I am able to pass any property into default KeyStoreCredentialStore implementation of credential store. I understand implementation-properties is general data holder for any implementation, so validation can't be made on subsystem level. But each delivered implementation knows which parameters are allowed for itself and thus should check it.

Additional validation can prevent user from typo error. Also can help user to understand what is allowed for current implementation, as allowed properties can't be describe in model, because resource is for general usage.

"implementation-properties" => {
    "type" => OBJECT,
    "description" => "Map of credentials store implementation specific properties.",
    "attribute-group" => "implementation",
    "expressions-allowed" => true,
    "required" => false,
    "nillable" => true,
    "value-type" => STRING,
    "access-type" => "read-write",
    "storage" => "configuration",
    "restart-required" => "resource-services"
}