1EdTech Verifiable Credential Refresh Service
Spec Version 1.0
Document Version: | 1.1 |
Date Issued: | April 5, 2024 |
Status: | This document is for review and adoption by the 1EdTech membership. |
This version: | https://www.imsglobal.org/spec/vccr/v1p0/main/ |
Latest version: | https://www.imsglobal.org/spec/vccr/latest/main/ |
Errata: | https://www.imsglobal.org/spec/vccr/v1p0/errata/ |
IPR and Distribution Notice
Recipients of this document are requested to submit, with their comments, notification of any relevant patent claims or other intellectual property rights of which they may be aware that might be infringed by any implementation of the specification set forth in this document, and to provide supporting documentation.
1EdTech takes no position regarding the validity or scope of any intellectual property or other rights that might be claimed to pertain implementation or use of the technology described in this document or the extent to which any license under such rights might or might not be available; neither does it represent that it has made any effort to identify any such rights. Information on 1EdTech's procedures with respect to rights in 1EdTech specifications can be found at the 1EdTech Intellectual Property Rights webpage: http://www.imsglobal.org/ipr/imsipr_policyFinal.pdf .
Use of this specification to develop products or services is governed by the license with 1EdTech found on the 1EdTech website: http://www.imsglobal.org/speclicense.html.
Permission is granted to all parties to use excerpts from this document as needed in producing requests for proposals.
The limited permissions granted above are perpetual and will not be revoked by 1EdTech or its successors or assigns.
THIS SPECIFICATION IS BEING OFFERED WITHOUT ANY WARRANTY WHATSOEVER, AND IN PARTICULAR, ANY WARRANTY OF NONINFRINGEMENT IS EXPRESSLY DISCLAIMED. ANY USE OF THIS SPECIFICATION SHALL BE MADE ENTIRELY AT THE IMPLEMENTER'S OWN RISK, AND NEITHER THE CONSORTIUM, NOR ANY OF ITS MEMBERS OR SUBMITTERS, SHALL HAVE ANY LIABILITY WHATSOEVER TO ANY IMPLEMENTER OR THIRD PARTY FOR ANY DAMAGES OF ANY NATURE WHATSOEVER, DIRECTLY OR INDIRECTLY, ARISING FROM THE USE OF THIS SPECIFICATION.
Public contributions, comments and questions can be posted here: http://www.imsglobal.org/forums/ims-glc-public-forums-and-resources .
© 2024 1EdTech™ Consortium, Inc. All Rights Reserved.
Trademark information: http://www.imsglobal.org/copyright.html
Abstract
A manual method to refresh an expired or modified verifiable credential.
1. Introduction
A manual method to refresh an expired or modified verifiable credential.
This is a Verifiable Credentials Refresh Service extension to Verifiable Credentials Data Model v2.0 and Verifiable Credentials Data Model v1.1. Using this extension, verifiers can manually refresh an expired or modified verifiable credential.
1.1 Conformance Statements
As well as sections marked as non-normative, all authoring guidelines, diagrams, examples, and notes in this specification are non-normative. Everything else in this specification is normative.
The key words MAY, MUST, MUST NOT, OPTIONAL, RECOMMENDED, REQUIRED, SHALL, SHALL NOT, SHOULD, and SHOULD NOT in this document are to be interpreted as described in [RFC2119].
An implementation of this specification that fails to implement a MUST/REQUIRED/SHALL requirement or fails to abide by a MUST NOT/SHALL NOT prohibition is considered nonconformant. SHOULD/SHOULD NOT/RECOMMENDED statements constitute a best practice. Ignoring a best practice does not violate conformance but a decision to disregard such guidance should be carefully considered. MAY/OPTIONAL statements indicate that implementers are entirely free to choose whether or not to implement the option.
2. Terminology
- Issuer
- The organization or entity that has made claims about a subject.
- Verifiable Credential
- A tamper-evident credential whose issuer can be cryptographically verified.
- Verifier
- The entity that receives a verifiable credential and verifies the credential or presentation has not been tampered with.
3. Protocol
If the issuer supports credential refresh, they SHOULD add a refreshService
property to their
issued credentials. The value of the refreshService
property is a list of one or more RefreshService objects.
