diff --git a/index.html b/index.html index 6f4f541..46aba4c 100644 --- a/index.html +++ b/index.html @@ -464,6 +464,7 @@

Storage Services

(Verifier) • Storage Service (Holder)

+

Workflow Service

@@ -1176,48 +1177,40 @@

Exchange Examples

Error Handling

- Error handling and messaging in the VC-API follows [RFC 9457](https://www.rfc-editor.org/rfc/rfc9457.html). - Implementers SHOULD include a [status](https://www.rfc-editor.org/rfc/rfc9457.html#name-status) - and a [title](https://www.rfc-editor.org/rfc/rfc9457.html#name-title) - in the error response body relating to the specifics of the endpoint on which the error occurs. + Error handling and messaging in the VC-API aligns with Problem Details for HTTP APIs [[RFC9457]]. + Implementers SHOULD include a status and a title in the error response body + relating to the specifics of the endpoint on which the error occurs.

Aligning on error handling and messaging will greatly improve test-suites accuracy when identifying technical friction impacting interoperability.

- Leveraging other fields such as [detail](https://www.rfc-editor.org/rfc/rfc9457.html#name-detail), - [instance](https://www.rfc-editor.org/rfc/rfc9457.html#name-instance), - and [type](https://www.rfc-editor.org/rfc/rfc9457.html#name-type) - is encouraged, to provide more contextual feedback about the error, - while being conscious of security concerns and hence not disclosing - sensitive information. + Leveraging other fields such as detail, instance and type is encouraged, + to provide more contextual feedback about the error, + while being conscious of security concerns and hence not disclosing sensitive information.

Implementers should handle all server errors to the best of their capabilities. Endpoints should avoid returning improperly handled 500 errors in production - environments, as these may lead to [information disclosure](https://owasp.org/www-community/Improper_Error_Handling). + environments, as these may lead to information disclosure.

-

Relationship between verification and error handling

+

Relationship between verification, validation and error handling

- An implementer should avoid raising errors while performing - [verification](https://w3c.github.io/vc-data-model/#verification), - and instead should gather - [ProblemDetails](https://w3c.github.io/vc-data-model/#problem-details) - objects to include in the verification results. + It is recommended to avoid raising errors while performing verification, + and instead gather ProblemDetails objects to include in the verification results.

Types of ProblemDetails

- At the time of writting, ProblemDetails types refer to the [vc data model specification](https://w3c.github.io/vc-data-model/#problem-details) - It would be good to include additional types as time goes on. -
Example ProblemDetails
- + An implementer can refer to the [[VC-DATA-MODEL-2.0]] and the [[VC-BITSTRING-STATUS-LIST]] for currently defined ProblemDetails types. + 
           {
             "type": "https://www.w3.org/TR/vc-data-model#CRYPTOGRAPHIC_SECURITY_ERROR",
             "status": 400,
             "title": "CRYPTOGRAPHIC_SECURITY_ERROR",
             "detail": "The cryptographic security mechanism couldn't be verified. This is likely due to a malformed proof or an invalid verificationMethod."
           }
-          
+

Verification Response

Errors and Warnings
Errors are ProblemDetails relating to cryptography, data model and malformed context. @@ -1226,8 +1219,8 @@
Errors and Warnings
The VerificationResponse object MUST have the verified value set to false if an error is included. The VerificationResponse object MUST have the verified value set to true if no errors are included. -
Verification Response Example
- + 
           {
             "verified": false,
             "document": verifiableCredential,
@@ -1237,7 +1230,7 @@ 
Verification Response Example

             "warnings": [ProblemDetails],
             "errors": [ProblemDetails]
           }
-        
+