- From: Manu Sporny <msporny@digitalbazaar.com>
- Date: Fri, 14 Jun 2024 12:36:39 -0400
- To: Julien Fraichot <Julien.Fraichot@hyland.com>
- Cc: "W3C Credentials CG (Public List)" <public-credentials@w3.org>
On Fri, Jun 14, 2024 at 11:32 AM Julien Fraichot <Julien.Fraichot@hyland.com> wrote: > So quick question about `refreshService` endpoint, would it be acceptable to use it as a way to sign again a previously issued credential with a new cryptosuite? IMHO, yes, it's acceptable. :) > In more down to earth terms, say a credential was signed in 2020 and now that SD cryptosuites are available, would the refresh service be a suitable entry point to sign the same credential again? Or would the proper way to re-issue the credential altogether? I'm sure there are corner cases where you might not want to do this, but I can't think of any compelling ones right now. In general, I expect it's a valid use of the refreshService to update the cryptography, and really any other part of the VC the issuer might want to refresh (like a new logo). Keep in mind that this is really a part of the issuer's business rules. They're the ones that decide if they want to do this sort of "auto-upgrade", or if they want to send the individual through a manual refresh flow. -- manu -- Manu Sporny - https://www.linkedin.com/in/manusporny/ Founder/CEO - Digital Bazaar, Inc. https://www.digitalbazaar.com/
Received on Friday, 14 June 2024 16:37:20 UTC