From 740cd8ea5bcf5eb7af675ccf6ae2a4b6a7dc3a47 Mon Sep 17 00:00:00 2001 From: mprorock Date: Wed, 24 May 2023 10:04:15 -0600 Subject: [PATCH 01/23] chore: initial additions for better caching guidance and backwards compatible support for multiple status value support in a single status list --- index.html | 97 +++++++++++++++++++++++++++++++++++++++++++++--------- 1 file changed, 82 insertions(+), 15 deletions(-) diff --git a/index.html b/index.html index 785bd1e..b85464a 100644 --- a/index.html +++ b/index.html @@ -354,7 +354,7 @@

StatusList2021Entry

statusListIndex The statusListIndex property MUST be an arbitrary size integer -greater than or equal to 0, expressed as a string. The value identifies the bit +greater than or equal to 0, expressed as a string. The value identifies the position of the status of the verifiable credential. @@ -446,11 +446,7 @@

StatusList2021Credential

The latest point in time at which the status list is valid. This property is defined in the Verifiable Credentials Data Model specification in -Section 4.6: Validity Period. Implementations that consume the status list -SHOULD cache the status list verifiable credential until this -time. Implementations that publish the status list are expected to align -any protocol-specific caching information, such as the HTTP `Cache-Control` -header, with the value in this field. +Section 4.6: Validity Period. @@ -488,6 +484,14 @@

StatusList2021Credential

This status is reversible. + + status + +Used to indicate a status message associated with a verifiable credential. +The status message descriptions MUST be defined in credentialSubject.message. +credentialSubject.size MUST be defined with this statusPurpose. + + @@ -507,7 +511,66 @@

StatusList2021Credential

. - + + + credentialSubject.ttl + + + The ttl indicates the "time to live" in milliseconds. + This property MAY be present, but if not present, implementers MUST + use a value of 300000 for this property. A verifier + MUST not use a cached StatusList2021Credential that was + cached more for more than the ttl duration prior to the + start of verification operation on a verifiable credential. + Implementations that publish the status list SHOULD align + any protocol-specific caching information, such as the + HTTP `Cache-Control` header, with the value in this field. + + + + + credentialSubject.size + + + The size indicates the size of the status entry in bits. + If size is omitted then the size of each status entry is assumed to be + 1 bit (and therefore capable of capturing a boolean status). + size MAY be provided, but if size is not present + as a property of the credentialSubject then size + MUST be processed as 1. size MUST be greater than zero. + if size is provided, and is greater than 1, then the property + credentialSubject.message MUST be present, and the number of + status messages must equal the number of possible values. + + + + + credentialSubject.message + + + The message property MUST be an array, and if present + the length of the array must equal the number of possible status states + indicated by size. message MAY be present if + size is 1. message MUST be present if + size is greater than 1. If not present, the message value + associated with the bit value of 0 is "unset" and the bit + value of 1 is "set". + Elements in the message array if present, MUST contain at + minimum two properties: + + Implementers MAY add additional values to objects in the message + array. + Implementers MAY use the string value of undefined in the value + to indidate that a status corresponding is not definied for the associated + status value, but that it may be definied in the future. + Rules for how to handle various status messages are outside the scope of + normative reuqirements in this document, but it is assumed that implementers + SHOULD and will document rules for processing various status codes. + + @@ -620,12 +683,15 @@

Validate Algorithm

Bitstring Expansion Algorithm.
  • -Let status be the value of the bit at position -credentialIndex in the revocation bitstring. +Let status be the value at position indicated by the +credentialIndex times the size in the +revocation bitstring.
  • -Return true if status is 1, false -otherwise. +For statusPurpose of revocation or suspension +return true if status is 1, false +otherwise. Otherwise, return the corresponding value of the status +as indicated in the message array.
    • @@ -645,10 +711,11 @@

