- From: Manu Sporny <msporny@digitalbazaar.com>
- Date: Sun, 22 Feb 2015 13:09:00 -0500
- To: public-credentials@w3.org
On 02/19/2015 05:00 AM, Joerg.Heuer@telekom.de wrote: > Generating a credential for this sounds good, but I don't think that > it requires a short lifespan. The information 'I was exactly at that > position on that date and time' requires a timestamp in the first > place, but it would be true forever, essentially, right? Yes, you're exactly right, Joerg. I guess the trick is related to a best practice on how to interpret these sorts of credentials. While it's true forever, there are a couple of options on how to issue the credential: 1. The consuming system decides how long the credential is valid for. For example, an ecommerce tax assessment platform would probably accept the credential as valid for an hour or two (which tax jurisdiction were you in when you bought this item), while a proximity ecoupons offer site would limit it to 15-30 minutes, or 2. The issuer of the credential would set the validity of the credential. I think #1 is more powerful and, as you said, is what we'd go with... however, that means we are saying that #2 is probably not a best practice. It's not a hard decision to make, but we will most likely have to say /something/ about this in a spec about proximity credentials. -- manu -- Manu Sporny (skype: msporny, twitter: manusporny, G+: +Manu Sporny) Founder/CEO - Digital Bazaar, Inc. blog: The Marathonic Dawn of Web Payments http://manu.sporny.org/2014/dawn-of-web-payments/
Received on Sunday, 22 February 2015 18:09:26 UTC