Add credential deletion section. #491
There are no files selected for viewing
| Original file line number | Diff line number | Diff line change | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|
@@ -489,48 +489,49 @@ <h3>Services</h3> | |||||||||||||
| network endpoints of services are defined herein. | ||||||||||||||
| </p> | ||||||||||||||
| <p> | ||||||||||||||
| The <dfn>issuer service</dfn> takes requests to issue VCs from authorized Issuer | ||||||||||||||
| Coordinators and returns well-formed, signed Verifiable Credentials. This | ||||||||||||||
| service MUST have access to private keys (or key services which utilize private | ||||||||||||||
| keys) in order to create the proofs for those VCs. The API between the Issuer | ||||||||||||||
| service and its associated key service is believed to be out of scope for the VC | ||||||||||||||
| API, but may be addressed by WebKMS or similar specifications. | ||||||||||||||
|
There was a problem hiding this comment. Is there an appropriate link for WebKMS, to serve with |
||||||||||||||
| </p> | ||||||||||||||
| <p> | ||||||||||||||
| The <dfn>verifier service</dfn> takes requests to verify Verifiable Credentials | ||||||||||||||
| and Verifiable Presentations and returns the result of checking their proofs and | ||||||||||||||
| status (if present). The service only checks the authenticity and timeliness of | ||||||||||||||
| the VC; leaving the Verifier Coordinator to finish Applying any business rules | ||||||||||||||
|
There was a problem hiding this comment.
Suggested change
|
||||||||||||||
| needed. | ||||||||||||||
|
Comment on lines
+503
to
+504
There was a problem hiding this comment. As used here, the semicolon should separate two complete sentences. The
Suggested change
|
||||||||||||||
| </p> | ||||||||||||||
| <p> | ||||||||||||||
| The <dfn>holder service</dfn> takes requests to create Verifiable Presentations | ||||||||||||||
| from an optional set of VCs and returns well-formed, signed Verifiable | ||||||||||||||
| Presentations containing those VCs. These VPs are used with Issuers to | ||||||||||||||
| demonstrate control over DIDs prior to issuance and with Verifiers to present | ||||||||||||||
| specific VCs. | ||||||||||||||
|
Comment on lines
+510
to
+511
There was a problem hiding this comment.
Suggested change
|
||||||||||||||
| </p> | ||||||||||||||
| </section> | ||||||||||||||
| <section> | ||||||||||||||
| <h3>Status Service</h3> | ||||||||||||||
| <p> | ||||||||||||||
| The <dfn>status service</dfn> provides a privacy-preserving means for publishing | ||||||||||||||
|
There was a problem hiding this comment.
Suggested change
|
||||||||||||||
| and checking the status of any Verifiable Credentials issued by the Issuer. | ||||||||||||||
| Implementers of verifier services are encouraged to understand the privacy | ||||||||||||||
| implications of checking status by referring to the respective status | ||||||||||||||
| specification used by the verifiable credential. | ||||||||||||||
| </p> | ||||||||||||||
| <p> | ||||||||||||||
| For specific mechanisms by which to manage Verifiable Credential statuses, it's | ||||||||||||||
| recommended to refer to external well known specifications, such as the | ||||||||||||||
|
There was a problem hiding this comment.
Suggested change
There was a problem hiding this comment. The word order I suggest makes it (somewhat) less likely that
Suggested change
|
||||||||||||||
| [[VC-BITSTRING-STATUS-LIST]]. | ||||||||||||||
| </p> | ||||||||||||||
| </section> | ||||||||||||||
| <section> | ||||||||||||||
| <h3>Storage Services</h3> | ||||||||||||||
| <p> | ||||||||||||||
| <strong>Storage Service (Issuer) •Storage Service (Verifier) • Storage | ||||||||||||||
|
There was a problem hiding this comment.
Suggested change
|
||||||||||||||
| Service (Holder) | ||||||||||||||
| </strong> | ||||||||||||||
| </p> | ||||||||||||||
| <p> | ||||||||||||||
| Each actor in the system is expected to store their own verifiable | ||||||||||||||
|
|
@@ -557,13 +558,13 @@ <h3>Storage Services</h3> | |||||||||||||
| <section> | ||||||||||||||
| <h3>Workflow Service</h3> | ||||||||||||||
| <p> | ||||||||||||||
| The <dfn>workflow service</dfn> provides a way for coordinators to automate | ||||||||||||||
| specific interactions for specific users. Each role (Holder, Issuer, and | ||||||||||||||
| Verifier) can run their own Workflow Service to create and manage exchanges that | ||||||||||||||
|
There was a problem hiding this comment.