    Bitstring Generation Algorithm

    where each bit is initialized to 0 (zero).
  • -For each bit in bitstring, if there is a -corresponding statusListIndex value in -a revoked credential in issuedCredentials, set the bit to -1 (one), otherwise set the bit to 0 (zero). +For each value in bitstring, if there is a +corresponding statusListIndex value in +a credential in issuedCredentials, set the value to the +appropriate status. The position of the value is computed as statusListIndex +times the size.
  • Generate a compressed bitstring by using the GZIP From e58c806232b982a9e7f0fe1eb03d1adfe5764460 Mon Sep 17 00:00:00 2001 From: Mike Prorock Date: Wed, 24 May 2023 12:29:58 -0400 Subject: [PATCH 02/23] Apply suggestions from code review thanks! Co-authored-by: Brent Zundel --- index.html | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/index.html b/index.html index b85464a..9724b36 100644 --- a/index.html +++ b/index.html @@ -488,8 +488,8 @@

    StatusList2021Credential

    status Used to indicate a status message associated with a verifiable credential. -The status message descriptions MUST be defined in credentialSubject.message. -credentialSubject.size MUST be defined with this statusPurpose. +The status message descriptions MUST be defined in credentialStatus.message. +credentialStatus.size MUST be defined with this statusPurpose. @@ -513,13 +513,13 @@

    StatusList2021Credential

    - credentialSubject.ttl + credentialStatus.ttl The ttl indicates the "time to live" in milliseconds. This property MAY be present, but if not present, implementers MUST use a value of 300000 for this property. A verifier - MUST not use a cached StatusList2021Credential that was + MUST NOT use a cached StatusList2021Credential that was cached more for more than the ttl duration prior to the start of verification operation on a verifiable credential. Implementations that publish the status list SHOULD align @@ -529,23 +529,23 @@

    StatusList2021Credential

    - credentialSubject.size + credentialStatus.size The size indicates the size of the status entry in bits. If size is omitted then the size of each status entry is assumed to be 1 bit (and therefore capable of capturing a boolean status). size MAY be provided, but if size is not present - as a property of the credentialSubject then size + as a property of the credentialStatus then size MUST be processed as 1. size MUST be greater than zero. if size is provided, and is greater than 1, then the property - credentialSubject.message MUST be present, and the number of + credentialStatus.message MUST be present, and the number of status messages must equal the number of possible values. - credentialSubject.message + credentialStatus.message The message property MUST be an array, and if present From 84cc35d9bcfab4bdb0e8c44585875f939ce90d3c Mon Sep 17 00:00:00 2001 From: mprorock Date: Wed, 24 May 2023 10:33:31 -0600 Subject: [PATCH 03/23] chore: add issue tracker for examples --- index.html | 1 + 1 file changed, 1 insertion(+) diff --git a/index.html b/index.html index 9724b36..72a00a3 100644 --- a/index.html +++ b/index.html @@ -490,6 +490,7 @@

    StatusList2021Credential

    Used to indicate a status message associated with a verifiable credential. The status message descriptions MUST be defined in credentialStatus.message. credentialStatus.size MUST be defined with this statusPurpose. +

    We need to add an example for multiple status codes

    From 0160a27788dd7e3864fcb413df504660221623b3 Mon Sep 17 00:00:00 2001 From: Mike Prorock Date: Wed, 24 May 2023 21:17:51 -0600 Subject: [PATCH 04/23] Correct a typo Co-authored-by: Dave Longley --- index.html | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/index.html b/index.html index 72a00a3..b72eca8 100644 --- a/index.html +++ b/index.html @@ -521,7 +521,7 @@

    StatusList2021Credential

    This property MAY be present, but if not present, implementers MUST use a value of 300000 for this property. A verifier MUST NOT use a cached StatusList2021Credential that was - cached more for more than the ttl duration prior to the + cached for more than the ttl duration prior to the start of verification operation on a verifiable credential. Implementations that publish the status list SHOULD align any protocol-specific caching information, such as the From 4caa8d39479e03150e02cd0d9388f0fc8dccb2f8 Mon Sep 17 00:00:00 2001 From: Mike Prorock Date: Wed, 24 May 2023 21:18:30 -0600 Subject: [PATCH 05/23] Correct typos Co-authored-by: Dave Longley --- index.html | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/index.html b/index.html index b72eca8..1126b2d 100644 --- a/index.html +++ b/index.html @@ -565,7 +565,7 @@

