Re: Expiry time in Data Model

On Fri, May 20, 2016 at 2:35 PM, David Chadwick <>

> However the recipient is still the one doing the trusting, and
> it can decide to trust a credential without following the issuer's
> policy.

it feels a little funny for the "trusting party" to have discretion​ to
ignore the issuers policy about a caching the validation and when to force
a re-verification.  In an automated system, wouldn't this be automatic?  We
want this ecosystem to understand that a verification is itself out of date
and no longer valid for use (the verification is out of date, not the
claim).  In the over 18 example, the issuer would probably make TTL be
infinite or unset. If TTL is set, it can't be ignored otherwise the
veracity of the verification is undermined and is open to fraud and misuse;
the value of the credential is at risk in the market place.

Matt Stone

Received on Friday, 20 May 2016 21:05:25 UTC