This is mostly straightforward - the credential is considered 'expired' once the given date has passed.
+The date is set directly in the Verifiable Credential.
+For version 1 Verifiable Credentials, the date is set like so:
+"expirationDate": "2025-01-09T16:23:24Z"+
For version 2 Verifiable Credentials, the date is set like so:
+"validUntil": "2025-01-09T16:23:24Z"+ +
One nuance, though, is that sometimes a credential is still useful even though it has expired. An expired driver's licence, for + example, can still be used to prove our age. Or to prove that we were in fact authorized to drive during a given period, + which might be useful when applying for a job that requires some number of years of driving experience. +
+ +} \ No newline at end of file diff --git a/src/IssuerHelp.js b/src/IssuerHelp.js index 35f7dbe..7c64697 100644 --- a/src/IssuerHelp.js +++ b/src/IssuerHelp.js @@ -1,9 +1,6 @@ export const IssuerHelp = () => { return <> -The issuer is the person or institution that issued the Verifiable Credential. - This might be, for example, a university that has granted a degree to a student - and subsequently then issued a Verifiable Credential attesting that the student did earn the degree.
-The issuer usually also signs the credential, but in some cases a third party might sign on the issuer's behalf.
+The issuer is the person or institution that issued the Verifiable Credential, for example, a university that gives students Verifiable Credentials confirming their graduation.
Fundmentally important is that to trust anything signed by an issuer, the DID (Decentralized Identififer) used to sign the credential must be known to us in some way. That might be because diff --git a/src/RegistryHelp.js b/src/RegistryHelp.js new file mode 100644 index 0000000..f4de006 --- /dev/null +++ b/src/RegistryHelp.js @@ -0,0 +1,21 @@ +export const RegistryHelp = () => { + return <> +
To know who issued a Verifiable Credential we must + know who controls the cryptographic key pair (a public key and a private key) used to sign the credential, which typically means + we must be told from a trustworthy source that the public key does in fact belong + to the claimed issuer. We can be told directly by the issuer themselves, which can be as a simple as saying, "Hey there, my DID is did:key:z6MkjoriXdbyWD25YXTed114F8hdJrLXQ567xxPHAUKxpKkS" or they might post it on their known + web site (e.g. mit.edu) so we can check it as needed, or they might add it to a registry so that it can be looked up along with the + keys of other issuers. +
+It is fundamentally necessary that we are told in some trustworthy way that a public key does belong to the issuer. Without that knowledge, + fake key pairs could be used to sign fake credentials and we just wouldn't know. +
+In this app, when verifying a credential, we look up public keys in a registry controlled by the Digital Credentials Consortium. + We don't, however, make any guarantees about the trustworthiness or legitimacy of the credentials - only that they + were signed by a key that has been registered in one of our registries. We make no guarantees because this is + strictly for demonstration purposes. A 'real' verifier would use a registry whose entries have been vetted and approved. +
+A registry of keys controlled by the association of university registrars for a given coountry, for example, + could be used to verify digital degrees from accredited universities
+ +} \ No newline at end of file diff --git a/src/VCHelp.js b/src/VCHelp.js new file mode 100644 index 0000000..dfea944 --- /dev/null +++ b/src/VCHelp.js @@ -0,0 +1,5 @@ +export const VCHelp = () => { + return <> +A Verifiable Credential is a cryptographically signed digital credential.
+ +} \ No newline at end of file