    StatusList2021Credential

    Implementers MAY add additional values to objects in the message array. Implementers MAY use the string value of undefined in the value - to indidate that a status corresponding is not definied for the associated + to indicate that a status corresponding is not defined for the associated status value, but that it may be definied in the future. Rules for how to handle various status messages are outside the scope of normative reuqirements in this document, but it is assumed that implementers From 08e4d5372ab8aed064b1f195c523d19da00d4fb2 Mon Sep 17 00:00:00 2001 From: Mike Prorock Date: Tue, 6 Jun 2023 10:30:04 -0400 Subject: [PATCH 06/23] remove a double space Co-authored-by: Dave Longley --- index.html | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/index.html b/index.html index 1126b2d..def6db8 100644 --- a/index.html +++ b/index.html @@ -715,7 +715,7 @@

    Bitstring Generation Algorithm

    For each value in bitstring, if there is a corresponding statusListIndex value in a credential in issuedCredentials, set the value to the -appropriate status. The position of the value is computed as statusListIndex +appropriate status. The position of the value is computed as statusListIndex times the size.
  • From 982ca01ce1183ec99e84bcdc59b83b28acf8c93c Mon Sep 17 00:00:00 2001 From: Mike Prorock Date: Tue, 6 Jun 2023 11:35:04 -0400 Subject: [PATCH 07/23] improve language for just bitstring since we have multiple purposes --- index.html | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/index.html b/index.html index def6db8..a28e8f4 100644 --- a/index.html +++ b/index.html @@ -686,7 +686,7 @@

    Validate Algorithm

  • Let status be the value at position indicated by the credentialIndex times the size in the -revocation bitstring. +bitstring.
  • For statusPurpose of revocation or suspension From b75fb1ab7d6dc9775793dcb7bccaaac07b35026f Mon Sep 17 00:00:00 2001 From: Mike Prorock Date: Wed, 7 Jun 2023 10:01:01 -0400 Subject: [PATCH 08/23] clean up formatting from code review Co-authored-by: Ted Thibodeau Jr --- index.html | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/index.html b/index.html index a28e8f4..b5ef131 100644 --- a/index.html +++ b/index.html @@ -535,11 +535,11 @@

    StatusList2021Credential

    The size indicates the size of the status entry in bits. If size is omitted then the size of each status entry is assumed to be - 1 bit (and therefore capable of capturing a boolean status). + one bit (and therefore capable of capturing a boolean status). size MAY be provided, but if size is not present as a property of the credentialStatus then size - MUST be processed as 1. size MUST be greater than zero. - if size is provided, and is greater than 1, then the property + MUST be processed as `1`. size MUST be greater than zero. + if size is provided, and is greater than `1`, then the property credentialStatus.message MUST be present, and the number of status messages must equal the number of possible values. @@ -552,8 +552,8 @@

    StatusList2021Credential

    The message property MUST be an array, and if present the length of the array must equal the number of possible status states indicated by size. message MAY be present if - size is 1. message MUST be present if - size is greater than 1. If not present, the message value + size is `1`. message MUST be present if + size is greater than `1`. If not present, the message value associated with the bit value of 0 is "unset" and the bit value of 1 is "set". Elements in the message array if present, MUST contain at @@ -690,7 +690,7 @@

    Validate Algorithm

  • For statusPurpose of revocation or suspension -return true if status is 1, false +return true if status is `1`, false otherwise. Otherwise, return the corresponding value of the status as indicated in the message array.
    • From a59a9ddbe30456a5e7ba0a01c30a561d01950a4a Mon Sep 17 00:00:00 2001 From: mprorock Date: Mon, 12 Jun 2023 10:49:19 -0600 Subject: [PATCH 09/23] chore: updates after a careful read and incorporating an external reference if required --- index.html | 59 +++++++++++++++++++++++++++++++++++++++++++++++++----- 1 file changed, 54 insertions(+), 5 deletions(-) diff --git a/index.html b/index.html index b5ef131..5cbe335 100644 --- a/index.html +++ b/index.html @@ -488,8 +488,8 @@

    StatusList2021Credential

    status Used to indicate a status message associated with a verifiable credential. -The status message descriptions MUST be defined in credentialStatus.message. -credentialStatus.size MUST be defined with this statusPurpose. +The status message descriptions MUST be defined in credentialSubject.message. +credentialSubject.size MUST be defined with this statusPurpose.

