What is a Test Credential?
What Is A Test Credential?
Session: 13C
Convener: Gabe Cohen (Workday)
Notes-taker(s): Nikhil Wadwa
Tags for the session - technology discussed/ideas considered:
Discussion notes, key understandings, outstanding questions, observations, and, if appropriate to this discussion: action items, next steps:
At WD we have been trying to standardise test credentials tied to our VC specs
We use only as much JSON-LDs as much as the specification requires
An issuer might want to issue credentials with different levels of Trust
Option 1: Type
Option 2: Status: downside is that it relies on another WebService, have to do another lookup
Option 3: Schema: Another idea is to register a separate schema
Option 4: Change the specification itself - anyone can implement it easily - has to proposed to W3C working group
Another point is that it is up to the verifier whether they trust it or not
What is a Test Credential?
At Workday, our customers are asking for test credentials, or provisional credentials, or any other type of status
We would like to come up with a standard mechanism for creating non-production credentials
It’s important to root the trust in the issuer’s signature, but even within that we might want to have different levels of trust.
The most straight forward mechanism might be to use LD with a TestCredential type. This would be an immediate way for someone consuming the credential to see that it is a different type.
A second option would be to modify the credential status property, which is used for revocation checking, but this could also allow for other types. We don’t want to require another call to get the status type.
The Credential Schema property. We’ve appended a status matrix variable to the schema ID to indicate the credential type. This also allows us to not create multiple schema types.
Fourth approach would be a classification field in the Verifiable Credentials specification. This would make this widely known and not a custom extension. This would need to go through the W3C for approval.
Keith - Maybe we’ll need to do some integration. The customer needs to issue test credentials in order to verify that everything is working, but we don’t want those credentials to be accepted in the broader ecosystem.
It’s up to the verifier whether they accept it or not.
Rory - JSON-LD extensions don’t need approval by a centralized governing board, but there’s a concern that external verifiers, like the Universal Verifier, would just ignore any “test” extension property. That’s why we added it into the schema URI, since that’s the semantic backing of the credential.