Closed bruno-zimmermann-bit closed 6 months ago
Is it possible in similar fashion to credentialSubject to have credentialStatus be a set of JSON objects?
Short answer, yes. :)
What would you like to see in the specification to make this more clear?
Cool thanks 👍
For credentialStatus i could envision something along the line of:
credentialStatus If present, the value of credentialStatus is defined as a set of one or more objects or a single object. Each object MUST include the following: ...
Alternally, I think an additional example with multiple credentialStatus can also make it more clear.
This is a question that maps to several real-world use cases.
In GS1, we license ranges of identifiers to our user companies. The terms and conditions under which these ranges are licenses differ between GS1 Member Organizations (regional not-for-profit organizations that administer the identification system in their regions), but, in general, the licenses are renewable, typically annually. If the user company doesn't pay to renew the license, the GS1 Member Organization may suspend it pending payment and, after a grace period, revoke it entirely.
The business rules for the credential status include one that a trading partner shouldn't accept the presentation of a license that is suspended or revoked at the point in time at which the trading partner does the validation. If license is suspended and the user company then catches up on the terms and conditions of their license by making the payment, the local GS1 Member Organization will then remove the suspended status and the trading partner's validation process will succeed, without any change in the license itself.
Another wrinkle to this is that, within the GS1 ecosystem, user companies can issue credentials of their own that reference their license credentials. Any credentials that are issued during the suspension period are subject to the same validation rules as those issued prior to the suspension; once the suspension is lifted, both sets of credentials are equally valid, because the suspension status is concerned only with the point in time at which the validation takes place. Revocation is different; credentials linked to the license that are issued before the revocation will be valid for many use cases (e.g., historical information for products from a manufacturer that is out of business) but none are valid under any circumstances if issued after the revocation (you can't issue a credential to identify a product if you are no longer licensed to use that identification range).
So, within the GS1 ecosystem, we can have one and only one status with multiple possible values: active (no other status applied), suspended (transient by definition), revoked (permanent), and replaced (permanent but a completely separate discussion).
Other ecosystems, though, may require more detail. A medical doctor is licensed to practice in a given jurisdiction. Let's say that the ecosystem for licensure allows a doctor to issue credentials (e.g., to certify a patient having received certain vaccines before travelling to a foreign country). If the doctor is under investigation for something serious enough, their license may be suspended, during which time they are not permitted to practice. If the investigation clears the doctor of wrongdoing, the suspension will be lifted, but the record of the suspension and the time period in which it applied must remain. A vaccination credential issued by the doctor prior to the suspension should be considered valid, regardless of the suspension, by checking the date issued against the start date of the suspension. A vaccination credential issued by the doctor during the suspension should be considered invalid, because the doctor was not licensed to practice during that period. In this use case, the business rule requires comparison of the timestamps of the license status and dependent credential, which differs from the GS1 use case which requires checking the license status only at the time of validation.
The issue was discussed in a meeting on 2024-01-31
The issue was discussed in a meeting on 2024-02-28
PR #1450 has been raised to address this issue. This issue will be closed once PR #1450 has been merged.
The issue was discussed in a meeting on 2024-03-06
PR #1450 has been merged, closing.
Is it possible in similar fashion to credentialSubject to have credentialStatus be a set of JSON objects? To me this is not clear from the specification.
eg.