    We need to add an example for multiple status codes

    @@ -514,7 +514,7 @@

    StatusList2021Credential

    - credentialStatus.ttl + credentialSubject.ttl The ttl indicates the "time to live" in milliseconds. @@ -530,7 +530,7 @@

    StatusList2021Credential

    - credentialStatus.size + credentialSubject.size The size indicates the size of the status entry in bits. @@ -546,7 +546,7 @@

    StatusList2021Credential

    - credentialStatus.message + credentialSubject.message The message property MUST be an array, and if present @@ -564,6 +564,12 @@

    StatusList2021Credential

    Implementers MAY add additional values to objects in the message array. + Implementers MAY add a boolean value to elements in the message + named verify which adds an instruction to verifiers where if the + value of verify is true the verifier SHOULD not + use the status to reject verification of the verifiable credential. If the + value of verify is false, then a verifier SHOULD + NOT verify the verifiable credential. Implementers MAY use the string value of undefined in the value to indicate that a status corresponding is not defined for the associated status value, but that it may be definied in the future. @@ -572,6 +578,23 @@

    StatusList2021Credential

    SHOULD and will document rules for processing various status codes. + + + credentialSubject.reference + + + The reference property provides a point for implementers to + include a [[URL]] to material related to the status. An implementer MAY include + the reference property, and if they do, the value MUST be a + [[URL]] or an array of URLs. Implementers using a `statusPurpose` of `status` + are strongly encouraged to provide a reference. +

    + reference is especially important when interpertation of the + status for a credential may involve some understanding of the business case + involved. +

    + + @@ -594,6 +617,32 @@

    StatusList2021Credential

    "proof": { ... } } + 
    +          {
+            "@context": [
+              "https://www.w3.org/2018/credentials/v1",
+              "https://w3id.org/vc/status-list/2021/v1"
+            ],
+            "id": "https://example.com/credentials/status/3",
+            "type": ["VerifiableCredential", "StatusList2021Credential"],
+            "issuer": "did:example:12345",
+            "issued": "2021-04-05T14:27:40Z",
+            "credentialSubject": {
+              "id": "https://example.com/status/3#list",
+              "type": "StatusList2021",
+              "ttl": 500,
+              "statusPurpose": "status",
+              "reference": "https://example.org/status-dictionary/"
+              "message": [ 
+                  {"status":"0x0", "value":"valid", "verify": true},
+                  {"status":"0x1", "value":"invalid", "verify": false},
+                  {"status":"0x2", "value":"pending_review", "verify": true},
+                  ...
+              ],
+              "encodedList": "H4sIAAAAAAAAA-3BMQEAAADAAAAAAAAAAAAAAAAAAAAAAAAAAAIC3AYbSVKsAQAAA"
+            }
+          }
+
    From 73cd8865efd194831999ba4d5b2d915c40018136 Mon Sep 17 00:00:00 2001 From: Mike Prorock Date: Tue, 13 Jun 2023 13:27:47 -0400 Subject: [PATCH 10/23] update message to statusMessages for array name based on code review --- index.html | 22 +++++++++++----------- 1 file changed, 11 insertions(+), 11 deletions(-) diff --git a/index.html b/index.html index 5cbe335..acebc7d 100644 --- a/index.html +++ b/index.html @@ -488,7 +488,7 @@

    StatusList2021Credential

    status Used to indicate a status message associated with a verifiable credential. -The status message descriptions MUST be defined in credentialSubject.message. +The status message descriptions MUST be defined in credentialSubject.statusMessages. credentialSubject.size MUST be defined with this statusPurpose.

    We need to add an example for multiple status codes

    @@ -540,31 +540,31 @@

    StatusList2021Credential

    as a property of the credentialStatus then size MUST be processed as `1`. size MUST be greater than zero. if size is provided, and is greater than `1`, then the property - credentialStatus.message MUST be present, and the number of + credentialStatus.statusMessages MUST be present, and the number of status messages must equal the number of possible values. - credentialSubject.message + credentialSubject.statusMessages - The message property MUST be an array, and if present + The statusMessages property MUST be an array, and if present the length of the array must equal the number of possible status states - indicated by size. message MAY be present if - size is `1`. message MUST be present if + indicated by size. statusMessages MAY be present if + size is `1`. statusMessages MUST be present if size is greater than `1`. If not present, the message value associated with the bit value of 0 is "unset" and the bit value of 1 is "set". - Elements in the message array if present, MUST contain at + Elements in the statusMessages array if present, MUST contain at minimum two properties:
    • status being a string of the hex value of the status
    • value a string containing the associated message
    - Implementers MAY add additional values to objects in the message + Implementers MAY add additional values to objects in the statusMessages array. - Implementers MAY add a boolean value to elements in the message + Implementers MAY add a boolean value to elements in the statusMessages named verify which adds an instruction to verifiers where if the value of verify is true the verifier SHOULD not use the status to reject verification of the verifiable credential. If the @@ -633,7 +633,7 @@

    StatusList2021Credential

    "ttl": 500, "statusPurpose": "status", "reference": "https://example.org/status-dictionary/" - "message": [ + "statusMessages": [ {"status":"0x0", "value":"valid", "verify": true}, {"status":"0x1", "value":"invalid", "verify": false}, {"status":"0x2", "value":"pending_review", "verify": true}, @@ -741,7 +741,7 @@

    Validate Algorithm

    For statusPurpose of revocation or suspension return true if status is `1`, false otherwise. Otherwise, return the corresponding value of the status -as indicated in the message array. +as indicated in the statusMessages array. From b4b48bfb7e24614193cdcc0721debfa2abaf06c6 Mon Sep 17 00:00:00 2001 From: Mike Prorock Date: Wed, 14 Jun 2023 11:35:39 -0400 Subject: [PATCH 11/23] improve example Co-authored-by: Kristina <52878547+Sakurann@users.noreply.github.com> --- index.html | 1 + 1 file changed, 1 insertion(+) diff --git a/index.html b/index.html index acebc7d..ed40bcd 100644 --- a/index.html +++ b/index.html @@ -633,6 +633,7 @@

    StatusList2021Credential

    "ttl": 500, "statusPurpose": "status", "reference": "https://example.org/status-dictionary/" + "size": 2 "statusMessages": [ {"status":"0x0", "value":"valid", "verify": true}, {"status":"0x1", "value":"invalid", "verify": false}, From 08174ee7ce945941eff05feed9721a7e35a95669 Mon Sep 17 00:00:00 2001 From: Mike Prorock Date: Wed, 14 Jun 2023 11:39:05 -0400 Subject: [PATCH 12/23] remove redundancy in language Co-authored-by: Kristina <52878547+Sakurann@users.noreply.github.com> --- index.html | 2 -- 1 file changed, 2 deletions(-) diff --git a/index.html b/index.html index ed40bcd..9c68057 100644 --- a/index.html +++ b/index.html @@ -534,8 +534,6 @@

    StatusList2021Credential

    The size indicates the size of the status entry in bits. - If size is omitted then the size of each status entry is assumed to be - one bit (and therefore capable of capturing a boolean status). size MAY be provided, but if size is not present as a property of the credentialStatus then size MUST be processed as `1`. size MUST be greater than zero. From 637b9470b7d555b63b035c341acf97e7cd94594e Mon Sep 17 00:00:00 2001 From: Mike Prorock Date: Wed, 14 Jun 2023 11:40:03 -0400 Subject: [PATCH 13/23] clarify that size is an int --- index.html | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/index.html b/index.html index 9c68057..06da1f9 100644 --- a/index.html +++ b/index.html @@ -536,7 +536,7 @@

    StatusList2021Credential

    The size indicates the size of the status entry in bits. size MAY be provided, but if size is not present as a property of the credentialStatus then size - MUST be processed as `1`. size MUST be greater than zero. + MUST be processed as `1`. size MUST be an integer greater than zero. if size is provided, and is greater than `1`, then the property credentialStatus.statusMessages MUST be present, and the number of status messages must equal the number of possible values. From 2e84cb656b23acc311126931001732ce4ae27f83 Mon Sep 17 00:00:00 2001 From: Mike Prorock Date: Wed, 14 Jun 2023 11:53:02 -0400 Subject: [PATCH 14/23] add a default behavior for 0 and 1 to match revocation and suspension --- index.html | 3 +++ 1 file changed, 3 insertions(+) diff --git a/index.html b/index.html index 06da1f9..adacb1c 100644 --- a/index.html +++ b/index.html @@ -568,6 +568,9 @@

    StatusList2021Credential

    use the status to reject verification of the verifiable credential. If the value of verify is false, then a verifier SHOULD NOT verify the verifiable credential. + If verify is present, then the values of `0` and `1` should + be processed identically to the values of `0` and `1` in a status list with a + statusPurpose of suspension. Implementers MAY use the string value of undefined in the value to indicate that a status corresponding is not defined for the associated status value, but that it may be definied in the future. From fc40fb3fc892f27a04f49736e4ed061ce22361ea Mon Sep 17 00:00:00 2001 From: Mike Prorock Date: Wed, 14 Jun 2023 11:55:48 -0400 Subject: [PATCH 15/23] Correct a typo Co-authored-by: Brent Zundel --- index.html | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/index.html b/index.html index adacb1c..7439749 100644 --- a/index.html +++ b/index.html @@ -568,7 +568,7 @@

    StatusList2021Credential

    use the status to reject verification of the verifiable credential. If the value of verify is false, then a verifier SHOULD NOT verify the verifiable credential. - If verify is present, then the values of `0` and `1` should + If verify is present, then the values of `0` and `1` should be processed identically to the values of `0` and `1` in a status list with a statusPurpose of suspension. Implementers MAY use the string value of undefined in the value From b0d3456136933be2702ec5d0b957587966c24cd7 Mon Sep 17 00:00:00 2001 From: Mike Prorock Date: Fri, 16 Jun 2023 15:32:33 -0400 Subject: [PATCH 16/23] grammar improvements from code review Co-authored-by: Ted Thibodeau Jr --- index.html | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/index.html b/index.html index 7439749..3362d81 100644 --- a/index.html +++ b/index.html @@ -534,10 +534,10 @@

    StatusList2021Credential

    The size indicates the size of the status entry in bits. - size MAY be provided, but if size is not present - as a property of the credentialStatus then size + size MAY be provided. If size is not present + as a property of the credentialStatus, then size MUST be processed as `1`. size MUST be an integer greater than zero. - if size is provided, and is greater than `1`, then the property + If size is provided and is greater than `1`, then the property credentialStatus.statusMessages MUST be present, and the number of status messages must equal the number of possible values. @@ -547,18 +547,18 @@

    StatusList2021Credential

    credentialSubject.statusMessages - The statusMessages property MUST be an array, and if present + The statusMessages property MUST be an array. If present, the length of the array must equal the number of possible status states indicated by size. statusMessages MAY be present if size is `1`. statusMessages MUST be present if size is greater than `1`. If not present, the message value associated with the bit value of 0 is "unset" and the bit value of 1 is "set". - Elements in the statusMessages array if present, MUST contain at + If present, elements in the statusMessages array MUST contain at minimum two properties:
      -
    • status being a string of the hex value of the status
      • -
    • value a string containing the associated message
      • +
    • status, being a string of the hex value of the status
      • +
    • value, being a string containing the associated message
    Implementers MAY add additional values to objects in the statusMessages array. From c66ba7da58e5548949ab5931f8f71d13cb26284f Mon Sep 17 00:00:00 2001 From: Mike Prorock Date: Tue, 20 Jun 2023 09:18:41 -0400 Subject: [PATCH 17/23] Apply suggestions from code review re phrasing Co-authored-by: Ted Thibodeau Jr --- index.html | 21 +++++++++++---------- 1 file changed, 11 insertions(+), 10 deletions(-) diff --git a/index.html b/index.html index 3362d81..2a54754 100644 --- a/index.html +++ b/index.html @@ -518,7 +518,7 @@

