Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add guidance on how to secure status lists. #118

Merged
merged 1 commit into from
Jan 13, 2024
Merged

Add guidance on how to secure status lists. #118

merged 1 commit into from
Jan 13, 2024

Conversation

msporny
Copy link
Member

@msporny msporny commented Dec 29, 2023
edited by pr-preview bot
Loading

This PR is an attempt to address issue #52 by adding guidance on how to secure the status list.

Preview | Diff

@msporny msporny mentioned this pull request Dec 29, 2023
Closed
David-Chadwick
David-Chadwick approved these changes Dec 31, 2023
View reviewed changes
Copy link
Contributor

@David-Chadwick David-Chadwick left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

It seems reasonable to require the same security mechanism for the status list as for the verifiable credential. But it is not mandated if there is a requirement to not do so.

@TallTed
Copy link
Member

TallTed commented Jan 2, 2024

[@David-Chadwick] It seems reasonable to require the same security mechanism for the status list as for the verifiable credential. But it is not mandated if there is a requirement to not do so.

I cannot figure out what your second sentence is trying to say.

@iherman
Copy link
Member

iherman commented Jan 10, 2024

The issue was discussed in a meeting on 2024-01-10

  • no resolutions were taken
View the transcript

3.4. Add guidance on how to secure status lists. (pr vc-bitstring-status-list#118)

See github pull request vc-bitstring-status-list#118.

Manu Sporny: we should not mix and match the security mechanisms on the status list and the vcs that it contains.
… they should all use the same mechanism e.g. JWT or data integrity.

@msporny
Copy link
Member Author

msporny commented Jan 13, 2024

Normative, multiple reviews, no changes requested, no objections, merging.

@msporny msporny merged commit 9a44436 into main Jan 13, 2024
1 of 2 checks passed
@msporny msporny deleted the msporny-securing branch January 13, 2024 20:33
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@KDean-GS1 KDean-GS1 KDean-GS1 approved these changes

@brianorwhatever brianorwhatever brianorwhatever approved these changes

@David-Chadwick David-Chadwick David-Chadwick approved these changes

@iherman iherman iherman approved these changes

@dlongley dlongley dlongley approved these changes

@jandrieu jandrieu Awaiting requested review from jandrieu

@longpd longpd Awaiting requested review from longpd

@dmitrizagidulin dmitrizagidulin Awaiting requested review from dmitrizagidulin

@andresuribe87 andresuribe87 Awaiting requested review from andresuribe87

@TallTed TallTed Awaiting requested review from TallTed

@decentralgabe decentralgabe Awaiting requested review from decentralgabe

@OR13 OR13 Awaiting requested review from OR13

@brentzundel brentzundel Awaiting requested review from brentzundel

@mkhraisha mkhraisha Awaiting requested review from mkhraisha mkhraisha is a code owner

@Sakurann Sakurann Awaiting requested review from Sakurann

@mprorock mprorock Awaiting requested review from mprorock mprorock is a code owner

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
7 participants
@msporny @TallTed @iherman @dlongley @David-Chadwick @brianorwhatever @KDean-GS1