generated from Open-Credentialing-Initiative/spec-template
-
Notifications
You must be signed in to change notification settings - Fork 2
New issue
Have a question about this project? # for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “#”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? # to your account
NFR004 - key mgt #30
Labels
documentation
Improvements or additions to documentation
Steering - Review
Proposal and Completed work must be reviewed by Steering.
Comments
Affected Parties (help determine Sunrise/Sunset):
|
rceleste125
added
the
Steering - Review
Proposal and Completed work must be reviewed by Steering.
label
Jul 17, 2023
Mtg July 27:
|
consider adding that key rotation is only required for PROD accounts/usage |
14.9. P&A: edits to make text work for both DID methods |
# for free
to join this conversation on GitHub.
Already have an account?
# to comment
Labels
documentation
Improvements or additions to documentation
Steering - Review
Proposal and Completed work must be reviewed by Steering.
Steering summary:
Unclear wording around wallet security aspects. Suggest to reword to avoid ambiguity.
It is not entirely clear whether this NFR is to deals only with keys in relation to the DID document or also provider app-specific security.
It says under Conformance Criteria
The last bullet reads as if it was meant to address sth like API keys for a provider app. The rest seems to apply to DID docs.
OCI should consider splitting both scopes into 2 NFR or making it clearer within this 004 what is meant.
The text was updated successfully, but these errors were encountered: