[Status Attestation HTTP Response] - Status Code

Question

[Status Attestation HTTP Response] - Status Code

Opened this issue 3 months ago · 3 comments

In the actual description of the Status Attestation HTTP Response Status Codes, we have the description of the status "404 Not Found" set as "The Digital Credential can not be found by the Issuer." here

I would suggest to improve the description, including in this return code the cases of "credential_revoked" and "credential_updated" thus changing the description as follows:
"The Digital Credential can not be found by the Issuer, or the Status Attestation cannot be issued because the credential has been revoked or updated."

Answer 1 · 2024-07-04T08:11:50.000Z

we already had this conversation: providing additional information may give the possibility to do information gathering

Answer 2 · 2024-07-04T11:47:09.000Z

Thus the wallet will not be able to return to the user any information on why the status attestation cannot be issued.
As the entire flow is protected by HTTPS, tracking these details would be difficult: unlocking/breaking HTTPS in this case would be costly in relation to the outcome (disclosing these information) and I believe that these additional details are protected enough from any data interception.

Answer 3 · 2024-09-12T10:22:24.000Z

This issue has been resolved in PR #342.