Suggested change
|
||||||||||||||
| realize particular workflows. Administrators configure the workflow system to | ||||||||||||||
| support particular flows. Then, when the business rules justify it, coordinators | ||||||||||||||
| create exchanges at their Workflow Service and give authorized access to those | ||||||||||||||
| exchanges to any party. | ||||||||||||||
|
Comment on lines
+566
to
+567
There was a problem hiding this comment.
Suggested change
|
||||||||||||||
| </p> | ||||||||||||||
| </section> | ||||||||||||||
| <section> | ||||||||||||||
|
|
@@ -858,7 +859,7 @@ <h4>Holder Service</h4> | |||||||||||||
| that is expected to call the endpoint | ||||||||||||||
| </p> | ||||||||||||||
| <table class="simple api-component-table" | ||||||||||||||
| data-api-path="/credentials/derive /credentials/{id} /presentations /presentations/{id}"></table> | ||||||||||||||
|
|
||||||||||||||
| <h4>Workflow Service</h4> | ||||||||||||||
| <p> | ||||||||||||||
|
|
@@ -928,6 +929,23 @@ <h4>Update Status</h4> | |||||||||||||
| data-api-endpoint="post /credentials/status"></div> | ||||||||||||||
| </section> | ||||||||||||||
|
|
||||||||||||||
| <section> | ||||||||||||||
| <h4>Delete a Specific Credential</h4> | ||||||||||||||
| <p> | ||||||||||||||
| An [=issuer service=] or a [=holder service=] might store an issued | ||||||||||||||
| [=verifiable credential=] for an extended period of time. When this is done, | ||||||||||||||
| it can be useful to delete such a [=verifiable credential=]. An [=issuer=] | ||||||||||||||
| might need to do so because of regulatory requirements such as | ||||||||||||||
| <a href="https://en.wikipedia.org/wiki/Right_to_be_forgotten"> | ||||||||||||||
|
Comment on lines
+937
to
+939
There was a problem hiding this comment.
Suggested change
|
||||||||||||||
| the right to be forgotten</a>. See Section [[[#deletion]]] for additional | ||||||||||||||
| considerations related to the removal of [=verifiable credentials=] from | ||||||||||||||
| systems. | ||||||||||||||
|
There was a problem hiding this comment. +1 to this. We might want to consider some additional feature which would be more of a "prune" operation than a "delete", whereby the VC isn't deleted entirely, but its There was a problem hiding this comment. @PatStLouis noted that deleting the VC would need to delete any "linked" information -- including possibly revoking the credential? The group discussed some of this on the 2025-06-24 call and came to the following conclusions:
There was a problem hiding this comment. I don't know that an issuer instance would necessarily "know" to "revoke" (or change any other status bit for any other status "purpose") when deletion is performed. I think an individual implementation could implement some stops/checks that would prevent deletion via a special configuration, but I don't think it would necessarily be easy to have some default behavior based solely on the "revocation" purpose. What about "suspension"? What about other custom purposes? It seems setting an expectation or special case for "revocation" would lead to more confusion with the DELETE function, not less. I would say, instead, that we should keep the deletion operation at this level separate and simple. We should say that custom configurations can prevent deletion for any reason (including checking arbitrary status values or for other existing "linked" information) and provide an appropriate error that would signal that a client needs to run other operations using the VC API (e.g., flip status bits) in order to enable deletion. This approach would also avoid creating multiple ways / mechanisms for changing status. |
||||||||||||||
| </p> | ||||||||||||||
|
|
||||||||||||||
| <div class="api-detail" | ||||||||||||||
| data-api-endpoint="delete /credentials/{id}"></div> | ||||||||||||||
| </section> | ||||||||||||||
|
|
||||||||||||||
| </section> | ||||||||||||||
|
|
||||||||||||||
| <section> | ||||||||||||||
|
|
||||||||||||||
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
It seems odd to have this
Verifiable Credentialswhere the rest of the paragraph uses theVCabbreviation. I'm suggesting to abbreviate this one, to make the paragraph internally consistent, believing that there's aVerifiable Credentials (VCs)or similar earlier in the document. The whole document should optimally be made consistent, likely with<dfn>tags applied to the appropriate (usually first) instance and<a>tags applied to the rest, and usingVCin most instances.