUST include a check with respect to the current time, and evaluates the verifiable credential as not valid."

I think the argument here is that an issuer can indicate when they intend a credential will become valid using validFrom, but a verifier is free to ignore that.

It wasn't clear to me that was the intention of the spec. Should that be clarified? Or is it implicit?

[jandrieu]

My take is that the validFrom is necessarily a framing of when this particular Verifiable Credential is valid. It is a way to bound the intention of the issuer to a particular transitory period.

The verifier, of course, can ignore that for appropriate use cases--because they get to decide the rules of validity--but they do so on their own authority. For example, does an expired driver's license constitute legitimate proof of age or height? Maybe. Depends on your business rules.

Whether or not any of the claims within the VC should be treated as transitory is a different matter. A VC issued by CADMV may assert claims including that "Joe is 5'8" and 210lbs" among other things. That same VC has a validFrom date, which describes when this particular VC should be considered valid. However, that validFrom is NOT about the claims in that VC, it's about the VC. That is, the individual claim that Joe is 210lbs is not bound by that validFrom boundary. Nobody is saying that claim is invalid until that date. What the issuer is saying is that the VC, take as a whole, has an expected boundary of validity.

That said, we do still need better language on verification and validity. The difference is far too much nuance for most to grasp as currently presented.

[andresuribe87]

I agree that we need better language. Personally, I think the problem is that we're using the language "a credential is valid", and at the same time we're saying "the validation process depends on business logic". How can you make an assertion about the outcome of a process, if you aren't standardizing the process itself?

I have a possible rephrasing, without knowing what the original intention of the term validFrom was. So it might change the semantics of the property a bit. Proposal below.

Let's change validFrom in favor of verifiableFrom. Since the VC spec does describe what the verification does, I believe that it becomes clear that the verification process has to fail when the date is before the verifiableFrom date.

[filip26]

The definition would have an impact on

• verifier
• issuer
• the way how to model claims
• and even the number of issued credentials "crediting" the same

Thank you all for the proposals and comments proving the need.

[OR13]

Can we focus this issue on changes to https://w3c.github.io/vc-data-model/#validity-period

Or should I mark as discussion?

[iherman]

The issue was discussed in a meeting on 2023-07-19

• no resolutions were taken

View the transcript

#### 2.2. Define what a credential validity does mean (issue vc-data-model#1176) _See github issue [vc-data-model#1176](https://github.com/w3c/vc-data-model/issues/1176)._ **Brent Zundel:** 1176 - 'define what a credential validity means'. I believe that this issue is just a question. I think we should put a 'discuss' label on it. **Joe Andrieu:** I think the original question is about the validity period. The issue went into what is *validity* in general, which I think is a separate concern. **Dave Longley:** I think the data model is clear, but maybe we need better prose to explain it. > *Brent Zundel:* that matches my understanding. > *Orie Steele:* validity period applies to the `id` in the credential... credential does not require an `id`. > *Dave Longley:* Orie: disagree, it applies to the object in which it appears -- and that object may or may not have a globally unambiguous ID. > so those are two separate things. > *Orie Steele:* Once it becomes rdf, there will be an `id`... it just won't be unique.. we are saying the same thing. > +1 dlongley, the data model is RDF, the properties go on the RDF graph node, or an RDF blank node, if not `id` exists. **Manu Sporny:** One question is whether we want validFrom and validUntil to apply to presentations as well. … I think it's fine to apply to either presentations or credentials. > *David Chadwick:* +1 to applying to VPs as well. **Joe Andrieu:** +1 to validity on presentations as well. > *Dave Longley:* +1 those are different things -- put `validFrom` / `validUntil` on that other thing if you want to use it there. **Sebastian Crane:** My question is about entering CR, how long do we have in terms of doing what we want to do until it moves onto next stage. We have a number of post CR issues. **David Chadwick:** Because the validity period applies to the VC, it should be part of the proof property and not part of the data model. **Brent Zundel:** We don't have to wait to enter CR before working on issues... we have budgeted at least 2 60 day CR periods. … We have other options as well, if we need more time. > *Dmitri Zagidulin:* -1 to moving validFrom etc to 'proof'. > *Brent Zundel:* also -1 to moving them to proof. > *Joe Andrieu:* +1 to applying valid* to the object of which it is a property. > *Sebastian Crane:* without general context of this issue, +1 dlongley. > *Brent Zundel:* +1 dlongley. > *Orie Steele:* I tell the bar tender how long they can use my drivers license all the time. **Dmitri Zagidulin:** What is the semantic meaning of a validity period on a presentation? **Manu Sporny:** It's about the length of time the presentation itself should be considered valid. > *Ted Thibodeau Jr.:* it's an unenforceable, voluntary limitation. > *Orie Steele:* He means this predicate: [https://github.com/w3c/vc-data-model/blob/main/contexts/credentials/v2#L84](https://github.com/w3c/vc-data-model/blob/main/contexts/credentials/v2#L84). > *Sebastian Crane:* It's not just whether the semantics *can* be defined, but also whether there is a use case for this. **Joe Andrieu:** I think this introduces additional potential for confusion.

