vc-data-model
vc-data-model copied to clipboard
w3c
Definition of issuanceDate property (and its mapping to JWT claims)
JWTs use iat for the issuance time, not nbf.
If nbf was chosen because issuanceDate definition is "the date and time the credential becomes valid, which could be a date and time in the future", then I suggest renaming issuanceDate to notBeforeDate or something.
Right now there is a discrepancy between the usage of nbf and the naming issuanceDate.
There are validFrom and validUntil properties that were discussed near the end of the version 1 work that didn't make the cut. Those will be considered in the next version and would provide better mappings to JWT.
There are notes on these properties in these sections in version 1:
https://w3c.github.io/vc-data-model/#issuance-date https://w3c.github.io/vc-data-model/#expiration
If properties other than issuanceDate are being considered to express "the date and time the credential becomes valid", I would suggest changing the definition of issuanceDate to be "the date when the credential was issued" and use iat claim in JWT encoding.
I am very strongly in favor of v2 using validFrom and validUntil... and getting rid of the ambiguous "issuanceDate" and "expirationDate".
How these values might be mapped to JWT or JWP or LD Proofs is a separate concern from the normative definition in the v2 spec.
This issue title is imo not correct, it would be better to call it "Rename issuanceDate and expirationDate in v2"
And a separate issue for mapping all normatively defined VC Data Model fields to JWT or JWP or LD Proofs should be used to track those recommendations.
As a side note, the current domain of "issuanceDate" cannot be mapped to JWT without loosing information (leap seconds / time zones ).... which is exactly why we should not conflate the JWT claims with the normative terms defined in the VC Data Model 2.0...
The issue was discussed in a meeting on 2021-12-01
- no resolutions were taken
View the transcript
3.5. use iat for the issuance time, or rename issuanceDate (issue vc-data-model#844)
See github issue vc-data-model#844.
Brent Zundel: This is pretty straightforward v2.0, any objections?.
Manu Sporny: No objections....
There are use cases that require three properties
- issuanceDate (iat)
- validFrom (nbf)
- expirationDate/validUntil (exp)
Renaming issuance date and expiration date won't cover the use-cases
Cases (all are valid)
- nbf < iat <= current time
- nfb = iat <= current time
- iat <= current time < nbf
For us, fixing this is urgent (else we'll need to define a new schema for the "transition" period)
The issue was discussed in a meeting on 2022-08-03
- no resolutions were taken
View the transcript
5.6. Rename issuanceDate in v2 and reconsider a JWT claim counterpart (issue vc-data-model#844)
See github issue vc-data-model#844.
Brent Zundel: Seems VC-JWT related.
Manu Sporny: I know that in the previous VC Data Model spec, we have warnings in there.
Orie Steele: This belongs in VC-JWT.
Manu Sporny: saying we would deprecate issuanceDate or something like that and replace it with validUntil.
… Feels like has some overlap with the main data model, as well as potentially VC-JWT..
… The JWT claim counterpart is definitely a JWT thing. But the rename issuanceDate is a VC Data Model thing..
Oliver Terbu: +1 manu.
Dave Longley: +1 to manu.
Manu Sporny: My suggestion is to not move it, but rename... and discuss in the Securing mechanisms.
Kristina Yasuda: Change description to focus on issuanceDate. Can open another issue....
Michael Jones: What my colleague said; open another issue..
Manu Sporny: +1 to Kristina and MikeJ.
Dave Longley: +1.
Orie Steele: +1.
Brent Zundel: Going ahead with removing the VC-JWT label. Moving forward.