Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add verifying of expiration date #296

Open
Harasz opened this issue May 12, 2022 · 2 comments
Open

Add verifying of expiration date #296

Harasz opened this issue May 12, 2022 · 2 comments

Comments

@Harasz
Copy link

Harasz commented May 12, 2022

Hi team,
Verifiable Credentials Data Model has a expiration date, from what I can see currently DIDKit is not checking this date during verification. Does it not implemented yet or there is another reason?

@clehner
Copy link
Contributor

clehner commented Jun 10, 2022

Hi @Harasz,
You're correct, it is not checked; currently only the issuer property (or iss JWT claim) is checked, for correspondence with a proof object (or JWS) that verifies. Other VC Data Model properties must be checked by the caller. The analogous exp claim in JWT VCs is checked though. Relevant source code:
https://github.com/spruceid/ssi/blob/351c9238622cf39330297ea4d91931d6dcee0386/src/vc.rs#L2035-L2061
https://github.com/spruceid/ssi/blob/351c9238622cf39330297ea4d91931d6dcee0386/src/vc.rs#L2091-L2159

We're unsure how to go about deciding what additional checks to perform. In VC API there was a "checks" option for the caller to pass what checks to perform (e.g. "proof" and "credentialStatus"), but this was removed: w3c/vc-di-ed25519signature2020-test-suite#3 (but it is still supported in didkit-http for credential status / revocation list checking). So I think we may need to either agree on a new set of default checks, or add back the checks option or similar mechanism.

@Harasz
Copy link
Author

Harasz commented Jun 13, 2022

Checks option sounds good.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

2 participants