Not Before Verification Policy Reference
This reference documents the notBefore verification policy for the verifier service. The notBefore policy checks if a credential is being used before its effective date.
Policy Overview
The notBefore verification policy validates the temporal validity of credentials and presentations by ensuring they are not used before their effective date. This temporal check helps enforce time-bound credentials that should only be valid from a specific point in time.
Supported Standards
The notBefore verification policy supports effective date validation across multiple standards:
| Standard | Organization | Specification | Effective Date Property | Validation Aspect |
|---|---|---|---|---|
| JSON Web Token (JWT) | IETF | RFC 7519 §4.1.5 | nbf (not before) | Checks current time against the JWT not before time claim |
| ISO 18013-5 mDL | ISO | ISO 18013-5:2021 §8.2.2.2 | issue_date | Verifies mobile driving license is not used before its issue date |
| Verifiable Credentials Data Model v1.1 | W3C | VC Data Model §4.6 | issuanceDate | Validates credential is not used before its issuance date |
| Verifiable Credentials Data Model v2.0 | W3C | VC Data Model §4.9 | validFrom | Ensures current time is not before the specified validFrom date |
How It Works
The notBefore policy validates one or more date fields in the credential to ensure that the current time is not before the effective date:
Temporal Properties
The notBefore policy can verify different temporal properties depending on the credential format:
| Credential Type | Temporal Property | Description | Specification Reference |
|---|---|---|---|
| W3C Verifiable Credential (v1.1) | issuanceDate | The date when the credential was issued | W3C VC Data Model §4.6 |
| W3C Verifiable Credential (v2.0) | validFrom | Explicit date from which the credential is valid | W3C VC Data Model §4.9 |
| JWT Credential | nbf (not before) | Date before which the JWT is not valid | IETF RFC 7519 §4.1.5 |
| ISO 18013-5 mDL | issue_date | Date from which the mobile driving license is valid | ISO 18013-5:2021 §8.2.2.2 |
Time Tolerance
The notBefore policy supports a configurable time tolerance to account for:
- Clock skew between issuer, holder, and verifier systems
- Network delays in credential transmission and verification
- Time zone discrepancies
The tolerance is specified in milliseconds and creates a buffer period before the effective date where the credential is still considered valid.
Configuration
The notBefore verification policy offers various configuration options that control its behavior, including:
- Enabling or disabling temporal validation
- Setting time tolerance values
- Configuring behavior for missing date fields
- Setting different validation rules for credentials and presentations
For detailed configuration options, parameters, and default values, see the Verifier Configuration Reference.