CAWG identity assertions may be inspected at an unknown time, possibly far exceeding the validity of the digital credential that was used to sign the assertion.
When using X.509 certificates, we embed the full certificate chain and a time stamp to make it possible for a verifier to make an accurate determination as to the validity of the credential and credential subject at time of signature. This meets a long-lasting usability criteria that I call "archival quality" for verifiable identifiers.
Many other credentials (especially DID methods that require network traffic to discover public key material) may not meet that criteria.
I'd like the CAWG trust task force to think through the implications of potentially-ephemeral credential material and provide guidance about how named actors should choose credentials in order to provide maximum lifetime for their signatures.
CAWG identity assertions may be inspected at an unknown time, possibly far exceeding the validity of the digital credential that was used to sign the assertion.
When using X.509 certificates, we embed the full certificate chain and a time stamp to make it possible for a verifier to make an accurate determination as to the validity of the credential and credential subject at time of signature. This meets a long-lasting usability criteria that I call "archival quality" for verifiable identifiers.
Many other credentials (especially DID methods that require network traffic to discover public key material) may not meet that criteria.
I'd like the CAWG trust task force to think through the implications of potentially-ephemeral credential material and provide guidance about how named actors should choose credentials in order to provide maximum lifetime for their signatures.