[filip26]

Thinking about it more, there is a possible privacy risk connected to validFrom, when used naively. Perhaps, validFrom should be dropped to avoid misuse and privacy issues.

validFrom can easily reveal private information that is not part of the VC or is under selective disclosure.

An example could be overAge VC, but it can be generalized to any VC whose validity depends on date related to a subject. In the case of overAge presence of validFrom can reveal:

• exact birthdate when issued in advance or naively
• date before the subject could have been under the age if validFrom is present

[David-Chadwick]

But since validFrom is optional, there is no inherent privacy risk in the data model. This property does not need to be present in an overAge VC. All the verifier needs to know is that the VC is currently valid, which is provided by the validity period of the proof property (and not from the validity period of the credential, which can be absent).

[jandrieu]

From today's call:

JoeAndrieu: I think this is still tied up in the ambiguity around what should be in verification vs. validation. I don't know what to do with this issue ... that lingering delineation, I don't remember where the conversation is in github around this but there was some movement and I think I was convinced that other things that should be in verification weren't.

manu: I think Dave Longley had a good proposal somewhere on the Internet. Things can happen during verification that an extract information that can be used in a validation phase.

manu: There are things that are clearly in verification like checking the proofs.

manu: Then there are other things that can happen like checking the signature on a status list -- but the information in that list -- is up to the validation phase to use.

manu: We can still talk about these things ... getting the authentic information during verification and then handing it off for validation seems like it...

[jandrieu]

Also, from TallTed: as I recall, the key bit relevant to 1176 is that Verification is crypto/technological which we can specify, while Validation is business logic which we cannot specify.

[iherman]

The issue was discussed in a meeting on 2024-01-24

• no resolutions were taken

View the transcript

#### 2.5. Define what a credential validity does mean (issue vc-data-model#1176) _See github issue [vc-data-model#1176](https://github.com/w3c/vc-data-model/issues/1176)._ **Brent Zundel:** Define what a credential validity does mean. … I'm not sure ... this is about validity periods. … The last conversation happened in July of last year. … What, if anything, is the action here? **Joe Andrieu:** I think this is still tied up in the ambiguity around what should be in verification vs. validation. I don't know what to do with this issue ... that lingering delineation, I don't remember where the conversation is in github around this but there was some movement and I think I was convinced that other things that should be in verification weren't. **Manu Sporny:** I think Dave Longley had a good proposal somewhere on the Internet. Things can happen during verification that an extract information that can be used in a validation phase. … There are things that are clearly in verification like checking the proofs. … Then there are other things that can happen like checking the signature on a status list -- but the information in that list -- is up to the validation phase to use. … We can still talk about these things ... getting the authentic information during verification and then handing it off for validation seems like it would help. **Brent Zundel:** I will note that we have a validation appendix on the data model currently and perhaps an action here would be to update that appendix to reflect what Dave said. … I haven't heard anyone say that they disagree with that expression of things. … Possible action here -- but now Joe is assigned. **Joe Andrieu:** I will try and do this -- and reach out to you, Dave, for the language you proposed.

[iherman]

The issue was discussed in a meeting on 2024-02-28

• no resolutions were taken

View the transcript

#### 3.2. Define what a credential validity does mean (issue vc-data-model#1176) _See github issue [vc-data-model#1176](https://github.com/w3c/vc-data-model/issues/1176)._ **Joe Andrieu:** If anyone has feedback I'm happy to hear it but I'll get to this I have what I think I need.

[iherman]

The issue was discussed in a meeting on 2024-03-06

• no resolutions were taken

View the transcript

#### 2.7. Define what a credential validity does mean (issue vc-data-model#1176) _See github issue [vc-data-model#1176](https://github.com/w3c/vc-data-model/issues/1176)._ **Brent Zundel:** 1176 define what credential validity means? … JoeAndrieu ? **Joe Andrieu:** ...still need to get to it, sorry. **Brent Zundel:** if there still isn't a PR in the next few weeks, we will need to close it.

[filip26]

When I raised the issue I hoped that there would be easy to get consensus on a few recommendations on how the validity should/must not be interpreted. Given the state of the issue, I'm closing it. Thank you all for your contribution.