Skip to main content

Verifiable Credential Revocation

The example below demonstrates how an issuer can revoke a verifiable credential using the IOTA Identity Framework by removing its verification method. But another aspect of it, is how an issuer can easily allow verifiers to check if the credential has been revoked. In order to allow this, an issuer can link to a location where a verifier can check the credential status. This can be specified in the credential status property.

Revocation List 2020

One of the ways for an issuer to control the status of its credentials is by using a revocation list. At the most basic level, revocation information for all verifiable credentials issued by an issuer are expressed as simple binary values. The issuer keeps a bitstring list of all verifiable credentials it has issued. Each verifiable credential is associated with a position in the list. If the binary value of the position in the list is 1 (one), the verifiable credential is revoked, if it is 0 (zero) it is not revoked. When using revocation list 2020 the credential status of the credential must be defined as follows:

  • ID: a URL that identifies the status information associated with the verifiable credential.
  • Types: The type property must be RevocationList2020Status.
  • Revocation List Index: an arbitrary size integer greater than or equal to 0, expressed as a string. The value identifies the bit position of the revocation status of the verifiable credential.
  • Revocation List Credential: a URL to a verifiable credential. When the URL is dereferenced, the resulting verifiable credential must have type property that includes the RevocationList2020Credential value.

When a revocation list is published, the result is a verifiable credential that encapsulates the revocation list. This revocation list credential must have the following properties:

  • ID: an id property that matches the value specified in revocationListCredential for the corresponding RevocationList2020Status.
  • Types: must contain RevocationList2020Credential.
  • Credential Subject Type: the type of the credential subject must be RevocationList2020.
  • Credential Subject Encoded List: The encodedList property of the credential subject must be the ZLIB-compressed RFC1950, base-64 encoded RFC4648 bitstring values for the associated range of verifiable credential status values. The uncompressed bitstring must be at least 16KB in size.
note

Revocation List 2020 is not yet supported in the IOTA Identity Framework

Example

The following code exemplifies how you can revoke a Verifiable Credential(VC) by removing a verification method (public key) from the DID Document of the Issuer. This means the VC can no longer be validated. This would invalidate every VC signed with the same public key, meaning the Issuer would have to sign every VC with a different key.