Define VP Token Validation steps more granularly
Issue #1682
resolved
Current section on VP Token Validation is not really actionable. Even though Validation logic for each VP/VC is credential format specific (and this should be explicitly stated) the steps should be clear:
- determine number of VP(s) and which one contains which of the requested VC(s) using presentation_submission
- validate each VP
- validate each VC
- validate holder binding
- validate compliance to trust framework/verifier policy if any
- anything else?
Comments (3)
-
-
reporter
-
reporter
- changed status to resolved
PR merged
- Log in to comment
- Assignee
- –
- Type
- Priority
- Status
- resolved
- Component
- Verifiable Presentation
- Milestone
- Implementer's Draft
- Version
- –
- Votes
- 0
- Watchers
- 1
The spec should differentiate between validation and verification. Verification is actually what is being referred to here (cf Verifiable Credential). Validation is something that the application layer does after the VP and VCs have been verified. An application may deem a credential to be valid even if has failed verification e.g. a nightclub owner lets in a person with an expired ID card.