[proposal] Support versionTime
parameter when issuing a verifiable credential
#1201
Labels
enhancement
New feature or request
When verifying a credential, the issuer id is resolved as-is. When the id is a DID
did:example:foo
, the credential is verified against the current version of the DID document. If a verification method is removed, all credentials signed with that key will become invalid. Depending on the use case, this can be the intended behavior or can be problematic.The DID standard defines the
versionTime
parameter which resolves to the version of the DID document that was valid at a certain time. Typically, usingversionTime
the result is immutable.While not defined specifically like this in the VC standard, the
versionTime
parameter can be added to theissuer
id to ensure that VCs aren't implicitly revoked when the DID document is modified. This should work with all verifiers, as they'll resolve the identifier as-is and should remove any parameters.In
createVerifiableCredential
, the issuer is extracted from the verifiable credential and used to look up the identifier from the manager.https://github.com/uport-project/veramo/blob/6981e6845d6f90d7b0c8dd6e0117b73dfd8edfb9/packages/credential-w3c/src/action-handler.ts#L209-L220
It should remove the DID parameters (or just
versionTime
) when looking up the identifier.The alternative would be to always add
versionTime
when resolving a DID for verifying a credential. However, the standard doesn't indicate that that's the correct behavior.The text was updated successfully, but these errors were encountered: