Context and Use Case
I am currently working on a Master’s thesis that models an enterprise credential lifecycle scenario using verifiable credentials.
The scenario reflects common access-governance requirements in enterprise collaboration environments.
In this scenario, a business-facing application manages access to project-related documents for internal staff and external partners.
Access control is done via verifiable credentials, which are used for fine-grained authorization decisions.
A central business process is partner onboarding and offboarding:
- External partners are granted temporary access to selected project documents
- Access rights are represented by issuing a verifiable credential
- Collaborations are time-bounded by contract or project duration
- Once a collaboration ends, access must reliably expire or, in the case of premature termination, the credential must be revoked
Problem Description
While credential revocation is already supported and suitable for early termination scenarios, the use case also requires to set the expiration date on a per-credential basis:
- Each issued credential should support an explicit expiration date
- The expiration should be configurable per credential, not enforced via a global or schema-wide policy
- Current behavior hardcodes an expiration of +2 years from issuance
In the use case, revocation is an active administrative decision, whereas expiration is a planned, contractually defined lifecycle boundary.
Currently, One Core hardcodes the expiration date (lib/one-core/src/provider/credential_formatter/mapper.rs, credential_data_from_credential_detail_response, let valid_until = valid_from + time::Duration::days(365 * 2);).
Desired Capability
From an enterprise credential lifecycle perspective, it would be nice to:
- Specify a valid-until / expiration timestamp when creating a credential
- Persist this expiration as part of the credential state
Question
Is supporting per-credential expiration dates a use case that aligns with One Core's intended credential lifecycle model?
Feel free to let me know as I have already successfully implemented it.
Context and Use Case
I am currently working on a Master’s thesis that models an enterprise credential lifecycle scenario using verifiable credentials.
The scenario reflects common access-governance requirements in enterprise collaboration environments.
In this scenario, a business-facing application manages access to project-related documents for internal staff and external partners.
Access control is done via verifiable credentials, which are used for fine-grained authorization decisions.
A central business process is partner onboarding and offboarding:
Problem Description
While credential revocation is already supported and suitable for early termination scenarios, the use case also requires to set the expiration date on a per-credential basis:
In the use case, revocation is an active administrative decision, whereas expiration is a planned, contractually defined lifecycle boundary.
Currently, One Core hardcodes the expiration date (
lib/one-core/src/provider/credential_formatter/mapper.rs,credential_data_from_credential_detail_response,let valid_until = valid_from + time::Duration::days(365 * 2);).Desired Capability
From an enterprise credential lifecycle perspective, it would be nice to:
Question
Is supporting per-credential expiration dates a use case that aligns with One Core's intended credential lifecycle model?
Feel free to let me know as I have already successfully implemented it.