-
Notifications
You must be signed in to change notification settings - Fork 19
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[Credential Lifecycle - Status Attestation ] - Functional Requirements - Issuer #266
Comments
we must introduce actionable items that brings the evidence about how this "loss" can be evaluated from the credential issuer. checking a revocation of a wallet instance is possibile since the wallet instance attestation would not be valid anymore, making this item explicit, while the "loss of something" doesnt bring any evidence about how it could be evaluated from the issuer side |
I would therefore replace the original text with the following: "The issuer Must .... revoke a Digital Credential when ....the holder request such revocation due to loss or replacement of cryptographic key material which the issued Digital Credential is bound to". As loss of crypto key/s is something that only holder would be aware of, he has to officially perform the request. |
this pr aims to solve this issue italia#266
* Update credential revocation reason from issuer's perspective this pr aims to solve this issue #266 * Added how a user can authenticate in case of loss of the priv key * editorial update Co-authored-by: Giuseppe De Marco <[email protected]> * Apply suggestions from code review * Update docs/en/revocation-lists.rst * Apply suggestions from code review --------- Co-authored-by: Giuseppe De Marco <[email protected]> Co-authored-by: Francesco Grauso <[email protected]>
The text states: " The issuer Must .... revoke a Digital Credential when ....the Wallet Instance that holds the Digital Credential was issued is revoked;"
It is not clear where is the relation between the Wallet Istance (that may have been revoked and replaced with another version) and the Digital Credential as the credential validity should be independent from the wallet: the credential is bound to the user Key that may be generated by an external WCSD or remote signing device.
It would be preferable to change the text with the following one: " The issuer Must .... revoke a Digital Credential when ....the cryptographic key material to which the issued Digital Credential is bound is lost or replaced;"
In case also the following statement should be replaced with: "Loss of cryptographic key material to which the issued Digital Credential is bound"
The text was updated successfully, but these errors were encountered: