Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Ensure that statusListCredential can be dereferenced. #46

Merged
merged 2 commits into from
Jun 14, 2023
Merged

Ensure that statusListCredential can be dereferenced. #46

Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
449358c
Ensure that statusListCredential can be dereferenced.
msporny Jan 29, 2023
854d60c
Fix grammar and syntax regarding statusListCredential statements.
msporny Feb 4, 2023
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
27 changes: 16 additions & 11 deletions index.html
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -301,11 +301,15 @@ <h3>StatusList2021Entry</h3>
<tr>
<td>id</td>
<td>
The constraints on the <code>id</code> property are listed in the
Verifiable Credentials Data Model specification [[VC-DATA-MODEL]]. The
value is expected to be a URL that identifies the status information associated
with the <a>verifiable credential</a>. It MUST NOT be the URL for the
status list.
An optional identifier for the status list entry. The constraints on the
<code>id</code> property are listed in the Verifiable Credentials Data Model
specification [[VC-DATA-MODEL]]. If present, the value is expected to be a URL
that identifies the status information associated with the <a>verifiable
credential</a>. It MUST NOT be the URL for the status list. The value is
not used during the verification or validation process, and does not need to be
related to the `statusListCredential` value. If necessary, the value can be
used to uniquely identify the `StatusList2021Entry` object, such as when it is
stored in a database.
</td>
</tr>
<tr>
Expand Down Expand Up @@ -358,9 +362,9 @@ <h3>StatusList2021Entry</h3>
<td>statusListCredential</td>
<td>
The <code>statusListCredential</code> property MUST be a URL to a
<a>verifiable credential</a>. When the URL is dereferenced, the resulting
<a>verifiable credential</a> MUST have <code>type</code> property that
includes the <code>StatusList2021Credential</code> value.
<a>verifiable credential</a>. When the URL is dereferenced, the result
MUST be a <a>verifiable credential</a> that contains a <code>type</code>
OR13 marked this conversation as resolved.
Show resolved Hide resolved
property that includes the <code>StatusList2021Credential</code> value.
</td>
</tr>
</tbody>
Expand Down Expand Up @@ -555,7 +559,7 @@ <h3>Validate Algorithm</h3>

<ol class="algorithm">
<li>
Let <strong>credentialToValidate</strong> be a <a>verifiable credentials</a>
Let <strong>credentialToValidate</strong> be a <a>verifiable credential</a>
mprorock marked this conversation as resolved.
Show resolved Hide resolved
containing a <code>credentialStatus</code> entry that is a
<a href="#statuslist2021entry">StatusList2021Entry</a>.
</li>
Expand All @@ -565,8 +569,9 @@ <h3>Validate Algorithm</h3>
<strong>credentialToValidate</strong>.
</li>
<li>
Verify all proofs associated with the <strong>credentialToValidate</strong>.
If a proof fails, return a validation error.
Dereference the <code>statusListCredential</code> URL, and ensure that all
proofs verify successfully. If the dereference fails, or if any of the proof
verifications fail, return a validation error.
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Please be more specific about the error returned. HTTP 404 (Not Found) is one that I would suggest.

Copy link
Contributor

@dlongley dlongley May 3, 2023
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Saying "return HTTP 404" (instead of just "return a validation error") doesn't make sense here because these processing rules are for consumers. This statement is telling the client / processor that is trying to dereference the URL what to do. There's no expectation that this processing software must be running on a server itself.

We could say that one possible reason for a URL dereference failure is for the consumer to receive an HTTP 404 error from the server that is the authority for that URL. So, we could say that here, but what then about other dereference failures / different error codes from the server? I'd think at that point, that if the URL is an HTTPS URL, we would want to say that any 4xx/5xx error should be considered a dereferencing failure.

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

+1 to handle this in another issue and get this PR merged.

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Issue #64 has been raised to track what HTTP responses are expected. Can you please re-review, @selfissued?

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
verifications fail, return a validation error.
verifications fail, return a validation error.
<p class="issue" data-number="64">note: the WG is tracking a desire to add some protocol guidance, especially for HTTP status code alignment</p>

</li>
<li>
Verify that the <strong>status purpose</strong> matches the
Expand Down