    StatusList2021Credential

    The ttl indicates the "time to live" in milliseconds. - This property MAY be present, but if not present, implementers MUST + This property MAY be present. If not present, implementers MUST use a value of 300000 for this property. A verifier MUST NOT use a cached StatusList2021Credential that was cached for more than the ttl duration prior to the @@ -735,14 +735,15 @@

    Validate Algorithm

    Bitstring Expansion Algorithm.
  • -Let status be the value at position indicated by the +Let status be the value at the position indicated by the credentialIndex times the size in the bitstring.
  • -For statusPurpose of revocation or suspension -return true if status is `1`, false -otherwise. Otherwise, return the corresponding value of the status +For statusPurpose of revocation or suspension, +return true if status is `1`, and return false +if status has any other value. For other statusPurpose, +return the corresponding value of the status as indicated in the statusMessages array.
    • @@ -763,11 +764,11 @@

    Bitstring Generation Algorithm

    where each bit is initialized to 0 (zero).
  • -For each value in bitstring, if there is a -corresponding statusListIndex value in -a credential in issuedCredentials, set the value to the -appropriate status. The position of the value is computed as statusListIndex -times the size. +For each value in bitstring, if there is a +corresponding statusListIndex value in +a credential in issuedCredentials, set the value to the +appropriate status. The position of the value is computed as statusListIndex +times the size.
  • Generate a compressed bitstring by using the GZIP From f9e84f470d23b4318d50c73c79790db60131f701 Mon Sep 17 00:00:00 2001 From: Mike Prorock Date: Tue, 20 Jun 2023 18:50:10 -0400 Subject: [PATCH 18/23] remove verify property per special topic call --- index.html | 12 +++--------- 1 file changed, 3 insertions(+), 9 deletions(-) diff --git a/index.html b/index.html index 2a54754..3c54f1d 100644 --- a/index.html +++ b/index.html @@ -562,15 +562,9 @@

    StatusList2021Credential

    Implementers MAY add additional values to objects in the statusMessages array. - Implementers MAY add a boolean value to elements in the statusMessages - named verify which adds an instruction to verifiers where if the - value of verify is true the verifier SHOULD not use the status to reject verification of the verifiable credential. If the value of verify is false, then a verifier SHOULD NOT verify the verifiable credential. - If verify is present, then the values of `0` and `1` should - be processed identically to the values of `0` and `1` in a status list with a - statusPurpose of suspension. Implementers MAY use the string value of undefined in the value to indicate that a status corresponding is not defined for the associated status value, but that it may be definied in the future. @@ -636,9 +630,9 @@

    StatusList2021Credential

    "reference": "https://example.org/status-dictionary/" "size": 2 "statusMessages": [ - {"status":"0x0", "value":"valid", "verify": true}, - {"status":"0x1", "value":"invalid", "verify": false}, - {"status":"0x2", "value":"pending_review", "verify": true}, + {"status":"0x0", "value":"valid"}, + {"status":"0x1", "value":"invalid"}, + {"status":"0x2", "value":"pending_review"}, ... ], "encodedList": "H4sIAAAAAAAAA-3BMQEAAADAAAAAAAAAAAAAAAAAAAAAAAAAAAIC3AYbSVKsAQAAA" From 7b9f63cfe7936f1f80767530c709556341cfcc55 Mon Sep 17 00:00:00 2001 From: Mike Prorock Date: Tue, 20 Jun 2023 18:50:51 -0400 Subject: [PATCH 19/23] editorial Co-authored-by: Ted Thibodeau Jr --- index.html | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/index.html b/index.html index 3c54f1d..2b4f967 100644 --- a/index.html +++ b/index.html @@ -566,11 +566,11 @@