If the issuer supports this 1EdTech Credential Refresh Service, the id
property of one
RefreshService object MUST be the URL of the issuer's implementation. And the type
property of the
RefreshService object MUST be "1EdTechCredentialRefresh".
To manually refresh a credential, the verifier issues a GET
request to the URL of the
issuer's 1EdTech Credential Refresh Service. The issuer will respond with a refreshed verifiable credential.
All requests MUST be made over secure TLS 1.2 or 1.3 protocol.
{
"id": "http://example.edu/credentials/3732",
"type": ["Credential", "DegreeCredential"],
"issuer": "https://example.edu/issuers/14",
"credentialSubject": { ... }
"refreshService": [{
"id": "https://example.edu/refresh/3732,
"type": "1EdTechCredentialRefresh"
}],
"proof": { ... }
}
Request Format
GET {id}
URL Parameter | Parameter Type | Description | Required |
---|---|---|---|
id |
URI |
This is value of the id property of the RefreshService
object. The HTTP scheme MUST be "https" and the request MUST be made over secure TLS 1.2 or 1.3 protocol.
|
Required |
Request Headers
Request Header | Description | Required |
---|---|---|
Accept: application/json,
application/ld+json,
application/vc+ld+json,
text/plain
|
The request SHOULD accept all 4 content types. | Required |
Line breaks in headers added for clarity |
Request Payload
There is no request payload.
Sample Request
GET refresh/3732 HTTP/1.1
Host: example.edu
Accept: application/json, application/vc+ld+json, application/ld+json, text/plain
Responses
HTTP Status Code | Content-Type Header | Payload Type | Payload Description | Payload Required |
---|---|---|---|---|
200 |
application/json or application/ld+json or application/vc+ld+json
|
VerifiableCredential | The refreshed verifiable credential. If the verifiable credential was not signed with a VC-JWT proof, the payload will be a serialized VerifiableCredential. | Required |
200 | text/plain |
CompactJws | The refreshed verifiable credential. If the verifiable credential was signed with a VC-JWT proof, the payload will be a CompactJws. | Required |
default | application/json |
Imsx_StatusInfo | The request was invalid or cannot be served. The exact error should be explained in the response payload. | Optional |
Sample Response
HTTP/1.1 200 OK
Content-Type: application/json; charset=utf-8
{
"id": "http://example.edu/credentials/3732",
"type": ["Credential", "DegreeCredential"],
"issuer": "https://example.edu/issuers/14",
"credentialSubject": { ... }
"refreshService": [{
"id": "https://example.edu/refresh/3732,
"type": "1EdTechCredentialRefresh"
}],
"proof": { ... }
}
4. Data Model
4.1 RefreshService
The information in RefreshService is used to refresh the verifiable credential.
Property | Type | Description | Multiplicity |
---|---|---|---|
id | URI | The value MUST be the URL of the issuer's refresh service. | [1] |
type | IRI | The name of the refresh service method. | [1] |
This class can be extended with additional properties. |
4.2 VerifiableCredential
A Verifiable Credential as defined in either [VC-DATA-MODEL-2.0] or [VC-DATA-MODEL].
Property | Type | Description | Multiplicity |
---|---|---|---|
@context | URI |
The value of the @context property MUST be an ordered set where the first item is a URI with the value 'https://www.w3.org/ns/credentials/v2' , as defined by [VC-DATA-MODEL-2.0], or 'https://www.w3.org/2018/credentials/v1' , as defined by [VC-DATA-MODEL].
|
[1..*] |
id | URI | Unambiguous reference to the credential. | [0..1] |
type | IRI | The value of the type property MUST be an unordered set. One of the items MUST be the URI 'VerifiableCredential'. | [1..*] |
issuer | Issuer | A description of the individual, entity, or organization that issued the credential. | [1] |
credentialSubject | CredentialSubject | The subject of the credential. | [1] |
refreshService | RefreshService | One or more RefreshServices that provide enough information to the recipient's software such that the recipient can refresh the verifiable credential. | [0..*] |
This class can be extended with additional properties. |
4.3 CredentialSubject
Information about the subject of the verifiable credential.
Property | Type | Description | Multiplicity |
---|---|---|---|
id | URI |
The id of the subject.
|
[1] |
This class can be extended with additional properties. |
4.4 Issuer
Information about the verifiable credential issuer.
Property | Type | Description | Multiplicity |
---|---|---|---|
id | URI |
The id of the issuer.
|
[1] |
This class can be extended with additional properties. |
4.5 Imsx_StatusInfo
This is the container for the status code and associated information returned within the HTTP messages received from the Service Provider.
Property | Type | Description | Multiplicity |
---|---|---|---|
imsx_codeMajor | Imsx_CodeMajor Enumeration | The code major value (from the corresponding enumerated vocabulary). | [1] |
imsx_severity | Imsx_Severity Enumeration | The severity value (from the corresponding enumerated vocabulary). | [1] |
imsx_description | String | A human readable description supplied by the entity creating the status code information. | [0..1] |
imsx_codeMinor | Imsx_CodeMinor | The set of reported code minor status codes. | [0..1] |
4.6 Imsx_CodeMajor Enumeration
This is the set of primary status report values i.e. the major code assigned to the status block. This is used in conjunction with the 'Severity' structure in the status object.
Term | Description |
---|---|
failure | Denotes that the transaction request has failed. The detailed reason will be reported in the accompanying 'codeMinor' fields. |
processing | Denotes that the request is being processed at the destination or there has been a local transmission failure. This value is used in asynchronous services. |
success | Denotes that the request has been successfully completed. If the associated 'severity' value is 'warning' then the request has been partially successful i.e. best effort by the service provider. Other parts of the status information may provide more insight into a partial success response. |
unsupported | Denotes that the service provider does not support the requested operation. This is the required default response for an unsupported operation by an implementation. |
4.7 Imsx_Severity Enumeration
This is the context for the status report values. This is used in conjunction with the 'CodeMajor' structure in the status object.
Term | Description |
---|---|
error | A catastrophic error has occurred in processing the request and so the request was not completed (the Service Provider may not even have received the request). |
status | The request has been completed and a response was received from the Service Provider. |
warning | The request has only been partially completed. For an asynchronous service a further response should be expected. |
4.8 Imsx_CodeMinor
This is the container for the set of code minor status codes reported in the responses from the Service Provider.
Property | Type | Description | Multiplicity |
---|---|---|---|
imsx_codeMinorField | Imsx_CodeMinorField | Each reported code minor status code. | [1..*] |
4.9 Imsx_CodeMinorField
This is the container for a single code minor status code.
Property | Type | Description | Multiplicity |
---|---|---|---|
imsx_codeMinorFieldName | NormalizedString | This should contain the identity of the system that has produced the code minor status code report. | [1] |
imsx_codeMinorFieldValue | Imsx_CodeMinorFieldValue Enumeration | The code minor status code (this is a value from the corresponding enumerated vocabulary). | [1] |
4.10 Imsx_CodeMinorFieldValue Enumeration
This is the set of codeMinor status codes that are used to provide further insight into the completion status of the end-to-end transaction i.e. this should be used to provide more information than would be supplied by an HTTP code.
