Re: Expiry time in Data Model from Stone, Matt on 2016-05-20 (public-credentials@w3.org from May 2016)

From: Stone, Matt <matt.stone@pearson.com>
Date: Fri, 20 May 2016 15:04:47 -0600
To: David Chadwick <d.w.chadwick@kent.ac.uk>
Cc: Jason Weaver <jweaver@parchment.com>, Eric Korb <eric.korb@accreditrust.com>, Credentials Community Group <public-credentials@w3.org>
Message-ID: <CA+w1=RR9j0Hi=r5PD=8dHohch6YXEid2FXCCLcgTAi4snCofyg@mail.gmail.com>

On Fri, May 20, 2016 at 2:35 PM, David Chadwick <d.w.chadwick@kent.ac.uk>
wrote:

> However the recipient is still the one doing the trusting, and
> it can decide to trust a credential without following the issuer's
> policy.
>

it feels a little funny for the "trusting party" to have discretion to
ignore the issuers policy about a caching the validation and when to force
a re-verification.  In an automated system, wouldn't this be automatic?  We
want this ecosystem to understand that a verification is itself out of date
and no longer valid for use (the verification is out of date, not the
claim).  In the over 18 example, the issuer would probably make TTL be
infinite or unset. If TTL is set, it can't be ignored otherwise the
veracity of the verification is undermined and is open to fraud and misuse;
the value of the credential is at risk in the market place.

=====
Matt Stone
501-291-1599

Received on Friday, 20 May 2016 21:05:25 UTC