Merge pull request #77 from 0xPolygonID/allowed-issuers-warning

Added warning

mkdocs/docs/verifier/verification-library/request-api-guide.md

@@ -101,6 +101,10 @@ Generate a request to prove that the user owns a credential that satisfies certa
 
 In this case, the user has to provide a proof that he/she owns a credential issued by the `allowedIssuer` of schema `type` **KYCAgeCredential** described in the URL provided in `context`. **This is the JSON-LD context of the credential**.
 By setting the `allowedIssuer` to `*`, the user can provide a proof of that credential issued by any issuer. Alternatively, if the verifier adds the DID of a specific issuer inside the `allowedIssuer` array, the user must provide a proof of a credential issued by that specific issuer.
+
+!!!warning "Allowed Issuers"
+    As stated above, when we use `*` in the "allowed issuers" segment (`allowedIssuers: ['*']`), we mean that we accept any entity that might have provided the credential. Even though this seems to be convenient for testing purposes, it may also be considered risky. Applying due diligence by **actually choosing trusted specific issuers** should be the best approach. Only in rare cases, a verifier would accept any issuer, so we advise not to use `*`.  
+
 This credential contains details in its `credentialSubject` of the birthday of the receiver. In this scenario, the user has to prove that the value contained in the attribute `birthday` is less than `lt` 20000101, namely that the user was born before 01/01/2000.
 
 An additional optional field that can be included in the query is `skipClaimRevocationCheck`. By setting it to `true`, the user doesn't need to provide the proof of the revocation of the credential, which would otherwise be provided by default. 

mkdocs/docs/verifier/verification-library/verifier-set-up.md

@@ -211,7 +211,11 @@ In this example, the verifier will set up the query: "Prove that you were born b
         }
 		```  
 
-	> Note: The highlighted lines are to be added only if the authentication needs to design a [query](./zk-query-language.md) for a specific proof as in the case of [Query-based Auth](./request-api-guide.md#query-based-auth). When not included, it will perform a [Basic Auth](./request-api-guide.md#basic-auth). 
+	!!!warning "Allowed Issuers"
+    	When we use `*` in the "allowed issuers" segment (`allowedIssuers: ['*']`), we mean that we accept any entity that might have provided the credential. Even though this seems to be convenient for testing purposes, it may also be considered risky. Applying due diligence by **actually choosing trusted specific issuers** should be the best approach. Only in rare cases, a verifier would accept any issuer, so we advise not to use `*`.   
+
+	!!!note
+		The highlighted lines are to be added only if the authentication needs to design a [query](./zk-query-language.md) for a specific proof as in the case of [Query-based Auth](./request-api-guide.md#query-based-auth). When not included, it will perform a [Basic Auth](./request-api-guide.md#basic-auth). 
 
 4. **Callback Endpoint**
 

mkdocs/docs/verifier/verification-library/zk-query-language.md

@@ -529,7 +529,7 @@ When presented with this query, the user must prove that he/she is not resident
 
 ### Selective Disclosure
 
-Selective Disclosure is a feature provided for the Verifier, which makes it capable of requiring some specific data from the ID Holder. Using a similar approach to the ZK language operations, the Verifier sends a verification request for a piece of the Holder's identity. As seen below, the way to make this request is by sending an empty object as a value.
+Selective Disclosure is a feature provided for the Verifier, which makes it capable of requiring some specific data from the ID Holder. Using a similar approach to the ZK language equal operation, the Verifier sends a verification request for a piece of the Holder's identity. As seen below, the way to make this request is by sending an empty object as a value.
 
 **Query**
 
@@ -549,6 +549,5 @@ const proofRequest: protocol.ZKPRequest = {
     },
 };
 ```
-
-!!! info
-    In fact, from the circuit point of view, this operation is similar to the ZK Query language equal operation.  
+!!!warning "Allowed Issuers"
+    When we use `*` in the "allowed issuers" segment (`allowedIssuers: ['*']`), we mean that we accept any entity that might have provided the credential. Even though this seems to be convenient for testing purposes, it may also be considered risky. Applying due diligence by **actually choosing trusted specific issuers** should be the best approach. Only in rare cases, a verifier would accept any issuer, so we advise not to use `*`.