Term | Description |
---|---|
forbidden | This is used to indicate that the server can be reached and process the request but refuses to take any further action. This would be accompanied by the 'codeMajor/severity' values of 'failure/error' and for a REST binding a HTTP code of '403'. |
fullsuccess | The request has been fully and successfully implemented by the service provider. For a REST binding this will have an HTTP code of '200' for a successful search request. |
internal_server_error | This should be used only if there is catastrophic error and there is not a more appropriate code. This would be accompanied by the 'codeMajor/severity' values of 'failure/error' and for a REST binding a HTTP code of '500'. |
invalid_data | This error condition may occur if a JSON request/response body contains well-formed (i.e. syntactically correct), but semantically erroneous, JSON instructions. This would be accompanied by the 'codeMajor/severity' values of 'failure/error' and a HTTP code of '422'. |
invalid_query_parameter | An invalid data query parameter field was supplied and the query could not be processed. This would be accompanied by the 'codeMajor/severity' values of 'failure/error' and for a REST binding a HTTP code of '400'. |
misdirected_request | This is used to indicate that the request was made with a protocol that is not supported by the server. This would be accompanied by the 'codeMajor/severity' values of 'failure/error' and for a REST binding a HTTP code of '421'. |
not_acceptable | This is used to indicate that the server cannot provide a response with a Content-Type that matches any of the content types in the request Accept header. This would be accompanied by the 'codeMajor/severity' values of 'failure/error' and for a REST binding a HTTP code of '406'. |
not_allowed | This is used to indicate that the server does not allow the HTTP method. This would be accompanied by the 'codeMajor/severity' values of 'failure/error' and for a REST binding a HTTP code of '405'. |
not_modified | This is used to indicate that the server did not modify the resource. This would be accompanied by the 'codeMajor/severity' values of 'success/status' and for a REST binding a HTTP code of '304'. |
server_busy | The server is receiving too many requests. Retry at a later time. This would be accompanied by the 'codeMajor/severity' values of 'failure/error' and for a REST binding a HTTP code of '429'. |
unauthorizedrequest | The request was not correctly authorised. This would be accompanied by the 'codeMajor/severity' values of 'failure/error' and for a REST binding a HTTP code of '401'. |
unknown | Any other error occurred. This would be accompanied by the 'codeMajor/severity' values of 'failure/error' and for a REST binding a HTTP code corresponding to the error. |
5. Derived Types
Type | Description |
---|---|
CompactJws |
A String in Compact JWS format [RFC7515].
|
IRI |
A NormalizedString that represents an Internationalized Resource Identifier (IRI), which extends the ASCII characters subset of the Uniform Resource Identifier (URI).
|
Term |
A term in an enumeration. The lexical constraints are the same as for Token .
|
URI |
A NormalizedString that respresents a Uniform Resource Identifier (URI).
|
6. Primitive Types
Type | Description |
---|---|
DateTime | An [ISO8601] time using the syntax YYYY-MM-DDThh:mm:ss. |
Namespace | A namespace data type for defining data from a context other than that as the default for the data model. This is used for importing other data models. |
NormalizedString |
A String conforming to the normalizedString definition in [XMLSCHEMA-2].
|
String | Character strings. |
A. Revision History
Status | Doc Version | Release Date | Comments |
---|---|---|---|
Candidate Final Public | 1.0 | June 8, 2022 | |
Candidate Final Public | 1.1 | April 5, 2024 | Updated to Verifiable Credentials Data Model v2.0 |
B. References
B.1 Normative references
- [ISO8601]
- Representation of dates and times. ISO 8601:2004.. International Organization for Standardization (ISO). 2004. ISO 8601:2004. URL: http://www.iso.org/iso/catalogue_detail?csnumber=40874
- [RFC2119]
- Key words for use in RFCs to Indicate Requirement Levels. S. Bradner. IETF. March 1997. Best Current Practice. URL: https://www.rfc-editor.org/rfc/rfc2119
- [RFC7515]
- JSON Web Signature (JWS). M. Jones; J. Bradley; N. Sakimura. IETF. May 2015. Proposed Standard. URL: https://www.rfc-editor.org/rfc/rfc7515
- [VC-DATA-MODEL]
- Verifiable Credentials Data Model v1.1. Manu Sporny; Grant Noble; Dave Longley; Daniel Burnett; Brent Zundel; Kyle Den Hartog. W3C. 3 March 2022. W3C Recommendation. URL: https://www.w3.org/TR/vc-data-model/
- [VC-DATA-MODEL-2.0]
- Verifiable Credentials Data Model v2.0. Manu Sporny; Ted Thibodeau Jr; Ivan Herman; Michael Jones; Gabe Cohen. W3C. 2 April 2024. W3C Candidate Recommendation. URL: https://www.w3.org/TR/vc-data-model-2.0/
- [XMLSCHEMA-2]
- XML Schema Part 2: Datatypes Second Edition. Paul V. Biron; Ashok Malhotra. W3C. 28 October 2004. W3C Recommendation. URL: https://www.w3.org/TR/xmlschema-2/
C. List of Contributors
The following individuals contributed to the development of this document:
Name | Organization | Role |
---|---|---|
Andy Miller | 1EdTech | Author |
Xavi Aracil | 1EdTech | Editor |