From d5deb94a0a21949b51d56f0ab275def39b176fa2 Mon Sep 17 00:00:00 2001 From: Giuseppe De Marco Date: Fri, 4 Oct 2024 10:49:07 +0200 Subject: [PATCH 1/3] feat: non normative section about the credential revocation checks from the RP perspective --- docs/en/remote-flow.rst | 13 ++++++++++++- 1 file changed, 12 insertions(+), 1 deletion(-) diff --git a/docs/en/remote-flow.rst b/docs/en/remote-flow.rst index c1cf8796..78f4a4d4 100644 --- a/docs/en/remote-flow.rst +++ b/docs/en/remote-flow.rst @@ -3,7 +3,6 @@ .. _Trust Model: trust.html - Remote Flow =========== @@ -500,6 +499,18 @@ MDOC-CBOR Presentation TBD. +Revocation Checks +~~~~~~~~~~~~~~~~~ + +The revocation mechanisms that the Relying Parties MUST implement are defined in the section (:ref:`Revocations `). + +In the context of Digital Credential evaluation, any Relying Parties (RPs) establishes internal policies that define the meaning and value of presented credentials. This is particularly important in scenarios where a Credential may be suspended but still holds value for certain purposes. For example, a suspended mobile driving license might still be valid for verifying the age of the holder. + +The process begins with the RP requesting specific Credentials from the holder. This request should align with the RP's requirements and the context in which the Credentials will be used. The Holder then responds by releasing the requested Credentials. + +Upon receiving the Credentials, the Relying Party evaluates their validity and value based on its internal policies. This evaluation considers the current status of the Credential (e.g., active, suspended, revoked) and the specific use case for which the Credential is being presented. + +Relying Partys should develop comprehensive internal policies that outline how different types of Credentials are to be evaluated. These policies should address scenarios where a Credential may be partially valid or have limited applicability. Flexibility in evaluation processes is important to accommodate various use cases. For instance, a Credential that is suspended for driving purposes might still be acceptable for age verification. Authorization Response Errors ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ From a8525bd71c9f37948ca72ea6159feb25e74800ad Mon Sep 17 00:00:00 2001 From: Giuseppe De Marco Date: Fri, 4 Oct 2024 10:54:58 +0200 Subject: [PATCH 2/3] Apply suggestions from code review --- docs/en/remote-flow.rst | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/docs/en/remote-flow.rst b/docs/en/remote-flow.rst index 78f4a4d4..05bd578a 100644 --- a/docs/en/remote-flow.rst +++ b/docs/en/remote-flow.rst @@ -504,9 +504,9 @@ Revocation Checks The revocation mechanisms that the Relying Parties MUST implement are defined in the section (:ref:`Revocations `). -In the context of Digital Credential evaluation, any Relying Parties (RPs) establishes internal policies that define the meaning and value of presented credentials. This is particularly important in scenarios where a Credential may be suspended but still holds value for certain purposes. For example, a suspended mobile driving license might still be valid for verifying the age of the holder. +In the context of Digital Credential evaluation, any Relying Parties (RPs) establishes internal policies that define the meaning and value of presented Credentials. This is particularly important in scenarios where a Credential may be suspended but still holds value for certain purposes. For example, a suspended mobile driving license might still be valid for verifying the age of the holder. -The process begins with the RP requesting specific Credentials from the holder. This request should align with the RP's requirements and the context in which the Credentials will be used. The Holder then responds by releasing the requested Credentials. +The process begins with the RP requesting specific Credentials from the Holder. This request should align with the Relying Party's requirements and the context in which the Credentials will be used. The Holder then responds by releasing the requested Credentials. Upon receiving the Credentials, the Relying Party evaluates their validity and value based on its internal policies. This evaluation considers the current status of the Credential (e.g., active, suspended, revoked) and the specific use case for which the Credential is being presented. From 4164111384fa863bc83ceafdd7122744fbf71cd3 Mon Sep 17 00:00:00 2001 From: Giuseppe De Marco Date: Wed, 9 Oct 2024 12:51:10 +0200 Subject: [PATCH 3/3] Apply suggestions from code review Co-authored-by: m-basili --- docs/en/remote-flow.rst | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/en/remote-flow.rst b/docs/en/remote-flow.rst index 05bd578a..d6b59809 100644 --- a/docs/en/remote-flow.rst +++ b/docs/en/remote-flow.rst @@ -510,7 +510,7 @@ The process begins with the RP requesting specific Credentials from the Holder. Upon receiving the Credentials, the Relying Party evaluates their validity and value based on its internal policies. This evaluation considers the current status of the Credential (e.g., active, suspended, revoked) and the specific use case for which the Credential is being presented. -Relying Partys should develop comprehensive internal policies that outline how different types of Credentials are to be evaluated. These policies should address scenarios where a Credential may be partially valid or have limited applicability. Flexibility in evaluation processes is important to accommodate various use cases. For instance, a Credential that is suspended for driving purposes might still be acceptable for age verification. +Relying Parties should develop comprehensive internal policies that outline how different types of Credentials are to be evaluated. These policies should address scenarios where a Credential may be partially valid or have limited applicability. Flexibility in evaluation processes is important to accommodate various use cases. For instance, a Credential that is suspended for driving purposes might still be acceptable for age verification. Authorization Response Errors ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~