Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Definition of issuanceDate property (and its mapping to JWT claims) #844

Closed
Sakurann opened this issue Nov 24, 2021 · 7 comments
Closed

Definition of issuanceDate property (and its mapping to JWT claims) #844

Sakurann opened this issue Nov 24, 2021 · 7 comments
Labels
pending close Close if no objection within 7 days

Comments

@Sakurann
Copy link
Contributor

JWTs use iat for the issuance time, not nbf.

If nbf was chosen because issuanceDate definition is "the date and time the credential becomes valid, which could be a date and time in the future", then I suggest renaming issuanceDate to notBeforeDate or something.

Right now there is a discrepancy between the usage of nbf and the naming issuanceDate.
@dlongley
Copy link
Contributor

There are validFrom and validUntil properties that were discussed near the end of the version 1 work that didn't make the cut. Those will be considered in the next version and would provide better mappings to JWT.

There are notes on these properties in these sections in version 1:

https://w3c.github.io/vc-data-model/#issuance-date
https://w3c.github.io/vc-data-model/#expiration

@Sakurann
Copy link
Contributor Author

If properties other than issuanceDate are being considered to express "the date and time the credential becomes valid", I would suggest changing the definition of issuanceDate to be "the date when the credential was issued" and use iat claim in JWT encoding.

@OR13
Copy link
Contributor

OR13 commented Nov 29, 2021

I am very strongly in favor of v2 using validFrom and validUntil... and getting rid of the ambiguous "issuanceDate" and "expirationDate".

How these values might be mapped to JWT or JWP or LD Proofs is a separate concern from the normative definition in the v2 spec.

This issue title is imo not correct, it would be better to call it "Rename issuanceDate and expirationDate in v2"

And a separate issue for mapping all normatively defined VC Data Model fields to JWT or JWP or LD Proofs should be used to track those recommendations.

As a side note, the current domain of "issuanceDate" cannot be mapped to JWT without loosing information (leap seconds / time zones ).... which is exactly why we should not conflate the JWT claims with the normative terms defined in the VC Data Model 2.0...

@iherman
Copy link
Member

iherman commented Dec 2, 2021

The issue was discussed in a meeting on 2021-12-01

  • no resolutions were taken
View the transcript

3.5. use iat for the issuance time, or rename issuanceDate (issue vc-data-model#844)

See github issue vc-data-model#844.

Brent Zundel: This is pretty straightforward v2.0, any objections?.

Manu Sporny: No objections....

@Sakurann Sakurann changed the title use iat for the issuance time, or rename issuanceDate Rename issuanceDate in v2 and reconsider a JWT claim counterpart Dec 2, 2021
@OR13 OR13 mentioned this issue Dec 6, 2021
Merged
@alenhorvat
Copy link

alenhorvat commented Jan 27, 2022
edited
Loading

There are use cases that require three properties

  • issuanceDate (iat)
  • validFrom (nbf)
  • expirationDate/validUntil (exp)

Renaming issuance date and expiration date won't cover the use-cases

Cases (all are valid)

  1. nbf < iat <= current time
  2. nfb = iat <= current time
  3. iat <= current time < nbf

For us, fixing this is urgent (else we'll need to define a new schema for the "transition" period)

@clehner clehner mentioned this issue Feb 3, 2022
Open
@Sakurann Sakurann added vc-jwt? and removed v2.0 labels Jul 28, 2022
@OR13 OR13 mentioned this issue Aug 3, 2022
Closed
@iherman
Copy link
Member

iherman commented Aug 4, 2022

The issue was discussed in a meeting on 2022-08-03

  • no resolutions were taken
View the transcript

5.6. Rename issuanceDate in v2 and reconsider a JWT claim counterpart (issue vc-data-model#844)

See github issue vc-data-model#844.

Brent Zundel: Seems VC-JWT related.

Manu Sporny: I know that in the previous VC Data Model spec, we have warnings in there.

Orie Steele: This belongs in VC-JWT.

Manu Sporny: saying we would deprecate issuanceDate or something like that and replace it with validUntil.
… Feels like has some overlap with the main data model, as well as potentially VC-JWT..
… The JWT claim counterpart is definitely a JWT thing. But the rename issuanceDate is a VC Data Model thing..

Oliver Terbu: +1 manu.

Dave Longley: +1 to manu.

Manu Sporny: My suggestion is to not move it, but rename... and discuss in the Securing mechanisms.

Kristina Yasuda: Change description to focus on issuanceDate. Can open another issue....

Michael Jones: What my colleague said; open another issue..

Manu Sporny: +1 to Kristina and MikeJ.

Dave Longley: +1.

Orie Steele: +1.

Brent Zundel: Going ahead with removing the VC-JWT label. Moving forward.

@Sakurann Sakurann changed the title Rename issuanceDate in v2 and reconsider a JWT claim counterpart Definition of issuanceDate property (and its mapping to JWT claims) Aug 4, 2022
@Sakurann Sakurann added the pending close Close if no objection within 7 days label Nov 7, 2022
@Sakurann
Copy link
Contributor Author

Sakurann commented Nov 7, 2022

I think this can be closed in light of #913

@Sakurann Sakurann closed this as completed Nov 7, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
pending close Close if no objection within 7 days
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
6 participants
@dlongley @iherman @OR13 @brentzundel @alenhorvat @Sakurann