    StatusList2021Credential

    value of verify is false, then a verifier SHOULD NOT verify the verifiable credential. Implementers MAY use the string value of undefined in the value - to indicate that a status corresponding is not defined for the associated - status value, but that it may be definied in the future. + to indicate that a corresponding status is not defined for the associated + status value, but that it may be defined in the future. Rules for how to handle various status messages are outside the scope of - normative reuqirements in this document, but it is assumed that implementers - SHOULD and will document rules for processing various status codes. + normative requirements in this document, but it is assumed that implementers + will document rules for processing various status codes. From 73b02e0c227642604418fe23f7b0321a6e56817d Mon Sep 17 00:00:00 2001 From: Mike Prorock Date: Tue, 20 Jun 2023 18:51:43 -0400 Subject: [PATCH 20/23] remove last mention of verify property (i hope) --- index.html | 3 --- 1 file changed, 3 deletions(-) diff --git a/index.html b/index.html index 2b4f967..fa55d2b 100644 --- a/index.html +++ b/index.html @@ -562,9 +562,6 @@

    StatusList2021Credential

    Implementers MAY add additional values to objects in the statusMessages array. - use the status to reject verification of the verifiable credential. If the - value of verify is false, then a verifier SHOULD - NOT verify the verifiable credential. Implementers MAY use the string value of undefined in the value to indicate that a corresponding status is not defined for the associated status value, but that it may be defined in the future. From 112d203d7ac68894505afdab74f887f39eaab8ae Mon Sep 17 00:00:00 2001 From: Mike Prorock Date: Tue, 20 Jun 2023 18:55:04 -0400 Subject: [PATCH 21/23] remove issue tag calling for example now that it has been added resolves #66 --- index.html | 1 - 1 file changed, 1 deletion(-) diff --git a/index.html b/index.html index fa55d2b..c660e18 100644 --- a/index.html +++ b/index.html @@ -490,7 +490,6 @@

    StatusList2021Credential

    Used to indicate a status message associated with a verifiable credential. The status message descriptions MUST be defined in credentialSubject.statusMessages. credentialSubject.size MUST be defined with this statusPurpose. -

    We need to add an example for multiple status codes

    From d0a58fa62cf17ba209daa85585d5a5c8b65af755 Mon Sep 17 00:00:00 2001 From: Mike Prorock Date: Tue, 20 Jun 2023 18:57:59 -0400 Subject: [PATCH 22/23] correcting two missing commas in example --- index.html | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/index.html b/index.html index c660e18..817c160 100644 --- a/index.html +++ b/index.html @@ -623,8 +623,8 @@

    StatusList2021Credential

    "type": "StatusList2021", "ttl": 500, "statusPurpose": "status", - "reference": "https://example.org/status-dictionary/" - "size": 2 + "reference": "https://example.org/status-dictionary/", + "size": 2, "statusMessages": [ {"status":"0x0", "value":"valid"}, {"status":"0x1", "value":"invalid"}, From 887f87e60bccd0944b12f77b36c7471977f82d79 Mon Sep 17 00:00:00 2001 From: Mike Prorock Date: Thu, 22 Jun 2023 13:09:40 -0400 Subject: [PATCH 23/23] add issue flag Co-authored-by: Manu Sporny --- index.html | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/index.html b/index.html index 817c160..315fe71 100644 --- a/index.html +++ b/index.html @@ -608,7 +608,10 @@

    StatusList2021Credential

    "proof": { ... } } - 
    +                
    
+The Working Group is still discussing the unification of a design between status lists with a single state (such as "revoked" or "suspended") and status lists with multiple states (exposed via a series of status messages). We are seeking implementer feedback on what a unified design should look like from an ease of implementation, privacy, and security standpoint.
+                
    
+                
               {
             "@context": [
               "https://www.w3.org/2018/credentials/v1",