W3C home > Mailing lists > Public > public-credentials@w3.org > May 2016

Re: Expiry time in Data Model

From: Stone, Matt <matt.stone@pearson.com>
Date: Fri, 20 May 2016 15:04:47 -0600
Message-ID: <CA+w1=RR9j0Hi=r5PD=8dHohch6YXEid2FXCCLcgTAi4snCofyg@mail.gmail.com>
To: David Chadwick <d.w.chadwick@kent.ac.uk>
Cc: Jason Weaver <jweaver@parchment.com>, Eric Korb <eric.korb@accreditrust.com>, Credentials Community Group <public-credentials@w3.org>
On Fri, May 20, 2016 at 2:35 PM, David Chadwick <d.w.chadwick@kent.ac.uk>
wrote:

> However the recipient is still the one doing the trusting, and
> it can decide to trust a credential without following the issuer's
> policy.
>

it feels a little funny for the "trusting party" to have discretion​ to
ignore the issuers policy about a caching the validation and when to force
a re-verification.  In an automated system, wouldn't this be automatic?  We
want this ecosystem to understand that a verification is itself out of date
and no longer valid for use (the verification is out of date, not the
claim).  In the over 18 example, the issuer would probably make TTL be
infinite or unset. If TTL is set, it can't be ignored otherwise the
veracity of the verification is undermined and is open to fraud and misuse;
the value of the credential is at risk in the market place.



=====
Matt Stone
501-291-1599
Received on Friday, 20 May 2016 21:05:25 UTC

This archive was generated by hypermail 2.3.1 : Wednesday, 11 July 2018 21:19:29 UTC